Help needed for OAuth and WSO2 Identity Server

[Tyler Montney]

As outlined here:
https://doc.dovecot.org/configuration_manual/authentication/oauth2/

Can Postman https://identity.foo.mylocal:9443/oauth2/token OK.

Using this command to generate the base64 token: echo -en
'n,a=test at foo.com,\001host=localhost\001port=143\001auth=Bearer
S3cure!Password\001\001' | base64 -w0; echo

I telnet to localhost 143, and run 01 AUTHENTICATE OAUTHBEARER {TOKEN}.

Get 'User id is not available for user: FOO.MYLOCAL/test at carbon.super'
(HTTP 500). It could be because Dovecot is just sending a username instead
of the full email address? I can generate the same 500 error by just
sending the username in Postman.

***dovecot-oauth.conf.ext***

introspection_mode = post
introspection_url = https://adminusername:adminpassword@identity.foo.mylocal
:9443/oauth2/introspect
username_attribute = username
tls_allow_invalid_cert = yes
active_attribute = active
active_value = true
use_grant_password = yes
# Have tried this, no change.
#username_format = %n

client_id = {CLIENTID}
client_secret = {CLIENTSECRET}

grant_url = https://identity.foo.mylocal:9443/oauth2/token
tokeninfo_url = https://identity.foo.mylocal:9443/oauth2/tokeninfo?oauth=
pass_attrs = pass=%{oauth2:access_token}

***dovecot.conf***

auth_mechanisms = $auth_mechanisms oauthbearer xoauth2

passdb {

driver = oauth2
  mechanisms = xoauth2 oauthbearer
  args = /etc/dovecot/dovecot-oauth2.conf.ext
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20211116/f6daa5be/attachment.htm>