From 1780efeea299469e2504331283551db7b1a4364c Mon Sep 17 00:00:00 2001 From: Joey Yakimowich-Payne Date: Thu, 15 Jan 2026 16:59:48 -0700 Subject: [PATCH] Update compose --- .../kaboot-setup-production.yaml.example | 164 ++++++++++++++++++ authentik/blueprints/kaboot-setup.yaml | 16 ++ 2 files changed, 180 insertions(+) diff --git a/authentik/blueprints/kaboot-setup-production.yaml.example b/authentik/blueprints/kaboot-setup-production.yaml.example index 3568792..8a6e1dd 100644 --- a/authentik/blueprints/kaboot-setup-production.yaml.example +++ b/authentik/blueprints/kaboot-setup-production.yaml.example @@ -22,6 +22,147 @@ context: auth_domain: auth.example.com entries: + # ═══════════════════════════════════════════════════════════════════════════════ + # BRANDING + # ═══════════════════════════════════════════════════════════════════════════════ + + - id: kaboot-brand + model: authentik_brands.brand + identifiers: + domain: !Context auth_domain + attrs: + domain: !Context auth_domain + default: false + branding_title: Kaboot + branding_logo: /media/branding/logo.svg + branding_favicon: /media/branding/logo.svg + flow_authentication: !Find [authentik_flows.flow, [slug, default-authentication-flow]] + flow_invalidation: !Find [authentik_flows.flow, [slug, default-invalidation-flow]] + flow_user_settings: !Find [authentik_flows.flow, [slug, default-user-settings-flow]] + attributes: + settings: + theme: + base: light + css: | + :root { + --ak-accent: #2563eb; + --ak-primary: #2563eb; + --ak-primary-dark: #1e40af; + --ak-primary-light: #60a5fa; + --ak-error: #ef4444; + --ak-success: #22c55e; + --pf-global--FontFamily--sans-serif: "Inter", system-ui, -apple-system, sans-serif; + } + body { + background-color: #2563eb !important; + } + .pf-c-login__main { + background-color: #ffffff !important; + border-radius: 2rem !important; + box-shadow: 0 10px 0 rgba(0,0,0,0.1) !important; + padding: 3rem !important; + max-width: 500px !important; + margin: 0 auto; + } + .pf-c-form-control { + border: 2px solid #e5e7eb !important; + border-radius: 1rem !important; + padding: 0.75rem 1rem !important; + font-weight: 600 !important; + color: #333 !important; + font-size: 1rem !important; + box-shadow: none !important; + transition: all 0.2s ease !important; + } + .pf-c-form-control:focus { + border-color: #2563eb !important; + outline: none !important; + } + .pf-c-button.pf-m-primary { + background-color: #333333 !important; + color: #ffffff !important; + border: none !important; + border-radius: 1rem !important; + padding: 0.75rem 1.5rem !important; + font-weight: 800 !important; + font-size: 1.1rem !important; + box-shadow: 0 6px 0 #000000 !important; + transform: translateY(0) !important; + transition: all 0.1s ease !important; + text-transform: uppercase !important; + letter-spacing: 0.05em !important; + } + .pf-c-button.pf-m-primary:hover { + background-color: #1a1a1a !important; + } + .pf-c-button.pf-m-primary:active { + transform: translateY(6px) !important; + box-shadow: none !important; + } + .pf-c-button.pf-m-secondary, .pf-c-button.pf-m-link { + color: #2563eb !important; + font-weight: 600 !important; + } + .pf-c-title { + font-weight: 900 !important; + color: #111827 !important; + text-align: center !important; + margin-bottom: 1.5rem !important; + } + .pf-c-brand { + filter: drop-shadow(0 4px 6px rgba(0,0,0,0.1)); + } + .pf-c-alert { + border-radius: 1rem !important; + border: 2px solid transparent !important; + box-shadow: 0 4px 0 rgba(0,0,0,0.05) !important; + } + .pf-c-alert.pf-m-danger { + background-color: #fef2f2 !important; + border-color: #fca5a5 !important; + color: #991b1b !important; + } + .pf-c-login__main-footer-links-item-link { + color: #6b7280 !important; + font-weight: 500 !important; + } + .pf-c-background-image { + display: none !important; + } + + # ═══════════════════════════════════════════════════════════════════════════════ + # FLOW BACKGROUNDS + # ═══════════════════════════════════════════════════════════════════════════════ + + - id: update-authentication-flow-background + model: authentik_flows.flow + identifiers: + slug: default-authentication-flow + attrs: + title: Welcome to Kaboot! + background: /media/branding/background.svg + + - id: update-invalidation-flow-background + model: authentik_flows.flow + identifiers: + slug: default-invalidation-flow + attrs: + background: /media/branding/background.svg + + - id: update-authorization-flow-background + model: authentik_flows.flow + identifiers: + slug: default-provider-authorization-implicit-consent + attrs: + background: /media/branding/background.svg + + - id: update-enrollment-flow-background + model: authentik_flows.flow + identifiers: + slug: enrollment-flow + attrs: + background: /media/branding/background.svg + # ═══════════════════════════════════════════════════════════════════════════════ # GROUPS # ═══════════════════════════════════════════════════════════════════════════════ @@ -33,6 +174,28 @@ entries: attrs: name: kaboot-users + - id: kaboot-ai-access-group + model: authentik_core.group + identifiers: + name: kaboot-ai-access + attrs: + name: kaboot-ai-access + + # ═══════════════════════════════════════════════════════════════════════════════ + # GROUPS SCOPE MAPPING + # ═══════════════════════════════════════════════════════════════════════════════ + + - id: groups-scope-mapping + model: authentik_providers_oauth2.scopemapping + identifiers: + managed: goauthentik.io/providers/oauth2/scope-kaboot-groups + attrs: + name: "Kaboot Groups Scope" + scope_name: groups + description: "Include user groups in the token" + expression: | + return [group.name for group in user.ak_groups.all()] + # ═══════════════════════════════════════════════════════════════════════════════ # OAUTH2/OIDC PROVIDER # ═══════════════════════════════════════════════════════════════════════════════ @@ -65,6 +228,7 @@ entries: - !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]] - !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]] - !Find [authentik_providers_oauth2.scopemapping, [scope_name, offline_access]] + - !KeyOf groups-scope-mapping # ═══════════════════════════════════════════════════════════════════════════════ # APPLICATION diff --git a/authentik/blueprints/kaboot-setup.yaml b/authentik/blueprints/kaboot-setup.yaml index c7510c2..f8ae485 100644 --- a/authentik/blueprints/kaboot-setup.yaml +++ b/authentik/blueprints/kaboot-setup.yaml @@ -203,6 +203,21 @@ entries: attrs: name: kaboot-ai-access + # ═══════════════════════════════════════════════════════════════════════════════ + # GROUPS SCOPE MAPPING + # ═══════════════════════════════════════════════════════════════════════════════ + + - id: groups-scope-mapping + model: authentik_providers_oauth2.scopemapping + identifiers: + managed: goauthentik.io/providers/oauth2/scope-kaboot-groups + attrs: + name: "Kaboot Groups Scope" + scope_name: groups + description: "Include user groups in the token" + expression: | + return [group.name for group in user.ak_groups.all()] + # ═══════════════════════════════════════════════════════════════════════════════ # OAUTH2/OIDC PROVIDER # ═══════════════════════════════════════════════════════════════════════════════ @@ -235,6 +250,7 @@ entries: - !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]] - !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]] - !Find [authentik_providers_oauth2.scopemapping, [scope_name, offline_access]] + - !KeyOf groups-scope-mapping # ═══════════════════════════════════════════════════════════════════════════════ # APPLICATION