resource "random_id" "wikijs_client_id" {
  byte_length = 16
}

resource "authentik_provider_oauth2" "wikijs" {
  name = "Wiki.js"
  #  Required. You can use the output of:
  #     $ openssl rand -hex 16
  client_id = random_id.wikijs_client_id.id
  authentication_flow = data.authentik_flow.default-authentication-flow.id
  authorization_flow = data.authentik_flow.default-provider-authorization-implicit-consent.id

  client_type = "public"

  redirect_uris = [
    "https://wiki.lab.cowley.tech/",
    ".*"
  ]

  property_mappings = [
    data.authentik_property_mapping_provider_scope.scope-email.id,
    data.authentik_property_mapping_provider_scope.scope-profile.id,
    data.authentik_property_mapping_provider_scope.scope-openid.id,
  ]
  lifecycle {
    ignore_changes = [
      signing_key,
      authentication_flow,
    ]
  }
}
resource "kubernetes_secret" "wikijs-oauth" {
  metadata {
    name      = "wikijs-oauth"
    namespace = "wikijs"
  }
  data = {
    "key" = authentik_provider_oauth2.wikijs.client_id
    "secret" =  authentik_provider_oauth2.wikijs.client_secret
  }
}
resource "authentik_application" "wikijs" {
  name              = "Wiki.js"
  slug              = "wikijs"
  protocol_provider = authentik_provider_oauth2.wikijs.id

  meta_launch_url   = "https://wiki.lab.cowley.tech/login/144cdcbe-d199-4f2c-93ae-cde7f662ce04"
  open_in_new_tab   = true
}