46 lines
1.6 KiB
Go Template
46 lines
1.6 KiB
Go Template
{{- $clientID := get . "clientID" }}
|
|
{{- $clientSecret := get . "clientSecret" }}
|
|
{{- with get . "root" }}
|
|
|
|
{{- range .Values.blueprint.provider.oidc.scopes }}
|
|
{{- if .expression }}
|
|
- model: authentik_providers_oauth2.ScopeMapping
|
|
identifiers:
|
|
name: {{ .name | quote }}
|
|
state: present
|
|
attrs:
|
|
name: {{ .name | quote }}
|
|
scope_name: {{ .scope_name }}
|
|
expression: {{ .expression | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
- model: authentik_providers_oauth2.OAuth2Provider
|
|
id: {{ .Values.blueprint.provider.name | default (include "authentik-application.fullname" .) }}
|
|
identifiers:
|
|
name: {{ .Values.blueprint.provider.name | default (include "authentik-application.fullname" .) }}
|
|
state: present
|
|
attrs:
|
|
authorization_flow: !Find [authentik_flows.flow, [slug, {{ .Values.blueprint.provider.authorizationFlow }}]]
|
|
invalidation_flow: !Find [authentik_flows.flow, [slug, {{ .Values.blueprint.provider.invalidationFlow }}]]
|
|
{{- with .Values.blueprint.provider.oidc }}
|
|
client_type: {{ .clientType | quote }}
|
|
client_id: {{ $clientID | quote }}
|
|
client_secret: {{ $clientSecret | quote }}
|
|
redirect_uris:
|
|
- matching_mode: "strict"
|
|
url: {{ .redirectURL | quote }}
|
|
{{- with .tokenDuration }}
|
|
access_token_validity: {{ . | quote }}
|
|
{{- end }}
|
|
{{- with .signingKey }}
|
|
signing_key: !Find [authentik_crypto.CertificateKeyPair, [name, {{ . }}]]
|
|
{{- end }}
|
|
{{- with .scopes }}
|
|
property_mappings:
|
|
{{- range . }}
|
|
- !Find [authentik_providers_oauth2.ScopeMapping, [name, {{ .name | quote }}]]
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}{{/* end with of get-root */}}
|