{{- $clientID := get . "clientID" }}
{{- $clientSecret := get . "clientSecret" }}
{{- with get . "root" }}
- model: authentik_providers_oauth2.OAuth2Provider
  id: {{ .Values.blueprint.provider.name | default (include "authentik-application.fullname" .) }}
  identifiers:
    name: {{ .Values.blueprint.provider.name | default (include "authentik-application.fullname" .) }}
  state: present
  attrs:
    authorization_flow: !Find [authentik_flows.flow, [slug, {{ .Values.blueprint.provider.authorizationFlow }}]]
    {{- with .Values.blueprint.provider.oidc }}
    client_type: {{ .clientType | quote }}
    client_id: {{ $clientID | quote }}
    client_secret: {{ $clientSecret | quote }}
    redirect_uris: {{ .redirectURL }}
    {{- with .tokenDuration }}
    access_token_validity: {{ . | quote }}
    {{- end }} 
    {{- with .signingKey }}
    signing_key: !Find [authentik_crypto.CertificateKeyPair, [name, {{ . }}]]
    {{- end }}
    {{- with .scopes }}
    property_mappings:
      {{- range . }}
      - !Find [authentik_providers_oauth2.ScopeMapping, [scope_name, {{ . }}]]
      {{- end }}
    {{- end }}
    {{- end }}
{{- end }}{{/* end with of get-root */}}