#data "authentik_flow" "default-provider-authorization-implicit-consent" { # slug = "default-provider-authorization-implicit-consent" #} # #data "authentik_property_mapping_provider_scope" "scope-email" { # name = "authentik default OAuth Mapping: OpenID 'email'" #} # #data "authentik_property_mapping_provider_scope" "scope-profile" { # name = "authentik default OAuth Mapping: OpenID 'profile'" #} # #data "authentik_property_mapping_provider_scope" "scope-openid" { # name = "authentik default OAuth Mapping: OpenID 'openid'" #} # resource "random_id" "immich_client_id" { byte_length = 16 } data "authentik_provider_oauth2_config" "immich" { name = "Immich" } #resource "authentik_provider_oauth2" "immich" { # name = "Immich" # # Required. You can use the output of: # # $ openssl rand -hex 16 # client_id = random_id.immich_client_id.id # # # Optional: will be generated if not provided # # client_secret = "my_client_secret" # # authorization_flow = data.authentik_flow.default-provider-authorization-implicit-consent.id # invalidation_flow = data.authentik_flow.default-invalidation-flow.id # # allowed_redirect_uris = [ # { # matched_mode = "strict" # url = "app.immich:///oauth-callback", # }, # { # matched_mode = "strict" # url = "https://photos.lab.cowley.tech/auth/login", # }, # { # matched_mode = "strict" # url = "https://photos.lab.cowley.tech/user-settings", # } # ] # #property_mappings = [ # # data.authentik_property_mapping_provider_scope.scope-email.id, # # data.authentik_property_mapping_provider_scope.scope-profile.id, # # data.authentik_property_mapping_provider_scope.scope-openid.id, # #] # #lifecycle { # # ignore_changes = [ # # signing_key, # # authentication_flow, # # ] # #} #} #resource "authentik_application" "immich" { # name = "Immich" # slug = "immich" # protocol_provider = authentik_provider_oauth2.immich.id #} #resource "local_file" "foo" { # content = authentik_provider_oauth2.immich.client_secret # filename = "${path.module}/foo.bar" #}