version: 1
metadata:
  labels:
    blueprints.goauthentik.io/instantiate: "true"
  name: Nextcloud

entries:
- attrs:
    description: nextcloud
    expression: 'return { "nextcloud_groups": [{"gid": group.name, "displayName":
      group.name} for group in request.user.ak_groups.all()], }'
    managed: null
    scope_name: nextcloud
  conditions: []
  id: nextcloud_group_mapping
  identifiers:
    name: nextcloud
  model: authentik_providers_oauth2.scopemapping
  state: present

- attrs:
    access_code_validity: minutes=1
    authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
    client_id: {{ secret  "nextcloud_id" }}
    client_secret: {{ secret  "nextcloud_secret" }}
    client_type: confidential
    include_claims_in_id_token: true
    issuer_mode: per_provider
    name: Nextcloud
    property_mappings:
    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
    - !KeyOf nextcloud_group_mapping
    signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
    sub_mode: user_username
    token_validity: days=30
  conditions: []
  id: nextcloud_provider
  identifiers:
    pk: 9999
  model: authentik_providers_oauth2.oauth2provider
  state: present

- attrs:
    meta_launch_url: https://{{ env  "NEXTCLOUD_DOMAIN" }}
    open_in_new_tab: true
    policy_engine_mode: any
    provider: !KeyOf nextcloud_provider
    slug: nextcloud
  conditions: []
  id: nextcloud_application
  identifiers:
    name: Nextcloud
  model: authentik_core.application
  state: present