47 lines
1.2 KiB
HCL
47 lines
1.2 KiB
HCL
resource "random_id" "dashy_client_id" {
|
|
byte_length = 16
|
|
}
|
|
|
|
resource "authentik_provider_oauth2" "dashy" {
|
|
name = "Dashy"
|
|
# Required. You can use the output of:
|
|
# $ openssl rand -hex 16
|
|
client_id = random_id.dashy_client_id.id
|
|
authentication_flow = data.authentik_flow.default-authentication-flow.id
|
|
authorization_flow = data.authentik_flow.default-provider-authorization-implicit-consent.id
|
|
invalidation_flow = data.authentik_flow.default-invalidation-flow.id
|
|
|
|
client_type = "public"
|
|
|
|
allowed_redirect_uris = [
|
|
{
|
|
matched_mode = "strict",
|
|
url = "https://dash.lab.cowley.tech/",
|
|
},
|
|
{
|
|
matched_mode = "regex",
|
|
url = ".*"
|
|
}
|
|
]
|
|
|
|
sub_mode = "user_email"
|
|
|
|
property_mappings = [
|
|
data.authentik_property_mapping_provider_scope.scope-email.id,
|
|
data.authentik_property_mapping_provider_scope.scope-profile.id,
|
|
data.authentik_property_mapping_provider_scope.scope-openid.id,
|
|
]
|
|
lifecycle {
|
|
ignore_changes = [
|
|
signing_key,
|
|
authentication_flow,
|
|
]
|
|
}
|
|
}
|
|
|
|
resource "authentik_application" "dashy" {
|
|
name = "Dashy"
|
|
slug = "dashy"
|
|
protocol_provider = authentik_provider_oauth2.dashy.id
|
|
open_in_new_tab = true
|
|
}
|