resource "random_id" "paperless_client_id" {
  byte_length = 16
}

resource "authentik_provider_oauth2" "paperless" {
  name          = "Paperless"
  #  Required. You can use the output of:
  #     $ openssl rand -hex 16
  client_id     = random_id.paperless_client_id.id

  authorization_flow  = data.authentik_flow.default-provider-authorization-implicit-consent.id

  redirect_uris = [
    "https://paperless.lab.cowley.tech/accounts/oidc/authentik/login/callback/"
  ]

#  property_mappings = [
#    data.authentik_scope_mapping.scope-email.id,
#    data.authentik_scope_mapping.scope-profile.id,
#    data.authentik_scope_mapping.scope-openid.id,
#  ]
}

resource "authentik_application" "paperless" {
  name              = "Paperless"
  slug              = "paperless"
  protocol_provider = authentik_provider_oauth2.paperless.id
}