diff --git a/openid_connect.module b/openid_connect.module
index ec7a465..19916c5 100644
--- a/openid_connect.module
+++ b/openid_connect.module
@@ -60,7 +60,8 @@ function openid_connect_user_delete(EntityInterface $entity) {
 function openid_connect_user_format_name_alter(&$name, $account) {
   // Ensure that usernames are not displayed if they are email addresses, or if
   // they are generated names starting with 'oidc_'.
-  $oidc_name = \Drupal::service('user.data')->get('openid_connect', $account->id(), 'oidc_name');
+  $oidc_name = \Drupal::service('user.data')
+    ->get('openid_connect', $account->id(), 'oidc_name');
   if (!empty($oidc_name) && (strpos($name, 'oidc_') === 0 || strpos($name, '@'))) {
     $name = $oidc_name;
   }
@@ -174,8 +175,7 @@ function openid_connect_save_userinfo(UserInterface $account, array $userinfo) {
               break;
 
           }
-        }
-        // Catch the error if the field does not exist.
+        } // Catch the error if the field does not exist.
         catch (\InvalidArgumentException $e) {
           \Drupal::logger('openid_connect')->error($e->getMessage());
         }
@@ -186,7 +186,8 @@ function openid_connect_save_userinfo(UserInterface $account, array $userinfo) {
   // Save the display name additionally in the user account 'data', for use in
   // openid_connect_username_alter().
   if (isset($userinfo['name'])) {
-    \Drupal::service('user.data')->set('openid_connect', $account->id(), 'oidc_name', $userinfo['name']);
+    \Drupal::service('user.data')
+      ->set('openid_connect', $account->id(), 'oidc_name', $userinfo['name']);
   }
 
   $account->save();
@@ -206,16 +207,39 @@ function openid_connect_login_user(UserInterface $account) {
  * Save the current path in the session, for redirecting after authorization.
  */
 function openid_connect_save_destination() {
-  $current_path = \Drupal::service('path.current')->getPath();
-  $path = $current_path == '/user/login' ? '/user' : $current_path;
+  $path = $current_path = \Drupal::service('path.current')->getPath();
 
   // The destination could contain query parameters. Ensure that they are
   // preserved.
-  $query = \Drupal::request()->getQueryString();
+  $query_string = \Drupal::request()->getQueryString();
+
+  if ($query_string) {
+    parse_str($query_string, $query);
+  }
+  else {
+    $query = [];
+  }
+
+  // Check if a destination parameter is set, update the destination, and
+  // alter query parameters.
+  if (!empty(\Drupal::destination()->get())) {
+    $path = \Drupal::destination()->get();
+
+    $request = \Drupal::request();
+    $parameter_bag = $request->query;
+    $parameter_bag->remove('destination');
+
+    // This has to be http_build_query() because
+    // \Drupal::request()->getQueryString() returns the original query string
+    // but here we need the modified query string (without destination).
+    $query = http_build_query($parameter_bag->all());
+  }
 
   $_SESSION['openid_connect_destination'] = [
-    $path,
-    ['query' => $query],
+    'path' => $path,
+    'options' => [
+      'query' => $query,
+    ],
   ];
 }
 
@@ -263,7 +287,7 @@ function openid_connect_create_user($sub, array $userinfo, $client_name, $status
  *   A unique username.
  */
 function openid_connect_generate_username($sub, array $userinfo, $client_name) {
-  $name = 'oidc_' . $client_name . '_' . $sub;
+  $name = 'oidc_' . $client_name . '_' . md5($sub);
   $candidates = ['preferred_username', 'name'];
   foreach ($candidates as $candidate) {
     if (!empty($userinfo[$candidate])) {
@@ -291,11 +315,11 @@ function openid_connect_generate_username($sub, array $userinfo, $client_name) {
  */
 function openid_connect_username_exists($name) {
   return db_query(
-    'SELECT COUNT(*) FROM {users_field_data} WHERE name = :name',
-    [
-      ':name' => $name,
-    ]
-  )->fetchField() > 0;
+      'SELECT COUNT(*) FROM {users_field_data} WHERE name = :name',
+      [
+        ':name' => $name,
+      ]
+    )->fetchField() > 0;
 }
 
 /**
@@ -324,11 +348,25 @@ function openid_connect_set_password_access($account) {
  */
 function _openid_connect_user_properties_to_skip() {
   $properties_to_skip = [
-    'uid', 'uuid', 'langcode', 'preferred_langcode', 'preferred_admin_langcode',
-    'name', 'pass', 'mail', 'status', 'created', 'changed', 'access', 'login',
-    'init', 'roles', 'default_langcode',
+    'uid',
+    'uuid',
+    'langcode',
+    'preferred_langcode',
+    'preferred_admin_langcode',
+    'name',
+    'pass',
+    'mail',
+    'status',
+    'created',
+    'changed',
+    'access',
+    'login',
+    'init',
+    'roles',
+    'default_langcode',
   ];
-  \Drupal::moduleHandler()->alter('openid_connect_user_properties_to_skip', $properties_to_skip);
+  \Drupal::moduleHandler()
+    ->alter('openid_connect_user_properties_to_skip', $properties_to_skip);
   return array_combine($properties_to_skip, $properties_to_skip);
 }
 
@@ -417,7 +455,8 @@ function openid_connect_complete_authorization($client, array $tokens, &$destina
   $context = [
     'user_data' => $user_data,
   ];
-  \Drupal::moduleHandler()->alter('openid_connect_userinfo', $userinfo, $context);
+  \Drupal::moduleHandler()
+    ->alter('openid_connect_userinfo', $userinfo, $context);
 
   $logger = \Drupal::logger('openid_connect');
 
@@ -438,9 +477,14 @@ function openid_connect_complete_authorization($client, array $tokens, &$destina
 
   /* @var \Drupal\user\UserInterface $account */
   $account = $authmap->userLoadBySub($sub, $client->getPluginId());
-  $results = \Drupal::moduleHandler()->invokeAll('openid_connect_pre_authorize', [
-    $tokens, $account, $userinfo, $client->getPluginId(), $sub,
-  ]);
+  $results = \Drupal::moduleHandler()
+    ->invokeAll('openid_connect_pre_authorize', [
+      $tokens,
+      $account,
+      $userinfo,
+      $client->getPluginId(),
+      $sub,
+    ]);
 
   // Deny access if any module returns FALSE.
   if (in_array(FALSE, $results, TRUE)) {
@@ -460,7 +504,8 @@ function openid_connect_complete_authorization($client, array $tokens, &$destina
 
   if ($account) {
     // An existing account was found. Save user claims.
-    if (\Drupal::config('openid_connect.settings')->get('always_save_userinfo')) {
+    if (\Drupal::config('openid_connect.settings')
+      ->get('always_save_userinfo')) {
       openid_connect_save_userinfo($account, $userinfo);
     }
   }
@@ -506,7 +551,7 @@ function openid_connect_complete_authorization($client, array $tokens, &$destina
     // Respect possible override from OpenID-Connect settings.
     $register_override = \Drupal::config('openid_connect.settings')
       ->get('override_registration_settings');
-    if ($register === USER_REGISTER_ADMINISTRATORS_ONLY && $register_override) {
+    if ((($register === USER_REGISTER_ADMINISTRATORS_ONLY) || ($register === USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL)) && $register_override) {
       $register = USER_REGISTER_VISITORS;
     }
 
@@ -541,7 +586,10 @@ function openid_connect_complete_authorization($client, array $tokens, &$destina
   \Drupal::moduleHandler()->invokeAll(
     'openid_connect_post_authorize',
     [
-      $tokens, $account, $userinfo, $client->getPluginId(),
+      $tokens,
+      $account,
+      $userinfo,
+      $client->getPluginId(),
     ]
   );
 
@@ -574,7 +622,8 @@ function openid_connect_connect_current_user($client, array $tokens) {
   $context = [
     'user_data' => $user_data,
   ];
-  \Drupal::moduleHandler()->alter('openid_connect_userinfo', $userinfo, $context);
+  \Drupal::moduleHandler()
+    ->alter('openid_connect_userinfo', $userinfo, $context);
 
   $logger = \Drupal::logger('openid_connect');
   $provider_param = ['@provider' => $client->getPluginId()];
@@ -596,9 +645,14 @@ function openid_connect_connect_current_user($client, array $tokens) {
 
   /* @var \Drupal\user\UserInterface $account */
   $account = $authmap->userLoadBySub($sub, $client->getPluginId());
-  $results = \Drupal::moduleHandler()->invokeAll('openid_connect_pre_authorize', [
-    $tokens, $account, $userinfo, $client->getPluginId(), $sub
-  ]);
+  $results = \Drupal::moduleHandler()
+    ->invokeAll('openid_connect_pre_authorize', [
+      $tokens,
+      $account,
+      $userinfo,
+      $client->getPluginId(),
+      $sub,
+    ]);
 
   // Deny access if any module returns FALSE.
   if (in_array(FALSE, $results, TRUE)) {
@@ -626,7 +680,8 @@ function openid_connect_connect_current_user($client, array $tokens) {
     openid_connect_connect_account($account, $client->getPluginId(), $sub);
   }
 
-  $always_save_userinfo = \Drupal::config('openid_connect.settings')->get('always_save_userinfo');
+  $always_save_userinfo = \Drupal::config('openid_connect.settings')
+    ->get('always_save_userinfo');
   if ($always_save_userinfo) {
     openid_connect_save_userinfo($account, $userinfo);
   }
@@ -634,7 +689,10 @@ function openid_connect_connect_current_user($client, array $tokens) {
   \Drupal::moduleHandler()->invokeAll(
     'openid_connect_post_authorize',
     [
-      $tokens, $account, $userinfo, $client->getPluginId(),
+      $tokens,
+      $account,
+      $userinfo,
+      $client->getPluginId(),
     ]
   );