43 lines
1.6 KiB
Django/Jinja
43 lines
1.6 KiB
Django/Jinja
# yaml-language-server: $schema=https://goauthentik.io/blueprints/schema.json
|
|
version: 1
|
|
metadata:
|
|
name: "oidc-{{ item.slug }}"
|
|
labels:
|
|
blueprints.goauthentik.io/instantiate: "true"
|
|
blueprints.goauthentik.io/description: "OIDC provider + application for {{ item.slug }}"
|
|
|
|
entries:
|
|
- model: authentik_providers_oauth2.oauth2provider
|
|
id: oidc-provider-{{ item.slug }}
|
|
identifiers:
|
|
name: {{ item.slug }}
|
|
attrs:
|
|
name: {{ item.slug }}
|
|
client_type: confidential
|
|
client_id: !Env {{ item.client_id_env }}
|
|
client_secret: !Env {{ item.client_secret_env }}
|
|
|
|
redirect_uris:
|
|
{% for ru in item.redirect_uris %}
|
|
- url: "{{ ru.url }}"
|
|
matching_mode: {{ ru.matching_mode | default('strict') }}
|
|
{% endfor %}
|
|
|
|
authorization_flow: !Find [authentik_flows.flow, [slug, {{ item.flows.authorization_slug | default('default-provider-authorization-implicit-consent') }}]]
|
|
invalidation_flow: !Find [authentik_flows.flow, [slug, {{ item.flows.invalidation_slug | default('default-provider-invalidation-flow') }}]]
|
|
|
|
property_mappings:
|
|
{% for s in (item.scopes | default(['openid','email','profile','offline_access'])) %}
|
|
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, {{ s }}]]
|
|
{% endfor %}
|
|
|
|
signing_key: !Find [authentik_crypto.certificatekeypair, [name, {{ item.signing_key_name | default('authentik Self-signed Certificate') }}]]
|
|
|
|
- model: authentik_core.application
|
|
id: app-{{ item.slug }}
|
|
identifiers:
|
|
slug: {{ item.slug }}
|
|
attrs:
|
|
name: "{{ item.name | default(item.slug) }}"
|
|
slug: {{ item.slug }}
|
|
provider: !KeyOf oidc-provider-{{ item.slug }}
|