diff --git a/src/oidcserver.js b/src/oidcserver.js
index c2ea39b5d..55441d418 100644
--- a/src/oidcserver.js
+++ b/src/oidcserver.js
@@ -526,7 +526,7 @@ async function interactionAbort(req, res, next) {
     if (error) return next(error);
 }
 
-async function getClaims(username/*, use, scope*/) {
+async function getClaims(username, use, scope, clientId) {
     const [error, user] = await safe(users.getByUsername(username));
     if (error) return { error: 'user not found' };
 
@@ -536,7 +536,19 @@ async function getClaims(username/*, use, scope*/) {
     const [mailboxesError, mailboxes] = await safe(mail.listMailboxesByUserId(user.id));
     if (mailboxesError) return { error: mailboxesError.message };
 
-    // const [mailPasswordError, mailPassword] = await safe(mailpasswords.get())
+    let mailPassword = null;
+    if (clientId) {
+        const [clientError, client] = await safe(oidcClients.get(clientId));
+        if (!clientError && client && client.appId) {
+            let mailPw = await mailpasswords.get(client.appId, user.id);
+            if (!mailPw) {
+                const generatedPassword = crypto.randomBytes(48).toString('hex');
+                await mailpasswords.add(client.appId, user.id, generatedPassword);
+                mailPw = await mailpasswords.get(client.appId, user.id);
+            }
+            if (mailPw) mailPassword = mailPw.password;
+        }
+    }
 
     const displayName = user.displayName || user.username || ''; // displayName can be empty and username can be null
     const { firstName, lastName, middleName } = users.parseDisplayName(displayName);
@@ -557,6 +569,7 @@ async function getClaims(username/*, use, scope*/) {
         preferred_username: user.username,
         groups: allGroups.filter(function (g) { return g.userIds.indexOf(user.id) !== -1; }).map(function (g) { return `${g.name}`; }),
         mailclient: {
+            accessToken: mailPassword,
             mailboxes,
         },
     };
@@ -607,9 +620,10 @@ async function start() {
 
     const configuration = {
         findAccount: async function (ctx, id) {
+            const clientId = ctx.oidc.client?.clientId;
             return {
                 accountId: id,
-                claims: async (use, scope) => await getClaims(id, use, scope)
+                claims: async (use, scope) => await getClaims(id, use, scope, clientId)
             };
         },
         renderError: async function (ctx, out, error) {