try these

Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>

roles/openshift-apps/waiverdb/templates/secret.yml

@@ -22,15 +22,13 @@ stringData:
 {% else %}
   flask-secret-key: "{{prod_waiverdb_secret_key}}"
   database-password: "{{prod_waiverdb_db_password}}"
-  # This is the same non-secret config we have committed
-  # as conf/client_secrets.json for using in dev environments.
   client_secrets.json: |-
     {"web": {
       "redirect_uris": ["https://waiverdb-waiverdb.app.os.fedoraproject.org/"],
-      "token_uri": "https://iddev.fedorainfracloud.org/openidc/Token",
-      "auth_uri": "https://iddev.fedorainfracloud.org/openidc/Authorization",
-      "client_id": "D-e69a1ac7-30fa-4d18-9001-7468c4f34c3c",
-      "client_secret": "qgz8Bzjg6nO7JWCXoB0o8L49KfI5atLF",
-      "userinfo_uri": "https://iddev.fedorainfracloud.org/openidc/UserInfo",
-      "token_introspection_uri": "https://iddev.fedorainfracloud.org/openidc/TokenInfo"}}
+      "token_uri": "https://id{{ env_suffix }}.fedoraproject.org/openidc/Token",
+      "auth_uri": "https://id{{ env_suffix }}.fedoraproject.org/openidc/Authorization",
+      "client_id": "waiverdb",
+      "client_secret": "{{ prod_waiverdb_oidc_secret }}",
+      "userinfo_uri": "https://id{{ env_suffix }}.fedoraproject.org/openidc/UserInfo",
+      "token_introspection_uri": "https://id{{ env_suffix }}.fedoraproject.org/openidc/TokenInfo"}}
 {% endif %}