fix

2026-05-31 14:21:50 +02:00
parent cdfdb24910
commit fcf923f068
3 changed files with 65 additions and 3 deletions
--- a/modules/server/containers/data/authentik/homepage.yaml
+++ b/modules/server/containers/data/authentik/homepage.yaml
@@ -0,0 +1,58 @@
+version: 1
+metadata:
+  name: "Homepage Dashboard - OIDC Provisioning"
+  labels:
+    blueprints.goauthentik.io/instantiate: "true"
+
+entries:
+  # 1. Create the OIDC Scope Mapping for Groups
+  - model: authentik_providers_oauth2.scopemapping
+    identifiers:
+      slug: homepage-scope-groups
+    attrs:
+      name: "Homepage Custom Scope: Groups"
+      scope_name: "groups"
+      description: "Pass user groups array to Homepage for conditional element rendering"
+      expression: |
+        return {
+            "groups": [group.name for group in request.user.ak_groups.all()]
+        }
+
+  # 2. Create the OAuth2/OIDC Provider
+  - model: authentik_providers_oauth2.oauth2provider
+    identifiers:
+      slug: homepage-provider
+    attrs:
+      name: "Homepage Dashboard Provider"
+      client_type: "confidential"
+      client_id: !Env HOMEPAGE_CLIENT_ID"
+      client_secret: !Env HOMEPAGE_CLIENT_SECRET"
+      authorization_flow:
+        !Find [authentik_flows.flow, [slug, default-authorization-flow]]
+      # Update this URI to match your dashboard's literal URL
+      redirect_uris:
+        - "https://@HOMEPAGE_DOMAIN@"
+      # Bind default OpenID scopes plus our custom groups scope
+      property_mappings:
+        - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
+        - !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
+        - !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
+        - !Find [
+            authentik_providers_oauth2.scopemapping,
+            [slug, homepage-scope-groups],
+          ]
+
+  # 3. Create the Application and link it to the Provider
+  - model: authentik_core.application
+    identifiers:
+      slug: homepage-dashboard
+    attrs:
+      name: "Homepage Dashboard"
+      slug: "homepage"
+      launch_url: "@HOMEPAGE_DOMAIN@"
+      provider:
+        !Find [
+          authentik_providers_oauth2.oauth2provider,
+          [slug, homepage-provider],
+        ]
+      open_in_new_tab: false