40 lines
1.7 KiB
Django/Jinja
40 lines
1.7 KiB
Django/Jinja
# yaml-language-server: $schema=https://goauthentik.io/blueprints/schema.json
|
||
version: 1
|
||
metadata:
|
||
name: "source-entra-{{ item.slug }}"
|
||
labels:
|
||
blueprints.goauthentik.io/instantiate: "true"
|
||
blueprints.goauthentik.io/description: "Microsoft Entra ID OAuth source ({{ item.slug }})"
|
||
|
||
entries:
|
||
- model: authentik_sources_oauth.oauthsource
|
||
id: source-entra-{{ item.slug }}
|
||
identifiers:
|
||
slug: {{ item.slug }}
|
||
attrs:
|
||
name: "{{ item.name | default('Microsoft Entra ID') }}"
|
||
slug: {{ item.slug }}
|
||
|
||
# Authentik’s OAuth sources support vendor-specific types.
|
||
# Entra guide calls it “Entra ID OAuth Source”.
|
||
provider_type: entraid
|
||
|
||
consumer_key: !Env {{ item.client_id_env }}
|
||
consumer_secret: !Env {{ item.client_secret_env }}
|
||
|
||
scopes:
|
||
{% for s in (item.scopes | default(['openid','profile','email'])) %}
|
||
- {{ s }}
|
||
{% endfor %}
|
||
|
||
{% if (item.tenant_mode | default('single')) == 'single' %}
|
||
authorization_url: !Format ["https://login.microsoftonline.com/%s/oauth2/v2.0/authorize", !Env {{ item.tenant_id_env }}]
|
||
access_token_url: !Format ["https://login.microsoftonline.com/%s/oauth2/v2.0/token", !Env {{ item.tenant_id_env }}]
|
||
profile_url: "https://graph.microsoft.com/v1.0/me"
|
||
oidc_jwks_url: !Format ["https://login.microsoftonline.com/%s/discovery/v2.0/keys", !Env {{ item.tenant_id_env }}]
|
||
{% else %}
|
||
authorization_url: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"
|
||
access_token_url: "https://login.microsoftonline.com/common/oauth2/v2.0/token"
|
||
profile_url: "https://graph.microsoft.com/v1.0/me"
|
||
oidc_jwks_url: "https://login.microsoftonline.com/common/discovery/v2.0/keys"
|
||
{% endif %}
|