fix

2026-05-31 15:45:57 +02:00
parent de61030066
commit eef8730851
4 changed files with 37 additions and 16 deletions
--- a/modules/server/containers/data/authentik/homepage.yaml
+++ b/modules/server/containers/data/authentik/homepage.yaml
@@ -8,12 +8,8 @@ entries:
  # 1. Create the OAuth2/OIDC Provider
  - model: authentik_providers_oauth2.oauth2provider
    identifiers:
-      slug: "homepage-provider"
-    attrs:
      name: "Homepage Provider"
-      client_type: "confidential"
-      client_id: !Env AUTHENTIK_HOME_CID"
-      client_secret: !Env AUTHENTIK_HOME_CSEC"
+    attrs:
      authorization_flow:
        !Find [
          authentik_flows.flow,
@@ -23,15 +19,36 @@ entries:
        !Find [authentik_flows.flow, [slug, default-authentication-flow]]
      invalidation_flow:
        !Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]]
-      # Update this URI to match your dashboard's literal URL
+      client_type: "confidential"
+      client_id: "homepage"
+
+      client_secret: !Env HOMEPAGE_VAR_OAUTH_SECRET
+      access_code_validity: "minutes=5"
+      token_validity: "days=30"
      redirect_uris:
        - "https://@HOMEPAGE_DOMAIN@"
-      # Bind default OpenID scopes plus our custom groups scope
+      signing_key:
+        !Find [
+          authentik_crypto.certificatekeypair,
+          [name, "authentik Self-signed Certificate"],
+        ]
      property_mappings:
-        - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
-        - !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
-        - !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
-        - !Find [authentik_providers_oauth2.scopemapping, [scope_name, group]]
+        - !Find [
+            authentik_providers_oauth2.scopemapping,
+            [name, "authentik default OAuth Mapping: OpenID 'openid'"],
+          ]
+        - !Find [
+            authentik_providers_oauth2.scopemapping,
+            [name, "authentik default OAuth Mapping: OpenID 'email'"],
+          ]
+        - !Find [
+            authentik_providers_oauth2.scopemapping,
+            [name, "authentik default OAuth Mapping: OpenID 'profile'"],
+          ]
+        - !Find [
+            authentik_providers_oauth2.scopemapping,
+            [name, "authentik default OAuth Mapping: OpenID 'group'"],
+          ]

  # 2. Create the Application and link it to the Provider
  - model: authentik_core.application