1. Proposed title of this feature request
OpenID Connect identity provider should discover .well-known/openid-configuration and use the offered method

2. What is the nature and description of the request?
OpenID Connect identity provider currently only offers client_secret_post method for token_endpoint_auth_method despite the fact that OpenID Connect identity provider may eventually advertise client_secret_basic instead.

In some strict environments client_secret_basic may be the only method offered, causing OpenID Connect identity provider integration to fail.

Also given that client_secret_post is no longer recommended (see https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1), the OpenID Connect identity provider should discover .well-known/openid-configuration and then use/support the method offered in token_endpoint_auth_method so that the integration works based on the method advertised by the OpenID server.

3. Why does the customer need this? (List the business requirements here)
client_secret_post is no longer recommended according to https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1 and customers are pushing to support client_secret_basic respectively discover of .well-known/openid-configuration to evaluate the offered method in token_endpoint_auth_method and then use that accordingly.

4. List any affected packages or components.
oauth-server