Console operator will need to use a ManagedClusterAction to create OAuth clients on each of the spoke clusters to allow console on the hub to authenticate with each spoke. The backend will need to be updated to use the right client ID and secret for each spoke cluster.

Additionally, the console operator will need a ManagedClusterView to get the default ingress certificate on the spoke clusters needed to speak with the spoke cluster OAuth endpoints and pass it to the console backend as part of the muli-cluster config.

For the dev preview, we can use the same OAuth client ID and secret for each spoke cluster. CONSOLE-2842 tracks supporting different OAuth secrets for each cluster.