resource "random_id" "dashy_client_id" { byte_length = 16 } resource "authentik_provider_oauth2" "dashy" { name = "Dashy" # Required. You can use the output of: # $ openssl rand -hex 16 client_id = random_id.dashy_client_id.id authentication_flow = data.authentik_flow.default-authentication-flow.id authorization_flow = data.authentik_flow.default-provider-authorization-implicit-consent.id client_type = "public" redirect_uris = [ "https://dash.lab.cowley.tech/", ".*" ] sub_mode = "user_email" property_mappings = [ data.authentik_property_mapping_provider_scope.scope-email.id, data.authentik_property_mapping_provider_scope.scope-profile.id, data.authentik_property_mapping_provider_scope.scope-openid.id, ] lifecycle { ignore_changes = [ signing_key, authentication_flow, ] } } resource "authentik_application" "dashy" { name = "Dashy" slug = "dashy" protocol_provider = authentik_provider_oauth2.dashy.id open_in_new_tab = true }