diff --git a/rootfs/etc/confd/conf.d/dovecot-oauth2.conf.ext.toml b/rootfs/etc/confd/conf.d/dovecot-oauth2.conf.ext.toml
deleted file mode 100644
index 1d9e173..0000000
--- a/rootfs/etc/confd/conf.d/dovecot-oauth2.conf.ext.toml
+++ /dev/null
@@ -1,3 +0,0 @@
-[template]
-src = "dovecot-oauth2.conf.ext.tmpl"
-dest = "/etc/dovecot/dovecot-oauth2.conf.ext"
diff --git a/rootfs/etc/confd/templates/10-auth.conf.tmpl b/rootfs/etc/confd/templates/10-auth.conf.tmpl
index e3b8b0e..f76f601 100644
--- a/rootfs/etc/confd/templates/10-auth.conf.tmpl
+++ b/rootfs/etc/confd/templates/10-auth.conf.tmpl
@@ -1,6 +1,6 @@
 auth_username_chars = {{getenv "ALLOWED_USERNAME_CHARS" "äöüabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@"}}
 auth_username_format = %n
-auth_mechanisms = {{getenv "AUTH_MECHANISMS" "plain"}}
+auth_mechanisms = {{getenv "AUTH_MECHANISMS" "plain login"}}
 !include auth-oauth2.conf.ext
 auth_verbose = yes
 auth_debug = yes
diff --git a/rootfs/etc/confd/templates/auth-oauth2.conf.ext.tmpl b/rootfs/etc/confd/templates/auth-oauth2.conf.ext.tmpl
index 692de70..14db780 100644
--- a/rootfs/etc/confd/templates/auth-oauth2.conf.ext.tmpl
+++ b/rootfs/etc/confd/templates/auth-oauth2.conf.ext.tmpl
@@ -1,7 +1,13 @@
 passdb {
   driver = oauth2
-  mechanisms = plain
-  args = /etc/dovecot/dovecot-oauth2.conf.ext
+  mechanisms = oauthbearer xoauth2
+  args = /etc/dovecot/dovecot-oauth2.token.conf.ext
+}
+
+passdb {
+  driver = oauth2
+  mechanisms = plain login
+  args = /etc/dovecot/dovecot-oauth2.plain.conf.ext
 }
 
 userdb {
diff --git a/rootfs/etc/confd/templates/dovecot-oauth2.conf.ext.tmpl b/rootfs/etc/confd/templates/dovecot-oauth2.conf.ext.tmpl
deleted file mode 100644
index b7c6637..0000000
--- a/rootfs/etc/confd/templates/dovecot-oauth2.conf.ext.tmpl
+++ /dev/null
@@ -1,12 +0,0 @@
-grant_url = {{ getenv "GRANT_URL" }}
-client_id = {{ getenv "CLIENT_ID" }}
-client_secret = {{ getenv "CLIENT_SECRET" }}
-tokeninfo_url = {{ getenv "TOKENINFO_URL" }}
-introspection_url = {{ getenv "INTROSPECTION_URL" }}
-introspection_mode = {{ getenv "INTROSPECTION_MODE" "post" }}
-#force_introspection = yes
-username_attribute = username
-tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
-use_grant_password = yes
-pass_attrs = host=127.0.0.1 proxy=y proxy_mech=xoauth2 pass=%{oauth2:access_token}
-debug = yes