home-server/ansible/roles/noble_authentik/templates/authentik-worker-oidc-spec.json.j2

{
  "authorization_flow": {{ noble_authentik_oauth_authorization_flow_pk | trim | to_json }},
  "invalidation_flow": {{ noble_authentik_oauth_invalidation_flow_pk | trim | to_json }},
  "signing_key": {{ noble_authentik_oauth_signing_key_pk | trim | to_json }},
  "property_mappings": {{ (noble_authentik_oauth_scope_mapping_pks | default('')).split(',') | map('trim') | reject('equalto', '') | list | to_json }},
  "clients": {
    "argocd": {
      "name": "Argo CD",
      "client_id": {{ noble_authentik_client_id_argocd | to_json }},
      "client_secret": {{ noble_authentik_client_secret_argocd | to_json }},
      "redirect_uri": "https://argo.apps.noble.lab.pcenicni.dev/auth/callback"
    },
    "grafana": {
      "name": "Grafana",
      "client_id": {{ noble_authentik_client_id_grafana | to_json }},
      "client_secret": {{ noble_authentik_client_secret_grafana | to_json }},
      "redirect_uri": "https://grafana.apps.noble.lab.pcenicni.dev/login/generic_oauth"
    },
    "headlamp": {
      "name": "Headlamp",
      "client_id": {{ noble_authentik_client_id_headlamp | to_json }},
      "client_secret": {{ noble_authentik_client_secret_headlamp | to_json }},
      "redirect_uri": "https://headlamp.apps.noble.lab.pcenicni.dev/oidc-callback"
    },
    "oauth2-proxy": {
      "name": "oauth2-proxy (ForwardAuth)",
      "client_id": {{ noble_authentik_client_id_oauth2_proxy | to_json }},
      "client_secret": {{ noble_authentik_client_secret_oauth2_proxy | to_json }},
      "redirect_uri": "https://{{ noble_authentik_oauth2_proxy_host }}/oauth2/callback"
    }
  }
}