Terraform module to manage the following Twingate resources:
- authentik_provider_proxy
Copy and paste the following code snippet to your Terraform configuration,
specify the required variables and run the command terraform init.
module "authentik_provider_proxy" {
source = "gitlab.com/terraform-child-modules-48151/terraform-authentik-provider-proxy/local"
version = "1.0.0"
name = "example-provider-proxy"
external_host = "https://example.com"
authorization_flow = "8dd2dda7-5624-4f42-8984-04139ce50236"
invalidation_flow = "742a8bb5-3981-44ab-949f-dada3e92daf9"
internal_host = "https://localhost"
}| Name | Version |
|---|---|
| terraform | >= 1.0 |
| authentik | ~> 2025.0 |
| Name | Version |
|---|---|
| authentik | ~> 2025.0 |
No modules.
| Name | Type |
|---|---|
| authentik_provider_proxy.this | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| access_token_validity | How long access tokens are valid for | string |
"minutes=10" |
no |
| authentication_flow | Flow used for authentication when the associated application is accessed by an un-authenticated user | string |
null |
no |
| authorization_flow | Flow used when authorizing this provider | string |
n/a | yes |
| basic_auth_enabled | Set a custom HTTP-Basic authentication header based on values from authentik | bool |
false |
no |
| basic_auth_password_attribute | User/Group attribute used for the password part of the HTTP-Basic header | string |
null |
no |
| basic_auth_username_attribute | User/Group attribute used for the username part of the HTTP-Basic header | string |
null |
no |
| cookie_domain | The domain you wish the authentication to be valid for | string |
null |
no |
| external_host | The external URL you will access the application at | string |
n/a | yes |
| intercept_header_auth | When enabled, this provider will intercept the authorization header and authenticate requests based on it's value | bool |
true |
no |
| internal_host | Upstream host taht the requests are forwarded to | string |
null |
no |
| internal_host_ssl_validation | Validate SSL certificates of upstream servers | bool |
true |
no |
| invalidation_flow | Flow used ending the session from a provider | string |
n/a | yes |
| jwt_federation_providers | JWTs issued by any of the configured providers can be used to authenticate on behalf of this provider | list(number) |
[] |
no |
| jwt_federation_sources | JWTs issued by keys configured in any of the selected sources can be used to authenticate on behalf of this provider | list(string) |
[] |
no |
| mode | Enable support for ForwardAuth in Traefik and Nginx auth_request | string |
"proxy" |
no |
| name | Name of the provider | string |
n/a | yes |
| property_mappings | List of properties to pass information to external applications | list(string) |
[] |
no |
| refresh_token_validity | How long refresh tokens are valid for | string |
"days=30" |
no |
| skip_path_regex | Regular expressions for which authentication is not required | string |
null |
no |
| Name | Description |
|---|---|
| client_id | The Client ID of the provider |
| id | The ID of this resource |
Created and maintained by Dennis Hoppe.
Apache 2 licensed. See LICENSE for full details.