diff --git a/modules/server/containers/data/authentik/homepage.yaml b/modules/server/containers/data/authentik/homepage.yaml index 4b6807f..169a72a 100644 --- a/modules/server/containers/data/authentik/homepage.yaml +++ b/modules/server/containers/data/authentik/homepage.yaml @@ -5,6 +5,16 @@ metadata: app: immich entries: + - model: authentik_providers_oauth2.scopemapping + identifiers: + name: "Homepage Custom Scope: Groups" + attrs: + scope_name: "groups" + description: "Pass user groups array to Homepage for conditional element rendering" + expression: | + return { + "groups": [group.name for group in request.user.ak_groups.all()] + } # 1. Create the OAuth2/OIDC Provider - model: authentik_providers_oauth2.oauth2provider identifiers: @@ -21,7 +31,6 @@ entries: !Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]] client_type: "confidential" client_id: "homepage" - client_secret: !Env HOMEPAGE_VAR_OAUTH_SECRET access_code_validity: "minutes=5" token_validity: "days=30" @@ -47,7 +56,7 @@ entries: ] - !Find [ authentik_providers_oauth2.scopemapping, - [name, "authentik default OAuth Mapping: OpenID 'group'"], + [name, "Homepage Custom Scope: Groups"], ] # 2. Create the Application and link it to the Provider diff --git a/modules/server/containers/data/authentik/immich.yaml b/modules/server/containers/data/authentik/immich.yaml index d0d9069..1e5e552 100644 --- a/modules/server/containers/data/authentik/immich.yaml +++ b/modules/server/containers/data/authentik/immich.yaml @@ -48,10 +48,6 @@ entries: authentik_providers_oauth2.scopemapping, [name, "authentik default OAuth Mapping: OpenID 'profile'"], ] - - !Find [ - authentik_providers_oauth2.scopemapping, - [name, "authentik default OAuth Mapping: OpenID 'group'"], - ] - model: authentik_core.application identifiers: