[FEATURE] Made response_type parameter configurable

classes/loginflow/authcode.php

@@ -584,10 +584,13 @@ protected function handlelogin(string $oidcuniqid, array $authparams, array $tok
                     $username = $idtoken->claim('email');
                 }
             } else {
-                $username = $idtoken->claim('upn');
-                if (empty($username)) {
+                // Bright Alley Adjustment, user "email" when available
+                // as username instead of UPN or random username
+                $email = $idtoken->claim('email');
+                if (empty($email)) {
                     $username = $idtoken->claim('unique_name');
                 }
+                $username = is_array($email) ? $email[0] : $email;
             }
             $originalupn = null;
 

classes/loginflow/base.php

@@ -254,7 +254,7 @@ public function get_userinfo($username) {
                 if (!isset($userdata['email'])) {
                     $email = $token->claim('email');
                     if (!empty($email)) {
-                        $userdata['mail'] = $email;
+                        $userdata['mail'] = is_array($email) ? $email[0] : $email;
                     } else {
                         if (!empty($upn)) {
                             $aademailvalidateresult = filter_var($upn, FILTER_VALIDATE_EMAIL);

classes/oidcclient.php

@@ -173,7 +173,7 @@ protected function getauthrequestparams($promptlogin = false, array $stateparams
         $nonce = 'N'.uniqid();
 
         $params = [
-            'response_type' => 'code',
+            'response_type' => get_config('auth_oidc', 'response_type'),
             'client_id' => $this->clientid,
             'scope' => $this->scope,
             'nonce' => $nonce,

lang/en/auth_oidc.php

@@ -117,6 +117,7 @@
 $string['cfg_loginflow_authcode_desc'] = 'Using this flow, the user clicks the name of the IdP (See "Provider Display Name" above) on the Moodle login page and is redirected to the provider to log in. Once successfully logged in, the user is redirected back to Moodle where the Moodle login takes place transparently. This is the most standardized, secure way for the user log in.';
 $string['cfg_loginflow_rocreds'] = 'Resource Owner Password Credentials Grant <b>(deprecated)</b>';
 $string['cfg_loginflow_rocreds_desc'] = '<b>This login flow is deprecated and will be removed from the plugin soon.</b><br/>Using this flow, the user enters their username and password into the Moodle login form like they would with a manual login. This will authorize the user with the IdP, but will not create a session on the IdP\'s site. For example, if using Microsoft 365 with OpenID Connect, the user will be logged in to Moodle but not the Microsoft 365 web applications. Using the authorization request is recommended if you want users to be logged in to both Moodle and the IdP. Note that not all IdP support this flow. This option should only be used when other authorization grant types are not available.';
+$string['cfg_response_type_key'] = 'Response type';
 $string['oidcresource'] = 'Resource';
 $string['oidcresource_help'] = 'The OpenID Connect resource for which to send the request.<br/>
 <b>Note</b> this is paramater is not supported in <b>Microsoft identity platform (v2.0)</b> IdP type.';

settings.php

@@ -79,6 +79,10 @@
     $settings->add(new auth_oidc_admin_setting_loginflow('auth_oidc/loginflow',
         get_string('cfg_loginflow_key', 'auth_oidc'), '', 'authcode'));
 
+    // Response type
+    $settings->add(new admin_setting_configtext('auth_oidc/response_type',
+        get_string('cfg_response_type_key', 'auth_oidc'), '', 'code'));
+
     // User restrictions heading.
     $settings->add(new admin_setting_heading('auth_oidc/user_restrictions_heading',
         get_string('heading_user_restrictions', 'auth_oidc'), get_string('heading_user_restrictions_desc', 'auth_oidc')));

version.php

@@ -25,7 +25,7 @@
 
 defined('MOODLE_INTERNAL') || die();
 
-$plugin->version = 2022041910;
+$plugin->version = 2022112310;
 $plugin->requires = 2022041900;
 $plugin->release = '4.0.2';
 $plugin->component = 'auth_oidc';