56 lines
1.9 KiB
YAML
56 lines
1.9 KiB
YAML
version: 1
|
|
metadata:
|
|
name: "Homepage Dashboard - OIDC Provisioning"
|
|
labels:
|
|
blueprints.goauthentik.io/instantiate: "true"
|
|
|
|
entries:
|
|
# 1. Create the OIDC Scope Mapping for Groups
|
|
- model: authentik_providers_oauth2.scopemapping
|
|
identifiers:
|
|
slug: homepage-scope-groups
|
|
attrs:
|
|
name: "Homepage Custom Scope: Groups"
|
|
scope_name: "groups"
|
|
description: "Pass user groups array to Homepage for conditional element rendering"
|
|
expression: |
|
|
return {
|
|
"groups": [group.name for group in request.user.ak_groups.all()]
|
|
}
|
|
|
|
# 2. Create the OAuth2/OIDC Provider
|
|
- model: authentik_providers_oauth2.oauth2provider
|
|
identifiers:
|
|
slug: homepage-provider
|
|
attrs:
|
|
name: "Homepage Provider"
|
|
client_type: "confidential"
|
|
client_id: !Env AUTHENTIK_HOME_CID"
|
|
client_secret: !Env AUTHENTIK_HOME_CSEC"
|
|
authorization_flow:
|
|
!Find [authentik_flows.flow, [slug, default-authorization-flow]]
|
|
# Update this URI to match your dashboard's literal URL
|
|
redirect_uris:
|
|
- "https://@HOMEPAGE_DOMAIN@"
|
|
# Bind default OpenID scopes plus our custom groups scope
|
|
property_mappings:
|
|
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
|
|
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
|
|
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
|
|
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, group]]
|
|
|
|
# 3. Create the Application and link it to the Provider
|
|
- model: authentik_core.application
|
|
identifiers:
|
|
slug: homepage-dashboard
|
|
attrs:
|
|
name: "Homepage Dashboard"
|
|
slug: "homepage"
|
|
launch_url: "@HOMEPAGE_DOMAIN@"
|
|
provider:
|
|
!Find [
|
|
authentik_providers_oauth2.oauth2provider,
|
|
[name, Homepage Provider],
|
|
]
|
|
open_in_new_tab: false
|