Geo: Auto-repair OAuth2 applications for secondary nodes

As suggested by @nick.thomas:

We already have a /repair endpoint to fix up OAuth2, although it would be awesome-r if it happened automatically. I'd have no objections to opening up this endpoint for the primary.

At the moment I do not really see why we cannot recover (most situations) automatically?