osbuild-mock-openid-provider: support client_credentials grant type

Extend the implementation of mock openid server to take the `grant_type`
into consideration for the `/token` endpoint.

In addition to the previously supported `refresh_topen`, the
implementation now supports also `client_credentials`.

This is necessary to make it possible to use the mock server in
the `koji-osbuild` CI, because the builder plugin uses
`client_credentials` to get access token.

The implementation behaves in the following way:
 - For `refresh_token` grant type, it takes the `refresh_token` value
   from the request and adds it to the `rh-org-id` field in the custom
   claim, which is part of the returned token.
 - For `client_credentials` grant type, it takes the `client_secret`
   value from the request and adds it to the `rh-org-id` field in the
   custom claim, which is part of the returned token.

Requests without the supported `grant_type` set are rejected.

Modify affected test cases to specify `grant_type` when fetching a new
access token.

cmd/osbuild-mock-openid-provider/main.go

@@ -90,13 +90,29 @@ func main() {
 			panic(err)
 		}
 
-		cc := customClaims{
-			Type:      "Bearer",
-			ExpiresAt: 0,
-			IssuedAt:  time.Now().Unix(),
-			// Use refresh_token as rh-org-id
-			RHOrgID: r.Form.Get("refresh_token"),
+		var cc customClaims
+		switch r.Form.Get("grant_type") {
+		case "refresh_token":
+			cc = customClaims{
+				Type:      "Bearer",
+				ExpiresAt: 0,
+				IssuedAt:  time.Now().Unix(),
+				// Use refresh_token as rh-org-id
+				RHOrgID: r.Form.Get("refresh_token"),
+			}
+		case "client_credentials":
+			cc = customClaims{
+				Type:      "Bearer",
+				ExpiresAt: 0,
+				IssuedAt:  time.Now().Unix(),
+				// Use client_secret as rh-org-id
+				RHOrgID: r.Form.Get("client_secret"),
+			}
+		default:
+			w.WriteHeader(http.StatusBadRequest)
+			return
 		}
+
 		token := jwt.NewWithClaims(jwt.SigningMethodRS256, cc)
 		token.Header["kid"] = "key-id"