fix

modules/server/containers/data/authentik/homepage.yaml

@@ -8,12 +8,8 @@ entries:
   # 1. Create the OAuth2/OIDC Provider
   - model: authentik_providers_oauth2.oauth2provider
     identifiers:
-      slug: "homepage-provider"
-    attrs:
       name: "Homepage Provider"
-      client_type: "confidential"
-      client_id: !Env AUTHENTIK_HOME_CID"
-      client_secret: !Env AUTHENTIK_HOME_CSEC"
+    attrs:
       authorization_flow:
         !Find [
           authentik_flows.flow,
@@ -23,15 +19,36 @@ entries:
         !Find [authentik_flows.flow, [slug, default-authentication-flow]]
       invalidation_flow:
         !Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]]
-      # Update this URI to match your dashboard's literal URL
+      client_type: "confidential"
+      client_id: "homepage"
+
+      client_secret: !Env HOMEPAGE_VAR_OAUTH_SECRET
+      access_code_validity: "minutes=5"
+      token_validity: "days=30"
       redirect_uris:
         - "https://@HOMEPAGE_DOMAIN@"
-      # Bind default OpenID scopes plus our custom groups scope
+      signing_key:
+        !Find [
+          authentik_crypto.certificatekeypair,
+          [name, "authentik Self-signed Certificate"],
+        ]
       property_mappings:
-        - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
-        - !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
-        - !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
-        - !Find [authentik_providers_oauth2.scopemapping, [scope_name, group]]
+        - !Find [
+            authentik_providers_oauth2.scopemapping,
+            [name, "authentik default OAuth Mapping: OpenID 'openid'"],
+          ]
+        - !Find [
+            authentik_providers_oauth2.scopemapping,
+            [name, "authentik default OAuth Mapping: OpenID 'email'"],
+          ]
+        - !Find [
+            authentik_providers_oauth2.scopemapping,
+            [name, "authentik default OAuth Mapping: OpenID 'profile'"],
+          ]
+        - !Find [
+            authentik_providers_oauth2.scopemapping,
+            [name, "authentik default OAuth Mapping: OpenID 'group'"],
+          ]
 
   # 2. Create the Application and link it to the Provider
   - model: authentik_core.application

modules/server/containers/data/authentik/immich.yaml

@@ -48,6 +48,10 @@ entries:
             authentik_providers_oauth2.scopemapping,
             [name, "authentik default OAuth Mapping: OpenID 'profile'"],
           ]
+        - !Find [
+            authentik_providers_oauth2.scopemapping,
+            [name, "authentik default OAuth Mapping: OpenID 'group'"],
+          ]
 
   - model: authentik_core.application
     identifiers: