54 lines
1.6 KiB
YAML
54 lines
1.6 KiB
YAML
version: 1
|
|
metadata:
|
|
name: "Immich OAuth2 Provisioning"
|
|
labels:
|
|
app: immich
|
|
entries:
|
|
- model: authentik_providers_oauth2.oauth2provider
|
|
identifiers:
|
|
name: "Immich Provider"
|
|
attrs:
|
|
authorization_flow:
|
|
!Find [
|
|
authentik_flows.flow,
|
|
[slug, default-provider-authorization-implicit-consent],
|
|
]
|
|
authentication_flow:
|
|
!Find [authentik_flows.flow, [slug, default-authentication-flow]]
|
|
invalidation_flow:
|
|
!Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]]
|
|
client_type: "confidential"
|
|
client_id: "immich"
|
|
|
|
client_secret: !Env IMMICH_OAUTH_SECRET
|
|
access_code_validity: "minutes=5"
|
|
token_validity: "days=30"
|
|
signing_key:
|
|
!Find [
|
|
authentik_crypto.certificatekeypair,
|
|
[name, "authentik Self-signed Certificate"],
|
|
]
|
|
redirect_uris:
|
|
- url: "app.immich:///oauth-callback"
|
|
matching_mode: "strict"
|
|
- url: "https://@IMMICH_DOMAIN@/auth/login"
|
|
matching_mode: "regex"
|
|
- url: "https://@IMMICH_DOMAIN@/user-settings"
|
|
matching_mode: "regex"
|
|
property_mappings:
|
|
- !Find [authentik_core.propertymapping, [scope_name, "openid"]]
|
|
- !Find [authentik_core.propertymapping, [scope_name, "email"]]
|
|
- !Find [authentik_core.propertymapping, [scope_name, "profile"]]
|
|
|
|
- model: authentik_core.application
|
|
identifiers:
|
|
slug: "immich"
|
|
attrs:
|
|
name: "Immich"
|
|
launch_url: "@IMMICH_DOMAIN@"
|
|
provider:
|
|
!Find [
|
|
authentik_providers_oauth2.oauth2provider,
|
|
[name, "Immich Provider"],
|
|
]
|