diff --git a/passbook/core/migrations/0009_group_is_superuser.py b/passbook/core/migrations/0009_group_is_superuser.py
index 2884e1dc2..a69a3ebbb 100644
--- a/passbook/core/migrations/0009_group_is_superuser.py
+++ b/passbook/core/migrations/0009_group_is_superuser.py
@@ -41,4 +41,10 @@ class Migration(migrations.Migration):
             ),
         ),
         migrations.RunPython(create_default_admin_group),
+        migrations.AlterModelManagers(
+            name='user',
+            managers=[
+                ('objects', passbook.core.models.UserManager()),
+            ],
+        ),
     ]
diff --git a/passbook/providers/oauth2/migrations/0003_auto_20200916_2129.py b/passbook/providers/oauth2/migrations/0003_auto_20200916_2129.py
new file mode 100644
index 000000000..b1d37983c
--- /dev/null
+++ b/passbook/providers/oauth2/migrations/0003_auto_20200916_2129.py
@@ -0,0 +1,23 @@
+# Generated by Django 3.1.1 on 2020-09-16 21:29
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('passbook_providers_oauth2', '0002_oauth2provider_sub_mode'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='oauth2provider',
+            name='client_type',
+            field=models.CharField(choices=[('confidential', 'Confidential'), ('public', 'Public')], default='confidential', help_text='Confidential clients are capable of maintaining the confidentiality\n    of their credentials. Public clients are incapable.', max_length=30, verbose_name='Client Type'),
+        ),
+        migrations.AlterField(
+            model_name='oauth2provider',
+            name='response_type',
+            field=models.TextField(choices=[('code', 'code (Authorization Code Flow)'), ('code_adfs', 'code (ADFS Compatibility Mode, sends id_token as access_token)'), ('id_token', 'id_token (Implicit Flow)'), ('id_token token', 'id_token token (Implicit Flow)'), ('code token', 'code token (Hybrid Flow)'), ('code id_token', 'code id_token (Hybrid Flow)'), ('code id_token token', 'code id_token token (Hybrid Flow)')], default='code', help_text='Response Type required by the client.'),
+        ),
+    ]
diff --git a/passbook/providers/oauth2/models.py b/passbook/providers/oauth2/models.py
index dc289860c..6f15f4282 100644
--- a/passbook/providers/oauth2/models.py
+++ b/passbook/providers/oauth2/models.py
@@ -31,8 +31,8 @@ from passbook.providers.oauth2.generators import (
 
 
 class ClientTypes(models.TextChoices):
-    """<b>Confidential</b> clients are capable of maintaining the confidentiality
-    of their credentials. <b>Public</b> clients are incapable."""
+    """Confidential clients are capable of maintaining the confidentiality
+    of their credentials. Public clients are incapable."""
 
     CONFIDENTIAL = "confidential", _("Confidential")
     PUBLIC = "public", _("Public")
@@ -70,6 +70,7 @@ class ResponseTypes(models.TextChoices):
     """Response Type required by the client."""
 
     CODE = "code", _("code (Authorization Code Flow)")
+    CODE_ADFS = "code_adfs", _("code (ADFS Compatibility Mode, sends id_token as access_token)")
     ID_TOKEN = "id_token", _("id_token (Implicit Flow)")
     ID_TOKEN_TOKEN = "id_token token", _("id_token token (Implicit Flow)")
     CODE_TOKEN = "code token", _("code token (Hybrid Flow)")
diff --git a/passbook/providers/oauth2/views/authorize.py b/passbook/providers/oauth2/views/authorize.py
index 01aaf59d4..2dcd223c5 100644
--- a/passbook/providers/oauth2/views/authorize.py
+++ b/passbook/providers/oauth2/views/authorize.py
@@ -90,7 +90,7 @@ class OAuthAuthorizationParams:
         response_type = query_dict.get("response_type", "")
         grant_type = None
         # Determine which flow to use.
-        if response_type in [ResponseTypes.CODE]:
+        if response_type in [ResponseTypes.CODE, ResponseTypes.CODE_ADFS]:
             grant_type = GrantTypes.AUTHORIZATION_CODE
         elif response_type in [
             ResponseTypes.ID_TOKEN,
diff --git a/passbook/providers/oauth2/views/token.py b/passbook/providers/oauth2/views/token.py
index 2e23a9154..84eb4262d 100644
--- a/passbook/providers/oauth2/views/token.py
+++ b/passbook/providers/oauth2/views/token.py
@@ -17,7 +17,7 @@ from passbook.providers.oauth2.errors import TokenError, UserAuthError
 from passbook.providers.oauth2.models import (
     AuthorizationCode,
     OAuth2Provider,
-    RefreshToken,
+    RefreshToken, ResponseTypes,
 )
 from passbook.providers.oauth2.utils import TokenResponse, extract_client_auth
 
@@ -200,7 +200,7 @@ class TokenView(View):
             "id_token": refresh_token.provider.encode(refresh_token.id_token.to_dict()),
         }
 
-        if self.params.authorization_code.is_open_id:
+        if self.params.provider.response_type == ResponseTypes.CODE_ADFS:
             # This seems to be expected by some OIDC Clients
             # namely VMware vCenter. This is not documented in any OpenID or OAuth2 Standard.
             # Maybe this should be a setting