I think you missed their question. They want to use native client apps on their android device (think jellyfin client, for example) with 2FA. Continuing with this example, the jellyfin client doesn’t support OIDC, best you’ll get with external authentication is LDAP (which still uses a 3rd party LDAP plugin, and doesn’t support 2FA, but at least works on the client).

An external provider that supports SAML or OIDC or whatever won’t magically make the android client natively support that auth mechanism

Then, you have to authenticate against Authelia/Authentik and a second time at the service via username and password usually.

FYI that at least in Authentik you can avoid the second login. Check the instructions they have on setting up Sonarr for more details, but you can save the app credentials in Authentik, then if your identity is authorized for access Authentik will automatically attach the credentials for the app: https://goauthentik.io/integrations/services/sonarr/

Works for anything that has http basic auth