OIDC: use Application config :oidc from runtime.exs for client secret in prod

lib/mv/config.ex

@@ -367,24 +367,22 @@ defmodule Mv.Config do
   @spec oidc_client_secret() :: String.t() | nil
   def oidc_client_secret do
     case Application.get_env(:mv, :oidc) do
-      oidc when is_list(oidc) ->
+      oidc when is_list(oidc) -> oidc_client_secret_from_config(Keyword.get(oidc, :client_secret))
-        case Keyword.get(oidc, :client_secret) do
+      _ -> env_or_setting("OIDC_CLIENT_SECRET", :oidc_client_secret)
-          nil ->
-            env_or_setting("OIDC_CLIENT_SECRET", :oidc_client_secret)
-
-          secret when is_binary(secret) ->
-            s = String.trim(secret)
-            if s != "", do: s, else: env_or_setting("OIDC_CLIENT_SECRET", :oidc_client_secret)
-
-          _ ->
-            env_or_setting("OIDC_CLIENT_SECRET", :oidc_client_secret)
-        end
-
-      _ ->
-        env_or_setting("OIDC_CLIENT_SECRET", :oidc_client_secret)
     end
   end
 
+  defp oidc_client_secret_from_config(nil),
+    do: env_or_setting("OIDC_CLIENT_SECRET", :oidc_client_secret)
+
+  defp oidc_client_secret_from_config(secret) when is_binary(secret) do
+    s = String.trim(secret)
+    if s != "", do: s, else: env_or_setting("OIDC_CLIENT_SECRET", :oidc_client_secret)
+  end
+
+  defp oidc_client_secret_from_config(_),
+    do: env_or_setting("OIDC_CLIENT_SECRET", :oidc_client_secret)
+
   @doc """
   Returns the OIDC admin group name (for role sync). ENV first, then Settings.
   """