diff --git a/CHANGELOG.md b/CHANGELOG.md
index cdf4d22c51..db6f77506a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,10 @@
+# v25.2.0b1
+
+Kubernetes API Version: v1.25.3
+
+### Feature
+- Adds support for loading CA certificates from a file using the `idp-certificate-authority` key for the oidc plugin. (#1916, @vgupta3)
+
 # v25.2.0a1
 
 Kubernetes API Version: v1.25.2
diff --git a/README.md b/README.md
index ad062d7c10..3ddb49332a 100644
--- a/README.md
+++ b/README.md
@@ -94,7 +94,7 @@ supported versions of Kubernetes clusters.
 - [client 22.y.z](https://pypi.org/project/kubernetes/22.6.0/): Kubernetes 1.21 or below (+-), Kubernetes 1.22 (✓), Kubernetes 1.23 or above (+-)
 - [client 23.y.z](https://pypi.org/project/kubernetes/23.6.0/): Kubernetes 1.22 or below (+-), Kubernetes 1.23 (✓), Kubernetes 1.24 or above (+-)
 - [client 24.y.z](https://pypi.org/project/kubernetes/24.2.0/): Kubernetes 1.23 or below (+-), Kubernetes 1.24 (✓), Kubernetes 1.25 or above (+-)
-- [client 25.y.z](https://pypi.org/project/kubernetes/25.2.0a1/): Kubernetes 1.24 or below (+-), Kubernetes 1.25 (✓), Kubernetes 1.26 or above (+-)
+- [client 25.y.z](https://pypi.org/project/kubernetes/25.2.0b1/): Kubernetes 1.24 or below (+-), Kubernetes 1.25 (✓), Kubernetes 1.26 or above (+-)
 
 > See [here](#homogenizing-the-kubernetes-python-client-versions) for an explanation of why there is no v13-v16 release.
 
diff --git a/examples/node_labels.py b/examples/node_labels.py
index f71c8126e5..cdde822b3a 100644
--- a/examples/node_labels.py
+++ b/examples/node_labels.py
@@ -16,7 +16,7 @@
 This example demonstrates the following:
     - Get a list of all the cluster nodes
     - Iterate through each node list item
-        - Add or overwirite label "foo" with the value "bar"
+        - Add or overwrite label "foo" with the value "bar"
         - Remove the label "baz"
     - Return the list of node with updated labels
 """
diff --git a/examples/rollout-daemonset.py b/examples/rollout-daemonset.py
index b337d0c88b..6499247056 100644
--- a/examples/rollout-daemonset.py
+++ b/examples/rollout-daemonset.py
@@ -2,7 +2,7 @@
 This example covers the following:
     - Create daemonset
     - Update daemonset
-    - List contoller revisions which belong to specified daemonset
+    - List controller revisions which belong to specified daemonset
     - Roll out daemonset
 """
 
diff --git a/kubernetes/README.md b/kubernetes/README.md
index d32b557966..825bcef1ce 100644
--- a/kubernetes/README.md
+++ b/kubernetes/README.md
@@ -4,7 +4,7 @@ No description provided (generated by Openapi Generator https://github.com/opena
 This Python package is automatically generated by the [OpenAPI Generator](https://openapi-generator.tech) project:
 
 - API version: release-1.25
-- Package version: 25.2.0a1
+- Package version: 25.2.0b1
 - Build package: org.openapitools.codegen.languages.PythonClientCodegen
 
 ## Requirements.
diff --git a/kubernetes/__init__.py b/kubernetes/__init__.py
index b61773e916..10a8f00f71 100644
--- a/kubernetes/__init__.py
+++ b/kubernetes/__init__.py
@@ -14,7 +14,7 @@
 
 __project__ = 'kubernetes'
 # The version is auto-updated. Please do not edit.
-__version__ = "25.2.0a1"
+__version__ = "25.2.0b1"
 
 import kubernetes.client
 import kubernetes.config
diff --git a/kubernetes/base/config/kube_config.py b/kubernetes/base/config/kube_config.py
index ed70df0ca8..b959554481 100644
--- a/kubernetes/base/config/kube_config.py
+++ b/kubernetes/base/config/kube_config.py
@@ -398,7 +398,7 @@ def _load_oid_token(self, provider):
 
         if PY3:
             jwt_attributes = json.loads(
-                base64.b64decode(parts[1] + padding).decode('utf-8')
+                base64.urlsafe_b64decode(parts[1] + padding).decode('utf-8')
             )
         else:
             jwt_attributes = json.loads(
@@ -439,6 +439,9 @@ def _refresh_oidc(self, provider):
 
             config.ssl_ca_cert = ca_cert.name
 
+        elif 'idp-certificate-authority' in provider['config']:
+            config.ssl_ca_cert = provider['config']['idp-certificate-authority']
+
         else:
             config.verify_ssl = False
 
diff --git a/kubernetes/base/config/kube_config_test.py b/kubernetes/base/config/kube_config_test.py
index 6233e977df..da0d2f35c6 100644
--- a/kubernetes/base/config/kube_config_test.py
+++ b/kubernetes/base/config/kube_config_test.py
@@ -17,6 +17,7 @@
 import io
 import json
 import os
+from pprint import pprint
 import shutil
 import tempfile
 import unittest
@@ -485,6 +486,13 @@ class TestKubeConfigLoader(BaseTestCase):
                     "user": "expired_oidc"
                 }
             },
+            {
+                "name": "expired_oidc_with_idp_ca_file",
+                "context": {
+                    "cluster": "default",
+                    "user": "expired_oidc_with_idp_ca_file"
+                }
+            },
             {
                 "name": "expired_oidc_nocert",
                 "context": {
@@ -799,6 +807,23 @@ class TestKubeConfigLoader(BaseTestCase):
                     }
                 }
             },
+            {
+                "name": "expired_oidc_with_idp_ca_file",
+                "user": {
+                    "auth-provider": {
+                        "name": "oidc",
+                        "config": {
+                            "client-id": "tectonic-kubectl",
+                            "client-secret": "FAKE_SECRET",
+                            "id-token": TEST_OIDC_EXPIRED_LOGIN,
+                            "idp-certificate-authority": TEST_CERTIFICATE_AUTH,
+                            "idp-issuer-url": "https://example.org/identity",
+                            "refresh-token":
+                                "lucWJjEhlxZW01cXI3YmVlcYnpxNGhzk"
+                        }
+                    }
+                }
+            },
             {
                 "name": "expired_oidc_nocert",
                 "user": {
@@ -1059,6 +1084,33 @@ def test_oidc_with_refresh(self, mock_ApiClient, mock_OAuth2Session):
         self.assertTrue(loader._load_auth_provider_token())
         self.assertEqual("Bearer abc123", loader.token)
 
+    @mock.patch('kubernetes.config.kube_config.OAuth2Session.refresh_token')
+    @mock.patch('kubernetes.config.kube_config.ApiClient.request')
+    def test_oidc_with_idp_ca_file_refresh(self, mock_ApiClient, mock_OAuth2Session):
+        mock_response = mock.MagicMock()
+        type(mock_response).status = mock.PropertyMock(
+            return_value=200
+        )
+        type(mock_response).data = mock.PropertyMock(
+            return_value=json.dumps({
+                "token_endpoint": "https://example.org/identity/token"
+            })
+        )
+
+        mock_ApiClient.return_value = mock_response
+
+        mock_OAuth2Session.return_value = {"id_token": "abc123",
+                                           "refresh_token": "newtoken123"}
+
+        loader = KubeConfigLoader(
+            config_dict=self.TEST_KUBE_CONFIG,
+            active_context="expired_oidc_with_idp_ca_file",
+        )
+
+
+        self.assertTrue(loader._load_auth_provider_token())
+        self.assertEqual("Bearer abc123", loader.token)
+
     @mock.patch('kubernetes.config.kube_config.OAuth2Session.refresh_token')
     @mock.patch('kubernetes.config.kube_config.ApiClient.request')
     def test_oidc_with_refresh_nocert(
diff --git a/kubernetes/client/__init__.py b/kubernetes/client/__init__.py
index e4400cf6dc..d7bf825b16 100644
--- a/kubernetes/client/__init__.py
+++ b/kubernetes/client/__init__.py
@@ -14,7 +14,7 @@
 
 from __future__ import absolute_import
 
-__version__ = "25.2.0a1"
+__version__ = "25.2.0b1"
 
 # import apis into sdk package
 from kubernetes.client.api.well_known_api import WellKnownApi
diff --git a/kubernetes/client/api_client.py b/kubernetes/client/api_client.py
index f029dc991b..58efb4ecc8 100644
--- a/kubernetes/client/api_client.py
+++ b/kubernetes/client/api_client.py
@@ -78,7 +78,7 @@ def __init__(self, configuration=None, header_name=None, header_value=None,
             self.default_headers[header_name] = header_value
         self.cookie = cookie
         # Set default User-Agent.
-        self.user_agent = 'OpenAPI-Generator/25.2.0a1/python'
+        self.user_agent = 'OpenAPI-Generator/25.2.0b1/python'
         self.client_side_validation = configuration.client_side_validation
 
     def __enter__(self):
diff --git a/kubernetes/client/configuration.py b/kubernetes/client/configuration.py
index ca123a8bc8..974856ca8c 100644
--- a/kubernetes/client/configuration.py
+++ b/kubernetes/client/configuration.py
@@ -350,7 +350,7 @@ def to_debug_report(self):
                "OS: {env}\n"\
                "Python Version: {pyversion}\n"\
                "Version of the API: release-1.25\n"\
-               "SDK Package Version: 25.2.0a1".\
+               "SDK Package Version: 25.2.0b1".\
                format(env=sys.platform, pyversion=sys.version)
 
     def get_host_settings(self):
diff --git a/scripts/constants.py b/scripts/constants.py
index 13059cb4a4..4b5b1c2b92 100644
--- a/scripts/constants.py
+++ b/scripts/constants.py
@@ -18,13 +18,13 @@
 KUBERNETES_BRANCH = "release-1.25"
 
 # client version for packaging and releasing.
-CLIENT_VERSION = "25.2.0a1"
+CLIENT_VERSION = "25.2.0b1"
 
 # Name of the release package
 PACKAGE_NAME = "kubernetes"
 
 # Stage of development, mainly used in setup.py's classifiers.
-DEVELOPMENT_STATUS = "3 - Alpha"
+DEVELOPMENT_STATUS = "4 - Beta"
 
 
 # If called directly, return the constant value given
diff --git a/setup.py b/setup.py
index 220ebc3e5f..7c5c69c182 100644
--- a/setup.py
+++ b/setup.py
@@ -16,9 +16,9 @@
 
 # Do not edit these constants. They will be updated automatically
 # by scripts/update-client.sh.
-CLIENT_VERSION = "25.2.0a1"
+CLIENT_VERSION = "25.2.0b1"
 PACKAGE_NAME = "kubernetes"
-DEVELOPMENT_STATUS = "3 - Alpha"
+DEVELOPMENT_STATUS = "4 - Beta"
 
 # To install the library, run the following
 #