Move OAuth configs to yaml

Leave allowedOauthClientIds empty instead of moving the placeholder client ids over.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=152967043

java/google/registry/config/RegistryConfig.java

@@ -925,7 +925,7 @@ public final class RegistryConfig {
     }
 
     /**
-     * Provides the OAuth scopes to check for on access tokens.
+     * Provides the OAuth scopes to check for access tokens.
      *
      * <p>This list should be a superset of the required OAuth scope set provided below.
      *
@@ -933,14 +933,14 @@ public final class RegistryConfig {
      * API, which requires at least one of:
      *
      * <ul>
-     *   <li>https://www.googleapis.com/auth/appengine.apis</li>
+     *   <li>https://www.googleapis.com/auth/appengine.apis
-     *   <li>https://www.googleapis.com/auth/cloud-platform</li>
+     *   <li>https://www.googleapis.com/auth/cloud-platform
      * </ul>
      */
     @Provides
     @Config("availableOauthScopes")
-    public static ImmutableSet<String> provideAvailableOauthScopes() {
+    public static ImmutableSet<String> provideAvailableOauthScopes(RegistryConfigSettings config) {
-      return ImmutableSet.of("https://www.googleapis.com/auth/userinfo.email");
+      return ImmutableSet.copyOf(config.oAuth.availableOauthScopes);
     }
 
     /**
@@ -951,15 +951,15 @@ public final class RegistryConfig {
      */
     @Provides
     @Config("requiredOauthScopes")
-    public static ImmutableSet<String> provideRequiredOauthScopes() {
+    public static ImmutableSet<String> provideRequiredOauthScopes(RegistryConfigSettings config) {
-      return ImmutableSet.of("https://www.googleapis.com/auth/userinfo.email");
+      return ImmutableSet.copyOf(config.oAuth.requiredOauthScopes);
     }
 
     /** Provides the allowed OAuth client IDs (could be multibinding). */
     @Provides
     @Config("allowedOauthClientIds")
-    public static ImmutableSet<String> provideAllowedOauthClientIds() {
+    public static ImmutableSet<String> provideAllowedOauthClientIds(RegistryConfigSettings config) {
-      return ImmutableSet.of("PUT.YOUR.PROXY.CLIENT.ID.HERE", "PUT.YOUR.REGTOOL.CLIENT.ID.HERE");
+      return ImmutableSet.copyOf(config.oAuth.allowedOauthClientIds);
     }
 
     /**

java/google/registry/config/RegistryConfigSettings.java

@@ -22,6 +22,7 @@ public class RegistryConfigSettings {
 
   public AppEngine appEngine;
   public GSuite gSuite;
+  public OAuth oAuth;
   public RegistryPolicy registryPolicy;
   public Datastore datastore;
   public Caching caching;
@@ -46,6 +47,13 @@ public class RegistryConfigSettings {
     }
   }
 
+  /** Configuration options for OAuth settings. */
+  public static class OAuth {
+    public List<String> availableOauthScopes;
+    public List<String> requiredOauthScopes;
+    public List<String> allowedOauthClientIds;
+  }
+
   /** Configuration options for the G Suite account used by Nomulus. */
   public static class GSuite {
     public String domainName;

java/google/registry/config/files/default-config.yaml

@@ -123,6 +123,19 @@ caching:
   # premium price entries that exist.
   staticPremiumListMaxCachedEntries: 200000
 
+oAuth:
+  # OAuth scopes to check for access tokens. Superset of requiredOauthScopes.
+  availableOauthScopes:
+    - https://www.googleapis.com/auth/userinfo.email
+
+  # OAuth scopes required for authenticating. Subset of availableOauthScopes.
+  requiredOauthScopes:
+    - https://www.googleapis.com/auth/userinfo.email
+
+  # OAuth client Ids that are allowed to authenticate and communicate with
+  # backend services, e. g. nomulus tool, EPP proxy, etc.
+  allowedOauthClientIds: []
+
 rde:
   # URL prefix of ICANN's server to upload RDE reports to. Nomulus adds /TLD/ID
   # to the end of this to construct the full URL.