home-server/ansible/roles/noble_authentik/files/resolve_oauth_flow_pks.py

# Run inside the Authentik worker image: `ak shell -c "exec(open('/tmp/...').read())"`.
# Prints two lines: authorization flow UUID, invalidation flow UUID (for configure_authentik.py).
from authentik.flows.models import Flow


def _pk(slug: str) -> str:
    return str(Flow.objects.get(slug=slug).pk)


def main() -> None:
    auth = _pk("default-provider-authorization-implicit-consent")
    inv_slug = None
    for candidate in ("default-invalidation-flow", "default-provider-invalidation-flow"):
        if Flow.objects.filter(slug=candidate).exists():
            inv_slug = candidate
            break
    if not inv_slug:
        raise SystemExit("no default invalidation flow (expected one of: default-invalidation-flow, default-provider-invalidation-flow)")
    print(auth)
    print(_pk(inv_slug))


main()