data "authentik_flow" "default_authorization_flow" { slug = "default-provider-authorization-implicit-consent" } data "authentik_property_mapping_provider_scope" "default_scopes" { managed_list = [ "goauthentik.io/providers/oauth2/scope-email", "goauthentik.io/providers/oauth2/scope-openid", "goauthentik.io/providers/oauth2/scope-profile" ] } resource "authentik_provider_oauth2" "service_providers" { for_each = local.services_auth name = each.value.name client_type = "confidential" client_id = each.value.name authorization_flow = data.authentik_flow.default_authorization_flow.id redirect_uris = each.value.auth_redirects property_mappings = data.authentik_property_mapping_provider_scope.default_scopes.ids } resource "authentik_application" "service_applications" { for_each = local.services_auth name = each.value.name slug = "${each.value.subdomain}-serguzim-me" protocol_provider = authentik_provider_oauth2.service_providers[each.key].id }