Hi Beth
While there are many solutions supporting OAuth, your second requirement should be difficult to fulfil. But I think that you can make your client happy nonetheless:
As I understand it, your client needs different from-addresses and different recipients, based on conditions of the form. For this, you normally setup one account/mailbox that handles the sending. Typically, this is an alias like «no-reply@mathieu.company .com». The form sending will then set the recipient and sending address, while using one account for sending out. To prevent people answering to the «no-reply»-mailbox, you set «sender–» and «reply-to–»address the same and put in an autoresponder to the no-reply-mailbox.
This is the way it is done everywhere, because it allows for easy scaling (your form can have 100+ different mails) and maximum security (only only authentication or set of credentials).
One if not the best form plugin for Wordpress is WSForm. It allows for very extensive control over conditions and has a highly active team of US based developers. Talk to them upfront if you're interested, if your case has special needs, they might implement them. My agency ditched WPForms and Advanced Forms in an instant for it. We never looked back and our customers have way less complaints.
The other tip I like to give you is to forget about WP Mail SMTP and use FluentSMTP instead. The latter not only has more features, it is also completely free. It offers OAuth with various platforms and works like a charm. We have it running on small to really big projects flawlessly for years now.
Best,
Sebastian