✨ [#80] Support configuring basic auth for token endpoint

mozilla_django_oidc_db/admin.py

@@ -35,6 +35,7 @@ class OpenIDConnectConfigAdmin(SingletonModelAdmin):
                     "oidc_op_jwks_endpoint",
                     "oidc_op_authorization_endpoint",
                     "oidc_op_token_endpoint",
+                    "oidc_token_use_basic_auth",
                     "oidc_op_user_endpoint",
                 )
             },

mozilla_django_oidc_db/migrations/0015_openidconnectconfig_oidc_token_use_basic_auth.py

@@ -0,0 +1,22 @@
+# Generated by Django 3.2.23 on 2024-02-05 16:51
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("mozilla_django_oidc_db", "0014_alter_openidconnectconfig_groups_claim"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="openidconnectconfig",
+            name="oidc_token_use_basic_auth",
+            field=models.BooleanField(
+                default=False,
+                help_text="If enabled, the client ID and secret are sent in the HTTP Basic auth header when obtaining the access token. Otherwise, they are sent in the request body.",
+                verbose_name="Use Basic auth for token endpoint",
+            ),
+        ),
+    ]

mozilla_django_oidc_db/models.py

@@ -161,6 +161,15 @@ class OpenIDConnectConfigBase(SingletonModel):
         max_length=1000,
         help_text=_("URL of your OpenID Connect provider token endpoint"),
     )
+    oidc_token_use_basic_auth = models.BooleanField(
+        _("Use Basic auth for token endpoint"),
+        default=False,
+        help_text=_(
+            "If enabled, the client ID and secret are sent in the HTTP Basic auth "
+            "header when obtaining the access token. Otherwise, they are sent in the "
+            "request body.",
+        ),
+    )
     oidc_op_user_endpoint = models.URLField(
         _("User endpoint"),
         max_length=1000,