diff --git a/src/auth/db-oauth2.c b/src/auth/db-oauth2.c
index ad9a547605..b3ababb11d 100644
--- a/src/auth/db-oauth2.c
+++ b/src/auth/db-oauth2.c
@@ -702,3 +702,8 @@ void db_oauth2_lookup(struct db_oauth2 *db, struct db_oauth2_request *req,
 	}
 	DLLIST_PREPEND(&db->head, req);
 }
+
+bool db_oauth2_uses_password_grant(const struct db_oauth2 *db)
+{
+	return db->set.use_grant_password;
+}
diff --git a/src/auth/db-oauth2.h b/src/auth/db-oauth2.h
index 2b46fbfc7c..9386b70fd1 100644
--- a/src/auth/db-oauth2.h
+++ b/src/auth/db-oauth2.h
@@ -35,6 +35,8 @@ struct db_oauth2 *db_oauth2_init(const char *config_path);
 void db_oauth2_ref(struct db_oauth2 *);
 void db_oauth2_unref(struct db_oauth2 **);
 
+bool db_oauth2_uses_password_grant(const struct db_oauth2 *db);
+
 void db_oauth2_lookup(struct db_oauth2 *db, struct db_oauth2_request *req, const char *token, struct auth_request *request, db_oauth2_lookup_callback_t *callback, void *context);
 #define db_oauth2_lookup(db, req, token, request, callback, context) \
 	db_oauth2_lookup(db, req, token + \
diff --git a/src/auth/passdb-oauth2.c b/src/auth/passdb-oauth2.c
index 2c2f558bc5..7ba75d4aa1 100644
--- a/src/auth/passdb-oauth2.c
+++ b/src/auth/passdb-oauth2.c
@@ -20,6 +20,9 @@ oauth2_verify_plain_continue(struct db_oauth2_request *req,
 	else if (result != PASSDB_RESULT_OK)
 		auth_request_log_info(request, AUTH_SUBSYS_DB, "oauth2 failed: %s",
 				      error);
+	else {
+		auth_request_set_field(request, "token", req->token, "PLAIN");
+	}
 	req->verify_callback(result, request);
 	auth_request_unref(&request);
 }
@@ -47,6 +50,14 @@ oauth2_preinit(pool_t pool, const char *args)
 
 	module = p_new(pool, struct oauth2_passdb_module, 1);
 	module->db = db_oauth2_init(args);
+	module->module.default_pass_scheme = "PLAIN";
+
+	if (db_oauth2_uses_password_grant(module->db)) {
+		module->module.default_cache_key = "%u";
+	} else {
+		module->module.default_cache_key = "%u%w";
+	}
+
 	return &module->module;
 }