Hello. I just tried the same yesterday and this morning.
The redirect URI goes like this: http://<server>/index.php/login/oauth
Roundcube sends the redirect uri with the first auth to mailcow. Mailcow checks it against what is saved, and if they do not match exaclty, you get the error above. I debugged and found that roundcube sends it’s uri with schema http:// instead of https:// .
I fixed that error by setting the redirect uri in Mailcow to the one without the s like the example above. It just adds another redirect to https.
Unfortunately, that does not fix the problem, it just unmasks the next one. Roundcube takes the information and tries to login with the bearer token as password on Mailcow’s dovecot, which rejects it.
There may be a way to configure dovecot to accept that, but there seem to be no examples on the web for roundcube. Actually, there are not many examples at all for dovecot OAuth.
I’m giving up for now. Debugging Mailcow and Roundcube is one thing, as they’re PHP, quite easy to debug. Debugging Dovecot to see what happens is another beast entirely, being C code and compiled to a binary.
Sorry to be the bearer of bad news.