Using this command to generate the base64 token: echo -en 'n,a=test@foo.com,\001host=localhost\001port=143\001auth=Bearer S3cure!Password\001\001' | base64 -w0; echo

I telnet to localhost 143, and run 01 AUTHENTICATE OAUTHBEARER {TOKEN}.

Get 'User id is not available for user: FOO.MYLOCAL/test@carbon.super' (HTTP 500). It could be because Dovecot is just sending a username instead of the full email address? I can generate the same 500 error by just sending the username in Postman.

***dovecot-oauth.conf.ext***

introspection_mode = post
introspection_url = https://adminusername:adminpassword@identity.foo.mylocal:9443/oauth2/introspect
username_attribute = username
tls_allow_invalid_cert = yes
active_attribute = active
active_value = true
use_grant_password = yes
# Have tried this, no change.
#username_format = %n

client_id = {CLIENTID}
client_secret = {CLIENTSECRET}

pass_attrs = pass=%{oauth2:access_token}

***dovecot.conf***

auth_mechanisms = $auth_mechanisms oauthbearer xoauth2

passdb {

driver = oauth2
  mechanisms = xoauth2 oauthbearer
  args = /etc/dovecot/dovecot-oauth2.conf.ext
}