40 lines
1.6 KiB
Django/Jinja
40 lines
1.6 KiB
Django/Jinja
# yaml-language-server: $schema=https://goauthentik.io/blueprints/schema.json
|
|
version: 1
|
|
metadata:
|
|
name: "source-entra-{{ item.slug }}"
|
|
labels:
|
|
blueprints.goauthentik.io/instantiate: "true"
|
|
blueprints.goauthentik.io/description: "Microsoft Entra ID OAuth source ({{ item.slug }})"
|
|
|
|
entries:
|
|
- model: authentik_sources_oauth.oauthsource
|
|
id: source-entra-{{ item.slug }}
|
|
identifiers:
|
|
slug: {{ item.slug }}
|
|
attrs:
|
|
name: "{{ item.name | default('Microsoft Entra ID') }}"
|
|
slug: {{ item.slug }}
|
|
|
|
# Authentik's OAuth sources support vendor-specific types.
|
|
# Entra guide calls it "Entra ID OAuth Source".
|
|
provider_type: entraid
|
|
|
|
consumer_key: "{{ item.client_id }}"
|
|
consumer_secret: "{{ item.client_secret }}"
|
|
|
|
scopes:
|
|
{% for s in (item.scopes | default(['openid','profile','email'])) %}
|
|
- {{ s }}
|
|
{% endfor %}
|
|
|
|
{% if (item.tenant_mode | default('single')) == 'single' %}
|
|
authorization_url: "https://login.microsoftonline.com/{{ item.tenant_id }}/oauth2/v2.0/authorize"
|
|
access_token_url: "https://login.microsoftonline.com/{{ item.tenant_id }}/oauth2/v2.0/token"
|
|
profile_url: "https://graph.microsoft.com/v1.0/me"
|
|
oidc_jwks_url: "https://login.microsoftonline.com/{{ item.tenant_id }}/discovery/v2.0/keys"
|
|
{% else %}
|
|
authorization_url: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"
|
|
access_token_url: "https://login.microsoftonline.com/common/oauth2/v2.0/token"
|
|
profile_url: "https://graph.microsoft.com/v1.0/me"
|
|
oidc_jwks_url: "https://login.microsoftonline.com/common/discovery/v2.0/keys"
|
|
{% endif %}
|