Update authentik provider

2025-04-15 19:57:50 +02:00 · 2025-04-15 19:57:50 +02:00 · dcddb46d63
commit dcddb46d63
parent 776375ace8
4 changed files with 61 additions and 53 deletions
--- a/modules/services/authentik.tf
+++ b/modules/services/authentik.tf
@ -1,6 +1,10 @@
 data "authentik_flow" "default_authorization_flow" {
  slug = "default-provider-authorization-implicit-consent"
 }
+data "authentik_flow" "default_invalidation_flow" {
+  slug = "default-provider-invalidation-flow"
+}
+

 data "authentik_certificate_key_pair" "ecdsa" {
  name = "auth.serguzim.me"
@ -52,12 +56,16 @@ resource "authentik_group" "minio_users" {


 resource "authentik_provider_oauth2" "service_providers" {
-  for_each           = local.services_auth
-  name               = each.key
-  client_type        = "confidential"
-  client_id          = each.key
-  authorization_flow = data.authentik_flow.default_authorization_flow.id
-  redirect_uris      = each.value.auth_redirects
+  for_each              = local.services_auth
+  name                  = each.key
+  client_type           = "confidential"
+  client_id             = each.key
+  authorization_flow    = data.authentik_flow.default_authorization_flow.id
+  invalidation_flow     = data.authentik_flow.default_invalidation_flow.id
+  allowed_redirect_uris = [for redir in each.value.auth_redirects : {
+      matching_mode = "strict",
+      url           = redir,
+  }]
  property_mappings  = flatten([
      data.authentik_property_mapping_provider_scope.default_scopes.ids,
      each.key == "minio" ? [authentik_property_mapping_provider_scope.minio.id] : []
--- a/modules/services/main.tf
+++ b/modules/services/main.tf
@ -2,7 +2,7 @@ terraform {
  required_providers {
    authentik = {
      source = "goauthentik/authentik"
-      version = "~> 2024.8.0"
+      version = "~> 2025.2.0"
    }
    mailcow = {
      source = "l-with/mailcow"