Add auth_openidc config

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>

roles/distgit/tasks/main.yml

@@ -23,6 +23,13 @@
   - distgit
   when: env == "staging"
 
+- name: install the mod_auth_openidc configuration
+  copy: src=auth_openidc.conf dest=/etc/httpd/conf.d/auth_openidc.conf
+  notify:
+  - reload httpd
+  tags:
+  - distgit
+
 - name: Put in git service config
   copy: src=git@.service dest=/etc/systemd/system/git@.service
   tags:

roles/distgit/templates/auth_openidc.conf

@@ -0,0 +1,12 @@
+OIDCOAuthIntrospectionEndpoint https://id{{env_suffix}}.fedoraproject.org/openidc/TokenInfo
+OIDCOAuthClientID distgit
+{% if env == "staging" %}
+OIDCOAuthClientSecret {{ distgit_oidc_client_secret_stg }}
+{% else %}
+OIDCOAuthClientSecret {{ distgit_oidc_client_secret_prod }}
+{% endif %}
+OIDCOAuthIntrospectionEndpointAuth client_secret_post
+OIDCOAuthIntrospectionEndpointMethod POST
+OIDCOAuthTokenIntrospectionInterval 60
+OIDCOAuthSSLValidateServerA On
+OIDCOAuthAcceptTokenAs basic