OIDC details for MBS.

Try this for now.  If we need actual secret values, we can set those up.

roles/mbs/common/tasks/main.yml

@@ -25,3 +25,13 @@
   tags:
   - mbs
   - mbs/common
+
+- name: copy client secrets that aren't really secret.
+  template: >
+    src=client_secrets.json.{{env}} dest=/etc/module-build-service/client_secrets.json
+    owner=root group=root mode=0644
+  notify:
+  - restart apache
+  tags:
+  - mbs
+  - mbs/common

roles/mbs/common/templates/client_secrets.json.prod

@@ -0,0 +1,12 @@
+{
+    "web": {
+        "auth_uri": "https://id.fedoraproject.org/openidc/Authorization",
+        "client_id": "mbs-authorizer",
+        "client_secret": "notsecret",
+        "redirect_uris": [
+            "http://localhost:13747/"
+        ],
+        "token_uri": "https://id.fedoraproject.org/openidc/Token",
+        "token_introspection_uri": "https://id.fedoraproject.org/openidc/TokenInfo"
+    }
+}

roles/mbs/common/templates/client_secrets.json.stg

@@ -0,0 +1,12 @@
+{
+    "web": {
+        "auth_uri": "https://id.stg.fedoraproject.org/openidc/Authorization",
+        "client_id": "mbs-authorizer",
+        "client_secret": "notsecret",
+        "redirect_uris": [
+            "http://localhost:13747/"
+        ],
+        "token_uri": "https://id.stg.fedoraproject.org/openidc/Token",
+        "token_introspection_uri": "https://id.stg.fedoraproject.org/openidc/TokenInfo"
+    }
+}

roles/mbs/common/templates/config.py

@@ -117,3 +117,6 @@ class ProdConfiguration(BaseConfiguration):
     PDC_URL = 'https://pdc.fedoraproject.org/rest_api/v1'
     SCMURLS = ["git://pkgs.fedoraproject.org/modules/"]
 {% endif %}
+
+    # These aren't really secret.
+    OIDC_CLIENT_SECRETS = path.join(confdir, 'client_secrets.json')