UltiSuite/ultisuite-backend
UltiSuite/ultisuite-backend
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
525edb188a
ultisuite-backend/deploy/authentik/blueprints/ulti-oidc.yaml.template
R3D347HR4Y 125169edee
Some checks are pending
CI / Go tests (push) Waiting to run
Details
CI / Integration tests (push) Waiting to run
Details
CI / DB migrations (push) Waiting to run
Details
feat(deploy): update .env.example and Authentik blueprints for improved configuration 
- Enhanced .env.example with new variables for PUBLIC_HOST, SECURE, and SUITE_ORIGIN to streamline environment setup.
- Updated Authentik blueprints to utilize the new configuration variables for redirect URIs and launch URLs.
- Introduced a new script to render Authentik blueprint templates dynamically based on environment variables.
- Modified docker-compose files to reference the updated environment variables for better maintainability.
- Improved expose.sh script to derive public URLs from the new configuration, ensuring consistency across deployments.
2026-06-18 08:14:02 +02:00

51 lines
2.0 KiB
Plaintext
Raw Blame History

# Authentik blueprint — Ultimail OIDC (auto-applied on worker startup)
# Generated from ulti-oidc.yaml.template — edit template, not this file directly.
# Client secret must match ULTID_OIDC_CLIENT_SECRET in .env
version: 1
metadata:
name: Ultimail OIDC
labels:
blueprints.goauthentik.io/instantiate: "true"
entries:
- model: authentik_providers_oauth2.oauth2provider
id: ulti-oauth-provider
identifiers:
name: ulti-backend-provider
attrs:
name: ulti-backend-provider
authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
invalidation_flow: !Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]]
access_token_validity: "hours=1"
refresh_token_validity: "days=365"
property_mappings:
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, offline_access]]
client_type: confidential
client_id: ulti-backend
client_secret: changeme
redirect_uris:
- matching_mode: strict
url: {{SUITE_ORIGIN}}/api/auth/callback
- matching_mode: strict
url: http://localhost/api/auth/callback
- matching_mode: strict
url: http://127.0.0.1/api/auth/callback
- matching_mode: strict
url: http://localhost:3004/api/auth/callback
- matching_mode: strict
url: http://127.0.0.1:3004/api/auth/callback
signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
- model: authentik_core.application
identifiers:
slug: ulti
attrs:
name: Ultimail
slug: ulti
group: Ulti Suite
provider: !KeyOf ulti-oauth-provider
meta_launch_url: {{SUITE_ORIGIN}}/mail/inbox
policy_engine_mode: any
Reference in New Issue View Git Blame Copy Permalink