feat: add invalidation_flow to the tofu authentik providers

tofu/modules/authentik-oidc/main.tf

@@ -26,20 +26,25 @@ data "authentik_property_mapping_provider_scope" "default-scopes" {
   ], var.extra_property_mappings)
 }
 
+data "authentik_flow" "default-provider-invalidation-flow" {
+  slug = "default-provider-invalidation-flow "
+}
 
 resource "authentik_provider_oauth2" "provider_oidc" {
-  name                  = var.app_name
-  client_id             = var.client_id
-  client_secret         = var.client_secret
-  client_type           = var.client_type
-  authorization_flow    = data.authentik_flow.default-authorization-flow.id
-  authentication_flow   = data.authentik_flow.default-authentication-flow.id
-  redirect_uris         = var.redirect_uris
-  property_mappings     = data.authentik_property_mapping_provider_scope.default-scopes.ids
-  sub_mode              = var.sub_mode
-  signing_key           = var.oidc_signing_key
-  access_code_validity  = var.access_code_validity
-  access_token_validity = var.access_token_validity
+  name                   = var.app_name
+  client_id              = var.client_id
+  client_secret          = var.client_secret
+  client_type            = var.client_type
+  authorization_flow     = data.authentik_flow.default-authorization-flow.id
+  authentication_flow    = data.authentik_flow.default-authentication-flow.id
+  redirect_uris          = var.redirect_uris
+  property_mappings      = data.authentik_property_mapping_provider_scope.default-scopes.ids
+  sub_mode               = var.sub_mode
+  signing_key            = var.oidc_signing_key
+  access_code_validity   = var.access_code_validity
+  access_token_validity  = var.access_token_validity
+  refresh_token_validity = var.refresh_token_validity
+  invalidation_flow      = data.authentik_flow.default-provider-invalidation-flow.id
 }
 
 

tofu/modules/authentik-oidc/vars.tf

@@ -90,6 +90,11 @@ variable "access_token_validity" {
   default = "minutes=10"
 }
 
+variable "refresh_token_validity" {
+  type    = string
+  default = "days=30"
+}
+
 variable "extra_property_mappings" {
   type    = list(string)
   default = []

tofu/modules/authentik-proxy/main.tf

@@ -16,6 +16,9 @@ data "authentik_flow" "default-authentication-flow" {
   slug = "default-authentication-flow"
 }
 
+data "authentik_flow" "default-provider-invalidation-flow" {
+  slug = "default-provider-invalidation-flow "
+}
 
 resource "authentik_provider_proxy" "provider_proxy" {
   authorization_flow           = data.authentik_flow.default-authorization-flow.id
@@ -24,6 +27,7 @@ resource "authentik_provider_proxy" "provider_proxy" {
   internal_host                = var.internal_host
   name                         = var.app_name
   internal_host_ssl_validation = var.internal_host_ssl_validation
+  invalidation_flow            = data.authentik_flow.default-provider-invalidation-flow.id
 }