Hi @mrahmadawais,
Thanks for the ticket!
I'm not sure why an OpenID client would be used with App Passwords. One of the benefits of App Passwords using Basic Authentication is that it is built in to many HTTP clients by simply passing a username and password field. For instance Axios and Guzzle both have an auth field.
The OAuth specification requires following that encoding process. However, Application Passwords is not OAuth, so I'm not sure why we'd be following the OAuth specification here.
If we did want to match the OAuth specification, changing the encoding format could potentially cause a backward compatibility break. Though it would be unlikely due to the selection of characters that WordPress Core generates.
All that being said, I'm not sure what the practical benefit here is. If the values passed to App Passwords are an OAuth client_id and client_secret they won't be successfully authenticated by wp_authenticate_application_password regardless of the encoding method chosen because they aren't App Passwords.