OAuth/OIDC Source: Basic Auth Headers (potential fix)

[Adrian-DKFZ]

Is your feature request related to a problem? Please describe.
After one of our external IdPs updated their software, they now require client id and secret to be sent as basic auth in order to retreive an access token. Authentik won't propperly request the token with a basic auth header and throws an error.
I described this issue previously in #9289 and @BeryJu provided a fix. Unfortunately, that didn't fix the issue.

Describe the solution you'd like
It would be great to provide a sort of switch in the OIDC source settings in order to determine, whether client id and secret should be sent as basic auth or not.

Describe alternatives you've considered
I made some changes to the oauth2.py to send the basic auth headers and it works with our IdP. With this way of doing it, authentik sends basic auth headers to all OIDC IdPs, so improvements would have to be made.
You can find the changes here: Adrian-DKFZ/authentik@main...Adrian-DKFZ-basic-auth-headers
An official fix/implementation would be preferred, as we wouldn't want to maintain our own seperate version of authentik.

[rissson]

Heya @Adrian-DKFZ, we are planning to make some more changes on this in #14034 (see the list of linked issues for context). Would you be able to try out the images mentioned in #14035 (comment) (this is a different PR to have images based of 2025.2.4) and see if the issue doesn't come back? As mentioned, those images are based off of version 2025.2.4, without any database migration, so you can switch back and forth between the two.