data "authentik_flow" "default_authorization_flow" {
  slug = "default-provider-authorization-implicit-consent"
}

data "authentik_flow" "default_authentication_flow" {
  slug = "default-authentication-flow"
}


data "authentik_scope_mapping" "wekan" {
  managed_list = [
    "goauthentik.io/providers/oauth2/scope-email",
    "goauthentik.io/providers/oauth2/scope-openid",
    "goauthentik.io/providers/oauth2/scope-profile"
  ]
}


resource "authentik_provider_oauth2" "wekan" {
  name               = "Wekan"
  client_id          = var.secrets.authentik_client_id
  client_secret      = var.secrets.authentik_client_secret
  authorization_flow = data.authentik_flow.default_authorization_flow.id
  authentication_flow = data.authentik_flow.default_authentication_flow.id
  redirect_uris = [
    "https://kanban.chaoswest.tv/_oauth/oidc"
  ]
  sub_mode = "user_username"
  property_mappings = data.authentik_scope_mapping.wekan.ids
}

resource "authentik_application" "wekan" {
  name              = "Wekan"
  slug              = "wekan"
  protocol_provider = authentik_provider_oauth2.wekan.id
}