make it kinda work

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-05-29 14:29:30 +02:00
parent b25e68486a
commit 8dd4709981
8 changed files with 141 additions and 133 deletions
--- a/blueprints/testing/oidc-conformance.yaml
+++ b/blueprints/testing/oidc-conformance.yaml
@ -0,0 +1,91 @@
+version: 1
+metadata:
+  name: OpenID Conformance testing
+  labels:
+    blueprints.goauthentik.io/instantiate: "false"
+entries:
+  - identifiers:
+      managed: goauthentik.io/providers/oauth2/scope-address
+    model: authentik_providers_oauth2.scopemapping
+    attrs:
+      name: "authentik default OAuth Mapping: OpenID 'address'"
+      scope_name: address
+      description: "General Address Information"
+      expression: |
+        return {
+            "address": {
+                "formatted": "foo",
+            }
+        }
+  - identifiers:
+      managed: goauthentik.io/providers/oauth2/scope-phone
+    model: authentik_providers_oauth2.scopemapping
+    attrs:
+      name: "authentik default OAuth Mapping: OpenID 'phone'"
+      scope_name: phone
+      description: "General phone Information"
+      expression: |
+        return {
+            "phone_number": "+1234",
+            "phone_number_verified": True,
+        }
+
+  - model: authentik_providers_oauth2.oauth2provider
+    id: provider
+    identifiers:
+      name: oidc-conformance-1
+    attrs:
+      authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
+      invalidation_flow: !Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]]
+      issuer_mode: global
+      client_id: 4054d882aff59755f2f279968b97ce8806a926e1
+      client_secret: 4c7e4933009437fb486b5389d15b173109a0555dc47e0cc0949104f1925bcc6565351cb1dffd7e6818cf074f5bd50c210b565121a7328ee8bd40107fc4bbd867
+      redirect_uris:
+        - matching_mode: strict
+          url: https://localhost:8443/test/a/authentik/callback
+        - matching_mode: strict
+          url: https://10.120.20.76:8443/test/a/authentik/callback
+          # url: !Format [https://%s:8443/test/a/authentik/callback, !Context host_ip]
+      property_mappings:
+        - !Find [authentik_providers_oauth2.scopemapping, [managed, goauthentik.io/providers/oauth2/scope-openid]]
+        - !Find [authentik_providers_oauth2.scopemapping, [managed, goauthentik.io/providers/oauth2/scope-email]]
+        - !Find [authentik_providers_oauth2.scopemapping, [managed, goauthentik.io/providers/oauth2/scope-profile]]
+        - !Find [authentik_providers_oauth2.scopemapping, [managed, goauthentik.io/providers/oauth2/scope-address]]
+        - !Find [authentik_providers_oauth2.scopemapping, [managed, goauthentik.io/providers/oauth2/scope-phone]]
+      signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
+  - model: authentik_core.application
+    identifiers:
+      slug: conformance
+    attrs:
+      provider: !KeyOf provider
+      name: Conformance
+
+  - model: authentik_providers_oauth2.oauth2provider
+    id: oidc-conformance-2
+    identifiers:
+      name: oidc-conformance-2
+    attrs:
+      authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
+      invalidation_flow: !Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]]
+      issuer_mode: global
+      client_id: ad64aeaf1efe388ecf4d28fcc537e8de08bcae26
+      client_secret: ff2e34a5b04c99acaf7241e25a950e7f6134c86936923d8c698d8f38bd57647750d661069612c0ee55045e29fe06aa101804bdae38e8360647d595e771fea789
+      redirect_uris:
+        - matching_mode: strict
+          url: https://localhost:8443/test/a/authentik/callback
+        - matching_mode: strict
+          url: https://10.120.20.76:8443/test/a/authentik/callback
+          # url: !Format [https://%s:8443/test/a/authentik/callback, !Context host_ip]
+      property_mappings:
+        - !Find [authentik_providers_oauth2.scopemapping, [managed, goauthentik.io/providers/oauth2/scope-openid]]
+        - !Find [authentik_providers_oauth2.scopemapping, [managed, goauthentik.io/providers/oauth2/scope-email]]
+        - !Find [authentik_providers_oauth2.scopemapping, [managed, goauthentik.io/providers/oauth2/scope-profile]]
+        - !Find [authentik_providers_oauth2.scopemapping, [managed, goauthentik.io/providers/oauth2/scope-address]]
+        - !Find [authentik_providers_oauth2.scopemapping, [managed, goauthentik.io/providers/oauth2/scope-phone]]
+      signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
+  - model: authentik_core.application
+    identifiers:
+      slug: oidc-conformance-2
+    attrs:
+      provider: !KeyOf oidc-conformance-2
+      name: OIDC Conformance