diff --git a/frappe/email/doctype/email_account/email_account.js b/frappe/email/doctype/email_account/email_account.js
index 31da072692..f139c23ce6 100644
--- a/frappe/email/doctype/email_account/email_account.js
+++ b/frappe/email/doctype/email_account/email_account.js
@@ -74,6 +74,7 @@ function oauth_access(frm) {
 			method: "initiate_web_application_flow",
 			args: {
 				success_uri: window.location.pathname,
+				user: frm.doc.connected_user,
 			},
 			callback: function (r) {
 				window.open(r.message, "_self");
@@ -147,6 +148,7 @@ frappe.ui.form.on("Email Account", {
 			frm.refresh_field("imap_folder");
 		}
 		set_default_max_attachment_size(frm);
+		frm.events.show_oauth_authorization_message(frm);
 	},
 
 	refresh: function (frm) {
@@ -180,6 +182,27 @@ frappe.ui.form.on("Email Account", {
 		oauth_access(frm);
 	},
 
+	show_oauth_authorization_message(frm) {
+		if (frm.doc.auth_method === "OAuth") {
+			frappe.call({
+				method: "frappe.integrations.doctype.connected_app.connected_app.check_active_token",
+				args: {
+					connected_app: frm.doc.connected_app,
+					connected_user: frm.doc.connected_user,
+				},
+				callback: (r) => {
+					if (!r.message) {
+						let msg = __(
+							'OAuth has been enabled but not authorised. Please use "Authorise API Access" button to do the same.'
+						);
+						frm.dashboard.clear_headline();
+						frm.dashboard.set_headline_alert(msg, "yellow");
+					}
+				},
+			});
+		}
+	},
+
 	domain: frappe.utils.debounce((frm) => {
 		if (frm.doc.domain) {
 			frappe.call({
diff --git a/frappe/email/doctype/email_account/email_account.py b/frappe/email/doctype/email_account/email_account.py
index a0fc8f162e..66f7e1c688 100755
--- a/frappe/email/doctype/email_account/email_account.py
+++ b/frappe/email/doctype/email_account/email_account.py
@@ -82,6 +82,7 @@ class EmailAccount(Document):
 			return
 
 		use_oauth = self.auth_method == "OAuth"
+		validate_oauth = use_oauth and not (self.is_new() and not self.get_oauth_token())
 		self.use_starttls = cint(self.use_imap and self.use_starttls and not self.use_ssl)
 
 		if use_oauth:
@@ -90,7 +91,7 @@ class EmailAccount(Document):
 			self.password = None
 
 		if not frappe.local.flags.in_install and not self.awaiting_password:
-			if use_oauth or self.password or self.smtp_server in ("127.0.0.1", "localhost"):
+			if validate_oauth or self.password or self.smtp_server in ("127.0.0.1", "localhost"):
 				if self.enable_incoming:
 					self.get_incoming_server()
 					self.no_failed = 0
diff --git a/frappe/integrations/doctype/connected_app/connected_app.py b/frappe/integrations/doctype/connected_app/connected_app.py
index ff2eb2dc96..f78ccd59ce 100644
--- a/frappe/integrations/doctype/connected_app/connected_app.py
+++ b/frappe/integrations/doctype/connected_app/connected_app.py
@@ -112,7 +112,6 @@ class ConnectedApp(Document):
 				token = oauth_session.refresh_token(
 					body=f"redirect_uri={self.redirect_uri}",
 					token_url=self.token_uri,
-					refresh_token=token_cache.get_password("refresh_token"),
 				)
 			except Exception:
 				self.log_error("Token Refresh Error")