OAuth*Provider should provide list of supported Flows

Whether manually configured, or configured through an OpenID Connect well-known configuration there are limit well defined flows.

OAuth providers, instead of assuming a specific flow should allow any defined/supported flow to be used.

NOTE: direct_grant = Resource Owner Password Credentials (however, we ignore the username/password fields as we connect with mTLS [e.g. CAC])