implicit never used ! (auth code flow hard coded !)

[rochatjl]

in private function requestAuthorization() {

596 $response_type = 'code'; => forces authorization code flow even if you specified :

$this->client->setResponseTypes(['token', 'id_token']);
$this->client->setAllowImplicitFlow(true);

why not use instead : $response_type = $this->responseTypes;
and if empty use 'code'

[rochatjl]

better ? line 596 if ($this->allowImplicitFlow) $response_type = $this->responseTypes; else $response_type = 'code';