diff --git a/SOURCES/evolution-data-server-3.40.4-google-oauth2.patch b/SOURCES/evolution-data-server-3.40.4-google-oauth2.patch
new file mode 100644
index 0000000..d812318
--- /dev/null
+++ b/SOURCES/evolution-data-server-3.40.4-google-oauth2.patch
@@ -0,0 +1,116 @@
+From 08ec37272bb945625daed7e6ae7ed2bd663cdabd Mon Sep 17 00:00:00 2001
+From: Milan Crha <mcrha@redhat.com>
+Date: Wed, 4 May 2022 15:30:49 +0200
+Subject: [PATCH] I#388 - Google OAuth out-of-band (oob) flow will be
+ deprecated
+
+Closes https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/388
+---
+ src/libedataserver/e-oauth2-service-google.c | 62 +++++++++++++++++---
+ 1 file changed, 55 insertions(+), 7 deletions(-)
+
+diff --git a/src/libedataserver/e-oauth2-service-google.c b/src/libedataserver/e-oauth2-service-google.c
+index 4d262d32f..93af1cb0b 100644
+--- a/src/libedataserver/e-oauth2-service-google.c
++++ b/src/libedataserver/e-oauth2-service-google.c
+@@ -24,6 +24,7 @@
+ #include "e-oauth2-service-google.h"
+ 
+ /* https://developers.google.com/identity/protocols/OAuth2InstalledApp */
++/* https://developers.google.com/identity/protocols/oauth2/native-app */
+ 
+ /* Forward Declarations */
+ static void e_oauth2_service_google_oauth2_service_init (EOAuth2ServiceInterface *iface);
+@@ -122,14 +123,60 @@ static const gchar *
+ eos_google_get_authentication_uri (EOAuth2Service *service,
+ 				   ESource *source)
+ {
+-	return "https://accounts.google.com/o/oauth2/auth";
++	return "https://accounts.google.com/o/oauth2/v2/auth";
+ }
+ 
+ static const gchar *
+ eos_google_get_refresh_uri (EOAuth2Service *service,
+ 			    ESource *source)
+ {
+-	return "https://www.googleapis.com/oauth2/v3/token";
++	return "https://oauth2.googleapis.com/token";
++}
++
++static const gchar *
++eos_google_get_redirect_uri (EOAuth2Service *service,
++			     ESource *source)
++{
++	G_LOCK_DEFINE_STATIC (redirect_uri);
++	const gchar *key_name = "oauth2-google-redirect-uri";
++	gchar *value;
++
++	G_LOCK (redirect_uri);
++
++	value = g_object_get_data (G_OBJECT (service), key_name);
++	if (!value) {
++		const gchar *client_id = eos_google_get_client_id (service, source);
++
++		if (client_id) {
++			GPtrArray *array;
++			gchar **strv;
++			gchar *joinstr;
++			guint ii;
++
++			strv = g_strsplit (client_id, ".", -1);
++			array = g_ptr_array_new ();
++
++			for (ii = 0; strv[ii]; ii++) {
++				g_ptr_array_insert (array, 0, strv[ii]);
++			}
++
++			g_ptr_array_add (array, NULL);
++
++			joinstr = g_strjoinv (".", (gchar **) array->pdata);
++			/* Use reverse-DNS of the client ID with the below path */
++			value = g_strconcat (joinstr, ":/oauth2redirect", NULL);
++
++			g_ptr_array_free (array, TRUE);
++			g_strfreev (strv);
++			g_free (joinstr);
++
++			g_object_set_data_full (G_OBJECT (service), key_name, value, g_free);
++		}
++	}
++
++	G_UNLOCK (redirect_uri);
++
++	return value;
+ }
+ 
+ static void
+@@ -191,13 +238,13 @@ eos_google_extract_authorization_code (EOAuth2Service *service,
+ 
+ 				params = soup_form_decode (query);
+ 				if (params) {
+-					const gchar *response;
++					const gchar *code;
+ 
+-					response = g_hash_table_lookup (params, "response");
+-					if (response && g_ascii_strncasecmp (response, "code=", 5) == 0) {
+-						*out_authorization_code = g_strdup (response + 5);
++					code = g_hash_table_lookup (params, "code");
++					if (code && *code) {
++						*out_authorization_code = g_strdup (code);
+ 						known = TRUE;
+-					} else if (response && g_ascii_strncasecmp (response, "error", 5) == 0) {
++					} else if (g_hash_table_lookup (params, "error")) {
+ 						known = TRUE;
+ 					}
+ 
+@@ -225,6 +272,7 @@ e_oauth2_service_google_oauth2_service_init (EOAuth2ServiceInterface *iface)
+ 	iface->get_client_secret = eos_google_get_client_secret;
+ 	iface->get_authentication_uri = eos_google_get_authentication_uri;
+ 	iface->get_refresh_uri = eos_google_get_refresh_uri;
++	iface->get_redirect_uri = eos_google_get_redirect_uri;
+ 	iface->prepare_authentication_uri_query = eos_google_prepare_authentication_uri_query;
+ 	iface->extract_authorization_code = eos_google_extract_authorization_code;
+ }
+-- 
+2.35.1
+
diff --git a/SPECS/evolution-data-server.spec b/SPECS/evolution-data-server.spec
index 1f3c9f7..7453558 100644
--- a/SPECS/evolution-data-server.spec
+++ b/SPECS/evolution-data-server.spec
@@ -54,7 +54,7 @@
 
 Name: evolution-data-server
 Version: 3.40.4
-Release: 3%{?dist}
+Release: 3%{?dist}.1
 Summary: Backend data server for Evolution
 License: LGPLv2+
 URL: https://wiki.gnome.org/Apps/Evolution
@@ -62,6 +62,7 @@ Source: http://download.gnome.org/sources/%{name}/3.40/%{name}-%{version}.tar.xz
 
 Patch01: evolution-data-server-3.40.4-icalcompiter.patch
 Patch02: evolution-data-server-3.40.4-secret-monitor-warnings.patch
+Patch03: evolution-data-server-3.40.4-google-oauth2.patch
 
 Provides: evolution-webcal = %{version}
 Obsoletes: evolution-webcal < 2.24.0
@@ -478,6 +479,9 @@ find $RPM_BUILD_ROOT -name '*.so.*' -exec chmod +x {} \;
 %{_datadir}/installed-tests
 
 %changelog
+* Thu May 05 2022 Milan Crha <mcrha@redhat.com> - 3.40.4-3.1
+- Resolves: #2081793 (Backport patch for Google OAuth2 change)
+
 * Mon Nov 22 2021 Milan Crha <mcrha@redhat.com> - 3.40.4-3
 - Resolves: #2025480 (secret-monitor: Turn runtime warnings into debug prints)