From 50d64e2bfbfd984031ce6637d369b9c916cf1ac8 Mon Sep 17 00:00:00 2001 From: WrenIX Date: Wed, 8 Jan 2025 22:33:17 +0100 Subject: [PATCH] fix(authentik-application): invalidation_flow on oidc --- authentik-application/Chart.yaml | 2 +- authentik-application/README.md | 3 ++- authentik-application/files/provider/oidc.yaml.gotmpl | 4 +++- authentik-application/values.yaml | 1 + 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/authentik-application/Chart.yaml b/authentik-application/Chart.yaml index 487396c..8a96b3e 100644 --- a/authentik-application/Chart.yaml +++ b/authentik-application/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: authentik-application description: "A Chart to deploy a secret for the authentik blueprint-sidecar." type: application -version: "0.4.4" +version: "0.4.5" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/authentik-application/README.md b/authentik-application/README.md index d030537..c91ec39 100644 --- a/authentik-application/README.md +++ b/authentik-application/README.md @@ -7,7 +7,7 @@ description: "A Chart to deploy a secret for the authentik blueprint-sidecar." # authentik-application -![Version: 0.4.4](https://img.shields.io/badge/Version-0.4.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.4.5](https://img.shields.io/badge/Version-0.4.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) A Chart to deploy a secret for the authentik blueprint-sidecar. @@ -121,6 +121,7 @@ helm uninstall authentik-application-release | blueprint.labels | object | `{"goauthentik_blueprint":"1"}` | label of generated secret with blueprint | | blueprint.provider.authorizationFlow | string | `"default-provider-authorization-implicit-consent"` | | | blueprint.provider.enabled | bool | `true` | creat an provider for authentification (otherwise just a like in menu is created) | +| blueprint.provider.invalidationFlow | string | `"default-provider-invalidation-flow"` | | | blueprint.provider.name | string | `""` | | | blueprint.provider.oidc.clientID | string | `nil` | client id - generated if secret enabled | | blueprint.provider.oidc.clientSecret | string | `nil` | client secret - generated if secret enabled | diff --git a/authentik-application/files/provider/oidc.yaml.gotmpl b/authentik-application/files/provider/oidc.yaml.gotmpl index 9c7d82d..cc80565 100644 --- a/authentik-application/files/provider/oidc.yaml.gotmpl +++ b/authentik-application/files/provider/oidc.yaml.gotmpl @@ -22,12 +22,14 @@ state: present attrs: authorization_flow: !Find [authentik_flows.flow, [slug, {{ .Values.blueprint.provider.authorizationFlow }}]] + invalidation_flow: !Find [authentik_flows.flow, [slug, {{ .Values.blueprint.provider.invalidationFlow }}]] {{- with .Values.blueprint.provider.oidc }} client_type: {{ .clientType | quote }} client_id: {{ $clientID | quote }} client_secret: {{ $clientSecret | quote }} redirect_uris: - - {{ .redirectURL | quote }} + - matching_mode: "strict" + url: {{ .redirectURL | quote }} {{- with .tokenDuration }} access_token_validity: {{ . | quote }} {{- end }} diff --git a/authentik-application/values.yaml b/authentik-application/values.yaml index 9db23c1..b3199e5 100644 --- a/authentik-application/values.yaml +++ b/authentik-application/values.yaml @@ -16,6 +16,7 @@ blueprint: enabled: true name: "" authorizationFlow: "default-provider-authorization-implicit-consent" + invalidationFlow: "default-provider-invalidation-flow" # -- type of application connection, current support: oidc, saml and proxy type: "oidc" oidc: