authentik/nextcloud.yaml.tmpl

57 lines
1.7 KiB
Cheetah

version: 1
metadata:
labels:
blueprints.goauthentik.io/instantiate: "true"
name: Nextcloud
entries:
- attrs:
description: nextcloud
expression: 'return { "nextcloud_groups": [{"gid": group.name, "displayName":
group.name} for group in request.user.ak_groups.all()], }'
managed: null
scope_name: nextcloud
conditions: []
id: nextcloud_group_mapping
identifiers:
name: nextcloud
model: authentik_providers_oauth2.scopemapping
state: present
- attrs:
access_code_validity: minutes=1
authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
client_id: {{ secret "nextcloud_id" }}
client_secret: {{ secret "nextcloud_secret" }}
client_type: confidential
include_claims_in_id_token: true
issuer_mode: per_provider
name: Nextcloud
property_mappings:
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
- !KeyOf nextcloud_group_mapping
signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
sub_mode: user_username
token_validity: days=30
conditions: []
id: nextcloud_provider
identifiers:
pk: 9999
model: authentik_providers_oauth2.oauth2provider
state: present
- attrs:
meta_launch_url: https://{{ env "NEXTCLOUD_DOMAIN" }}
open_in_new_tab: true
policy_engine_mode: any
provider: !KeyOf nextcloud_provider
slug: nextcloud
conditions: []
id: nextcloud_application
identifiers:
name: Nextcloud
model: authentik_core.application
state: present