46 lines
1.2 KiB
Cheetah
46 lines
1.2 KiB
Cheetah
version: 1
|
|
metadata:
|
|
labels:
|
|
blueprints.goauthentik.io/instantiate: "true"
|
|
name: Custom Invalidation Flow
|
|
entries:
|
|
### DEPENDENCIES
|
|
- model: authentik_blueprints.metaapplyblueprint
|
|
attrs:
|
|
identifiers:
|
|
name: Default - Invalidation flow
|
|
required: true
|
|
|
|
### STAGE BINDINGS
|
|
|
|
# This is specified only for setting an id (this stagebinding does not have an identifier)
|
|
- identifiers:
|
|
order: 0
|
|
stage: !Find [authentik_stages_user_logout.userlogoutstage, [name, default-invalidation-logout]]
|
|
target: !Find [authentik_flows.flow, [slug, default-invalidation-flow]]
|
|
model: authentik_flows.flowstagebinding
|
|
attrs:
|
|
re_evaluate_policies: true
|
|
id: logout-stage-binding
|
|
|
|
### POLICIES
|
|
- attrs:
|
|
execution_logging: true
|
|
expression: 'context[''flow_plan''].context[''redirect''] = ''{{ env "LOGOUT_REDIRECT" }}''
|
|
|
|
return True'
|
|
identifiers:
|
|
name: redirect-policy
|
|
id: redirect-policy
|
|
model: authentik_policies_expression.expressionpolicy
|
|
|
|
### POLICY BINDINGS
|
|
- identifiers:
|
|
policy: !KeyOf redirect-policy
|
|
target: !KeyOf logout-stage-binding
|
|
order: 0
|
|
model: authentik_policies.policybinding
|
|
attrs:
|
|
enabled: {{ if eq (env "LOGOUT_REDIRECT") "" }} false {{ else }} true {{ end }}
|
|
timeout: 30
|