auth: Make luci-go services trust signatures produced by the token server.

server/auth/authdb/erroring.go

Index: server/auth/authdb/erroring.go
diff --git a/server/auth/authdb/erroring.go b/server/auth/authdb/erroring.go
index 204162880283f58c310553b521e98fd350d31e68..40dc7029ec978287d1a9e54df79144160c7b8d82 100644
--- a/server/auth/authdb/erroring.go
+++ b/server/auth/authdb/erroring.go
@@ -11,6 +11,7 @@ import (
 
 	"github.com/luci/luci-go/common/logging"
 	"github.com/luci/luci-go/server/auth/identity"
+	"github.com/luci/luci-go/server/auth/signing"
 	"github.com/luci/luci-go/server/secrets"
 )
 
@@ -44,6 +45,12 @@ func (db ErroringDB) SharedSecrets(c context.Context) (secrets.Store, error) {
 	return nil, db.Error
 }
 
+// GetCertificates returns a bundle with certificates of a trusted signer.
+func (db ErroringDB) GetCertificates(c context.Context, id identity.Identity) (*signing.PublicCertificates, error) {

[Vadim Sh., 2016/10/03 20:47:12]

This is not a fake, but a primitive implementation that returns errors from all
methods.

Used on un-configured prod app. The error is "please configure the auth service
URL".

+	logging.Errorf(c, "%s", db.Error)
+	return nil, db.Error
+}
+
 // GetWhitelistForIdentity returns name of the IP whitelist to use to check
 // IP of requests from given `ident`.
 //