benschubert.infrastructure.authentik_propertymappings_scope_info module – Allows retrieving information about OAuth2 scopes from the Authentik API

Note

This module is part of the benschubert.infrastructure collection (version 0.0.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install benschubert.infrastructure.

To use it in a playbook, specify: benschubert.infrastructure.authentik_propertymappings_scope_info.

Synopsis

Parameters

Parameter

Comments

authentik_token

string / required

The token used to authenticate against the Authentik server

authentik_url

string / required

The URL at which to contact the Authentik server

ca_path

string

PEM formatted file that contains a CA certificate to be used for validation

scope_name

string / required

The name of the scope to retrieve

timeout

integer

The timeout to set when contacting the Authentik Server.

If your server is slow to respond, it might be necessary to bump this

Default: 10

validate_certs

boolean

If false, SSL certificates will not be validated.

This should only set to false used on personally controlled sites using self-signed certificates.

Choices:

  • false

  • true ← (default)

Examples

- name: Retrieve the profile scope
  benschubert.infrastructure.authentik_propertymappings_scope_info]:
    authentik_token: <my-secret-token>
    authentik_url: https://authentik.test/
    scope_name: profile

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

data

dictionary

The information returned by the Authentik API for the scope

Returned: always

Sample: {"component": "ak-property-mapping-scope-form", "description": "General Profile Information", "expression": "return {\n    # Because authentik only saves the user's full name, and has no concept of first and last names,\n    # the full name is used as given name.\n    # You can override this behaviour in custom mappings, i.e. `request.user.name.split(\" \")`\n    \"name\": request.user.name,\n    \"given_name\": request.user.name,\n    \"preferred_username\": request.user.username,\n    \"nickname\": request.user.username,\n    # groups is not part of the official userinfo schema, but is a quasi-standard\n    \"groups\": [group.name for group in request.user.ak_groups.all()],\n}", "managed": "goauthentik.io/providers/oauth2/scope-profile", "meta_model_name": "authentik_providers_oauth2.scopemapping", "name": "authentik default OAuth Mapping: OpenID 'profile'", "pk": "a993d657-6480-4933-a6ff-e21215251660", "scope_name": "profile", "verbose_name": "Scope Mapping", "verbose_name_plural": "Scope Mappings"}

msg

string

Information on what happen

Returned: always

Sample: "entry is up to date"

Authors

  • Benjamin Schubert (@benjaminschubert)