Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scope Mapping has stopped being added/updated through the Blueprint. #12565

Open
Scylin232 opened this issue Jan 5, 2025 · 1 comment
Open

Scope Mapping has stopped being added/updated through the Blueprint. #12565

Scylin232 opened this issue Jan 5, 2025 · 1 comment
Labels
bug Something isn't working

Comments

@Scylin232
Copy link

Scylin232 commented Jan 5, 2025
edited
Loading

For unknown reasons, Scope Mapping has stopped adding/updating itself during initialization through a Blueprint file.

Example:

version: 1
metadata:
  name: "Init - TestService - Applications & OIDC"
entries:
  # Scopes
  - identifiers:
      managed: goauthentik.io/providers/oauth2/scope-openid
    model: authentik_providers_oauth2.scopemapping
    attrs:
      name: "TestService default OAuth Mapping: OpenID 'openid'"
      scope_name: openid
      expression: |
        # This scope is required by the OpenID spec and must exist in authentik.
        # The scope by itself does not grant any information
        return {}
  - identifiers:
      managed: goauthentik.io/providers/oauth2/scope-email
    model: authentik_providers_oauth2.scopemapping
    attrs:
      name: "TestService default OAuth Mapping: OpenID 'email'"
      scope_name: email
      description: "Email address"
      expression: |
        return {
            "email": request.user.email,
            "email_verified": True
        }
  - identifiers:
      managed: goauthentik.io/providers/oauth2/scope-profile
    model: authentik_providers_oauth2.scopemapping
    attrs:
      name: "TestService default OAuth Mapping: OpenID 'profile'"
      scope_name: profile
      description: "General Profile Information"
      expression: |
        return {
            # Since authentik only saves the user's full name and has no concept of first and last names,
            # the full name is used as the given name.
            # You can override this behavior in custom mappings, e.g., `request.user.name.split(" ")`
            "name": request.user.name,
            "given_name": request.user.name,
            "preferred_username": request.user.username,
            "nickname": request.user.username,
            "groups": [group.name for group in request.user.ak_groups.all()],
        }
  # ETC...

As you can see, this is the official template with the name changed, which I made solely for testing purposes. My custom files also don’t work—neither editing existing mappings nor creating new ones. My file also contained groups and providers, which were added, meaning that the file was processed.

If I click the "Run Blueprint" button manually in the dashboard, everything works perfectly.

Environment: Docker Compose (Developer Configuration)
Version: 2024.12.1
@Scylin232 Scylin232 added the bug Something isn't working label Jan 5, 2025
@rissson
Copy link
Member

rissson commented Jan 6, 2025

I would recommend not setting the managed field. If you need to override the default blueprints, then do so by mounting a file over them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rissson @Scylin232