41 lines
1.5 KiB
YAML
41 lines
1.5 KiB
YAML
# Authentik blueprint — Nextcloud OIDC (when NEXTCLOUD_ENABLED=true)
|
|
# Client secret must match NC_OIDC_CLIENT_SECRET in .env
|
|
version: 1
|
|
metadata:
|
|
name: Nextcloud OIDC
|
|
labels:
|
|
blueprints.goauthentik.io/instantiate: "true"
|
|
entries:
|
|
- model: authentik_providers_oauth2.oauth2provider
|
|
id: nc-oauth-provider
|
|
identifiers:
|
|
name: ulti-nextcloud-provider
|
|
attrs:
|
|
name: ulti-nextcloud-provider
|
|
authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
|
|
invalidation_flow: !Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]]
|
|
property_mappings:
|
|
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
|
|
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
|
|
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
|
|
client_type: confidential
|
|
client_id: ulti-nextcloud
|
|
client_secret: changeme
|
|
redirect_uris:
|
|
- matching_mode: strict
|
|
url: http://localhost/cloud/apps/user_oidc/code
|
|
- matching_mode: strict
|
|
url: http://127.0.0.1/cloud/apps/user_oidc/code
|
|
signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
|
|
|
|
- model: authentik_core.application
|
|
identifiers:
|
|
slug: nextcloud
|
|
attrs:
|
|
name: Nextcloud
|
|
slug: nextcloud
|
|
group: Ulti Suite
|
|
provider: !KeyOf nc-oauth-provider
|
|
meta_launch_url: http://localhost/cloud/
|
|
policy_engine_mode: any
|