As outlined here: https://doc.dovecot.org/configuration_manual/authentication/oauth2/

Can Postman https://identity.foo.mylocal:9443/oauth2/token OK.

Using this command to generate the base64 token: echo -en 'n,a=test@foo.com,\001host=localhost\001port=143\001auth=Bearer S3cure!Password\001\001' | base64 -w0; echo

I telnet to localhost 143, and run 01 AUTHENTICATE OAUTHBEARER {TOKEN}.

Get 'User id is not available for user: FOO.MYLOCAL/test@carbon.super' (HTTP 500). It could be because Dovecot is just sending a username instead of the full email address? I can generate the same 500 error by just sending the username in Postman.

***dovecot-oauth.conf.ext***

introspection_mode = post

introspection_url = https://adminusername:adminpassword@identity.foo.mylocal:9443/oauth2/introspect

username_attribute = username

tls_allow_invalid_cert = yes

active_attribute = active

active_value = true

use_grant_password = yes
# Have tried this, no change.

#username_format = %n

client_id = {CLIENTID}

client_secret = {CLIENTSECRET}

grant_url = https://identity.foo.mylocal:9443/oauth2/token

tokeninfo_url = https://identity.foo.mylocal:9443/oauth2/tokeninfo?oauth=

pass_attrs = pass=%{oauth2:access_token}

***dovecot.conf***

auth_mechanisms = $auth_mechanisms oauthbearer xoauth2

passdb {

driver = oauth2

mechanisms = xoauth2 oauthbearer

args = /etc/dovecot/dovecot-oauth2.conf.ext

}