Module ignores discovered client authentication method, and always uses post

[Firstyear]

I am working with an openid connect server that only allows client_secret_basic, which is correctly discovered in the openid discovery endpoint. This module appears to ignore that setting, and always uses client_secret_post.

This module should correctly respect the discovered settings.

[xataxxx]

This seems to still be the case :(

[Firstyear]

I ended up just modifying my oidc server to accept client_secret_post :S

[xataxxx]

I do not have control over the OIDC server so I'm working on a Pull request to actually send the client_secret_basic request when it's required. Only a few lines of code to support it so hopefully will get this merged into this official oidc client.