infrastructure/authentik.tf

data "authentik_flow" "default_authorization_flow" {
  slug = "default-provider-authorization-implicit-consent"
}

data "authentik_property_mapping_provider_scope" "default_scopes" {
  managed_list = [
    "goauthentik.io/providers/oauth2/scope-email",
    "goauthentik.io/providers/oauth2/scope-openid",
    "goauthentik.io/providers/oauth2/scope-profile"
  ]
}

resource "authentik_provider_oauth2" "service_providers" {
  for_each           = local.services_auth
  name               = each.value.name
  client_type        = "confidential"
  client_id          = each.value.name
  authorization_flow = data.authentik_flow.default_authorization_flow.id
  redirect_uris      = each.value.auth_redirects
  property_mappings  = data.authentik_property_mapping_provider_scope.default_scopes.ids
}

resource "authentik_application" "service_applications" {
  for_each          = local.services_auth
  name              = each.value.name
  slug              = "${each.value.subdomain}-serguzim-me"
  protocol_provider = authentik_provider_oauth2.service_providers[each.key].id
}
Add authentik to opentofu 2024-09-28 12:14:09 +00:00			`data "authentik_flow" "default_authorization_flow" {`
			`slug = "default-provider-authorization-implicit-consent"`
			`}`

			`data "authentik_property_mapping_provider_scope" "default_scopes" {`
			`managed_list = [`
			`"goauthentik.io/providers/oauth2/scope-email",`
			`"goauthentik.io/providers/oauth2/scope-openid",`
			`"goauthentik.io/providers/oauth2/scope-profile"`
			`]`
			`}`

			`resource "authentik_provider_oauth2" "service_providers" {`
Refactor output 2024-09-28 16:24:07 +00:00			`for_each = local.services_auth`
Add authentik to opentofu 2024-09-28 12:14:09 +00:00			`name = each.value.name`
			`client_type = "confidential"`
			`client_id = each.value.name`
			`authorization_flow = data.authentik_flow.default_authorization_flow.id`
			`redirect_uris = each.value.auth_redirects`
			`property_mappings = data.authentik_property_mapping_provider_scope.default_scopes.ids`
			`}`

			`resource "authentik_application" "service_applications" {`
Refactor output 2024-09-28 16:24:07 +00:00			`for_each = local.services_auth`
Add authentik to opentofu 2024-09-28 12:14:09 +00:00			`name = each.value.name`
			`slug = "${each.value.subdomain}-serguzim-me"`
			`protocol_provider = authentik_provider_oauth2.service_providers[each.key].id`
			`}`