resource "random_id" "dashy_client_id" { byte_length = 16 } resource "authentik_provider_oauth2" "dashy" { name = "Dashy" # Required. You can use the output of: # $ openssl rand -hex 16 client_id = random_id.dashy_client_id.id authorization_flow = data.authentik_flow.default-provider-authorization-implicit-consent.id invalidation_flow = data.authentik_flow.default-invalidation-flow.id sub_mode = "user_email" client_type = "public" allowed_redirect_uris = [ { matching_mode = "strict", url = "https://dash.lab.cowley.tech/" }, { "matching_mode" = "regex" "url" = ".*" }, ] property_mappings = [ data.authentik_property_mapping_provider_scope.scope-email.id, data.authentik_property_mapping_provider_scope.scope-profile.id, data.authentik_property_mapping_provider_scope.scope-openid.id, ] lifecycle { ignore_changes = [ signing_key, authentication_flow, ] } } #resource "authentik_provider_oauth2" "dashy" { # name = "Dashy" # # Required. You can use the output of: # # $ openssl rand -hex 16 # client_id = random_id.dashy_client_id.id # #authentication_flow = data.authentik_flow.default-authentication-flow.id # authorization_flow = data.authentik_flow.default-provider-authorization-implicit-consent.id # invalidation_flow = data.authentik_flow.default-invalidation-flow.id # # client_type = "public" # # allowed_redirect_uris = [ # { # matched_mode = "strict", # url = "https://dash.lab.cowley.tech/", # }, # # { # # matched_mode = "regex", # # url = ".*" # # } # ] # # sub_mode = "user_email" # # property_mappings = [ # data.authentik_property_mapping_provider_scope.scope-email.id, # data.authentik_property_mapping_provider_scope.scope-profile.id, # data.authentik_property_mapping_provider_scope.scope-openid.id, # ] # lifecycle { # ignore_changes = [ # signing_key, # authentication_flow, # ] # } #} # resource "authentik_application" "dashy" { name = "Dashy" slug = "dashy" protocol_provider = authentik_provider_oauth2.dashy.id open_in_new_tab = true }