Is there a question in there somewhere? It think there might be some sort of idea that oauth should use as password not a token as it does. But I may well be inventing a logical question from the information posted.

So how about you take the time to elucidate exactly what you mean and I will stop guessing.

It is the oauth entries but how do they get there? On Win10 all the smtp and imap entries are there but Win11 introduced the oauth entries. It's not a problem as all the passwords are on RasPi 5 Ubuntu 24.04 and Win10

oauth uses the password only for the initial authentication, and even then is it done on a web page and not saved. When the authentication completes successfully a (I think) 10 digit/character oAuth token issued and is then used between the authenticated device and the provider until such times as the provider either revokes it in which case you will be asked to re-authenticate, or it is replaced with a new token. Reissuing of tokens is done automatically under the hood and there is no user interaction.

It has nothing to do with windows 10 or 11 or Linux or anything operating system. It is all about the changing requirements for authentication imposed by mail providers. SO these days you see no passwords of any substance in Thunderbird. It simply does not know them or use them unless the authentication method is normal password and that is becoming the exception with mail providers. I still use it with GMX, But Outlook, Gmail, Yahoo and AOL all use oauth now