version: 1
metadata:
  labels:
    blueprints.goauthentik.io/instantiate: "true"
  name: Custom Authentication Flow
context:
  welcome_message: {{ if eq (env "WELCOME_MESSAGE") "" }} "Welcome to authentik!" {{ else }} {{ env "WELCOME_MESSAGE" }} {{ end }}

entries:
### DEPENDENCIES
- model: authentik_blueprints.metaapplyblueprint
  attrs:
    identifiers:
      name: Recovery with email verification
    required: true

### FLOW
- model: authentik_flows.flow
  identifiers:
    slug: default-authentication-flow
  id: flow
  attrs:
    name: !Context welcome_message
    title: !Context welcome_message
### STAGES
- identifiers:
    name: default-authentication-identification
  model: authentik_stages_identification.identificationstage
  attrs:
    password_stage: !Find [authentik_stages_password.passwordstage, [name, default-authentication-password]]
    recovery_flow: !Find [authentik_flows.flow, [slug, default-recovery-flow]]
    user_fields:
    - email
    - username

- identifiers:
    name: default-authentication-login
  model: authentik_stages_user_login.userloginstage
  attrs:
    session_duration: days=30

# After the first run this will produce a RelatedObjectDoesNotExist error
- identifiers:
    order: 20
    stage: !Find [authentik_stages_password.passwordstage, [name, default-authentication-password]]
    target: !KeyOf flow
  model: authentik_flows.flowstagebinding
  state: absent