version: 1 metadata: labels: blueprints.goauthentik.io/instantiate: "true" name: hedgedoc entries: - attrs: access_code_validity: minutes=1 authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]] client_id: {{ secret "hedgedoc_id" }} client_secret: {{ secret "hedgedoc_secret" }} client_type: confidential include_claims_in_id_token: true issuer_mode: per_provider name: Hedgedoc property_mappings: - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]] - !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]] - !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]] signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]] sub_mode: hashed_user_id token_validity: days=30 conditions: [] id: hedgedoc_provider identifiers: pk: 9992 model: authentik_providers_oauth2.oauth2provider state: present - attrs: meta_launch_url: https://{{ env "HEDGEDOC_DOMAIN" }} open_in_new_tab: true policy_engine_mode: any provider: !KeyOf hedgedoc_provider slug: hedgedoc conditions: [] id: hedgedoc_application identifiers: name: Hedgedoc model: authentik_core.application state: present