resource "random_id" "dashy_client_id" {
byte_length = 16
}
resource "authentik_provider_oauth2" "dashy" {
name = "Dashy"
# Required. You can use the output of:
# $ openssl rand -hex 16
client_id = random_id.dashy_client_id.id
authorization_flow = data.authentik_flow.default-provider-authorization-implicit-consent.id
invalidation_flow = data.authentik_flow.default-invalidation-flow.id
sub_mode = "user_email"
client_type = "public"
allowed_redirect_uris = [
{
matching_mode = "strict",
url = "https://dash.lab.cowley.tech/"
},
{
"matching_mode" = "regex"
"url" = ".*"
},
]
property_mappings = [
data.authentik_property_mapping_provider_scope.scope-email.id,
data.authentik_property_mapping_provider_scope.scope-profile.id,
data.authentik_property_mapping_provider_scope.scope-openid.id,
]
lifecycle {
ignore_changes = [
signing_key,
authentication_flow,
]
}
}
#resource "authentik_provider_oauth2" "dashy" {
# name = "Dashy"
# # Required. You can use the output of:
# # $ openssl rand -hex 16
# client_id = random_id.dashy_client_id.id
# #authentication_flow = data.authentik_flow.default-authentication-flow.id
# authorization_flow = data.authentik_flow.default-provider-authorization-implicit-consent.id
# invalidation_flow = data.authentik_flow.default-invalidation-flow.id
#
# client_type = "public"
#
# allowed_redirect_uris = [
# {
# matched_mode = "strict",
# url = "https://dash.lab.cowley.tech/",
# },
# # {
# # matched_mode = "regex",
# # url = ".*"
# # }
# ]
#
# sub_mode = "user_email"
#
# property_mappings = [
# data.authentik_property_mapping_provider_scope.scope-email.id,
# data.authentik_property_mapping_provider_scope.scope-profile.id,
# data.authentik_property_mapping_provider_scope.scope-openid.id,
# ]
# lifecycle {
# ignore_changes = [
# signing_key,
# authentication_flow,
# ]
# }
#}
#
resource "authentik_application" "dashy" {
name = "Dashy"
slug = "dashy"
protocol_provider = authentik_provider_oauth2.dashy.id
open_in_new_tab = true
}