Is setting authentication type to OIDC required?

[darius-m]

There are multiple places in the code that check if the user authentication method is set to 'oidc' (e.g., in the user_login or handle_notification_sent functions), despite them being apparently non-essential.

For the first function mentioned in the example, the user synchronization component of the plugin should provide enough information to allow authenticating the user, after obtaining an oidc token, despite not having the authentication type set to 'oidc'. The issue with it is that the authenticate_user_login function gets the authentication type for the user and only attempts to use that method (for existing users).

The options I see would be either somehow having the 'authenticate_user_login' function attempt logging in the user using all authentication methods, or at least a certain subset (since it is called when attempting to log in using a specific mechanism, in our case oidc), or avoid calling it altogether. Since the first approach is unlikely since it probably requires changing core code, the second case is more plausible, which would require implementing the relevant part of it internally. This would allow keeping the existing authentication type, and use oidc as an alternative. From what I have seen, LDAP appears to have some issues when the authentication type is changed.

Since you can get a oidc token for the user after matching them, most other functionality should also not have any issues working as expected without having the authentication type set to oidc. 'handle_notification_sent' performs an unnecessary check for authentication type despite immediately checking if there is a local o365 object for the user (which seems to be the actually useful information).