In order to support Shibboleth (authentication by Apache protected directory) and Oauth2 authentication we need to encapsulate the authentication_user_login from token.php into a auth plugin method. The idea is:
- for shibboleth, this method could contains a curl call that retrieve a user to be authenticated.
- for Oauth2, the method password parameter would contains an access token and the username an email address. With this two, the auth plugin contact Moodle to retrieve the user and authenticate it.