harkon/ai-tax-agent
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add full definitions for standard scopes in production blueprint
Some checks failed
CI/CD Pipeline / Security Scanning (ui-review) (push) Has been cancelled
Details
CI/CD Pipeline / Generate SBOM (push) Has been cancelled
Details
CI/CD Pipeline / Security Scanning (svc-kg) (push) Has been cancelled
Details
CI/CD Pipeline / Security Scanning (svc-rag-retriever) (push) Has been cancelled
Details
CI/CD Pipeline / Code Quality & Linting (push) Has been cancelled
Details
CI/CD Pipeline / Policy Validation (push) Has been cancelled
Details
CI/CD Pipeline / Test Suite (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-coverage) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-extract) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-firm-connectors) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-forms) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-hmrc) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-ingestion) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-kg) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-normalize-map) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-ocr) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-rag-indexer) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-rag-retriever) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-reason) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-rpa) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (ui-review) (push) Has been cancelled
Details
CI/CD Pipeline / Security Scanning (svc-coverage) (push) Has been cancelled
Details
CI/CD Pipeline / Security Scanning (svc-extract) (push) Has been cancelled
Details
CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
Details
CI/CD Pipeline / Deploy to Production (push) Has been cancelled
Details
CI/CD Pipeline / Notifications (push) Has been cancelled
Details

Browse Source
This commit is contained in:
harkon
2025-12-02 17:26:10 +02:00
parent a7a753e1f3
commit b9b1d8433d
1 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
infra/base/authentik/bootstrap-prod.yaml
View File

@@ -55,26 +55,60 @@ entries:
model: authentik_providers_oauth2.scopemapping model: authentik_providers_oauth2.scopemapping
identifiers: identifiers:
scope_name: openid scope_name: openid
attrs:
name: "openid"
expression: |
return {
"sub": user.uid,
"iss": request.build_absolute_uri("/"),
}
- id: scope_profile - id: scope_profile
model: authentik_providers_oauth2.scopemapping model: authentik_providers_oauth2.scopemapping
identifiers: identifiers:
scope_name: profile scope_name: profile
attrs:
name: "profile"
expression: |
return {
"name": user.name,
"given_name": user.name,
"preferred_username": user.username,
"nickname": user.username,
"groups": [group.name for group in request.user.ak_groups.all()]
}
- id: scope_email - id: scope_email
model: authentik_providers_oauth2.scopemapping model: authentik_providers_oauth2.scopemapping
identifiers: identifiers:
scope_name: email scope_name: email
attrs:
name: "email"
expression: |
return {
"email": user.email,
"email_verified": True
}
- id: scope_groups - id: scope_groups
model: authentik_providers_oauth2.scopemapping model: authentik_providers_oauth2.scopemapping
identifiers: identifiers:
scope_name: groups scope_name: groups
attrs:
name: "groups"
expression: |
return {
"groups": [group.name for group in request.user.ak_groups.all()]
}
- id: scope_offline - id: scope_offline
model: authentik_providers_oauth2.scopemapping model: authentik_providers_oauth2.scopemapping
identifiers: identifiers:
scope_name: offline_access scope_name: offline_access
attrs:
name: "offline_access"
expression: |
return {}
# Helper finders # Helper finders
- id: default_signing_key - id: default_signing_key