From 8104b5c14991e6494b89ca89f2dd444fc3dbfc21 Mon Sep 17 00:00:00 2001
From: Hubert Cornet <hcornet@noreply@tips-of-mine.fr>
Date: Sun, 16 Nov 2025 12:11:48 +0100
Subject: [PATCH] Add access_service_auth.tf

---
 access_service_auth.tf | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 access_service_auth.tf

diff --git a/access_service_auth.tf b/access_service_auth.tf
new file mode 100644
index 0000000..aa3b354
--- /dev/null
+++ b/access_service_auth.tf
@@ -0,0 +1,26 @@
+resource "cloudflare_zero_trust_access_identity_provider" "gmail" {
+  account_id = local.cloudflare_account_id
+  name       = "Gmail"
+  type       = "google"
+  config {
+    client_id        = var.google_client_id
+    client_secret    = var.google_secret
+    email_claim_name = "email"
+  }
+}
+
+resource "cloudflare_zero_trust_access_identity_provider" "authentik_oidc" {
+  account_id = local.cloudflare_account_id
+  name       = "Authentik OIDC"
+  type       = "oidc"
+  config {
+    auth_url         = "https://authentik.${var.cloudflare_zone}/application/o/authorize/"
+    certs_url        = "https://authentik.${var.cloudflare_zone}/application/o/cloudflare-access/jwks/"
+    claims           = ["given_name", "preferred_username", "nickname", "groups", "role"]
+    client_id        = var.authentik_oidc_client_id
+    client_secret    = var.authentik_oidc_secret
+    email_claim_name = "email"
+    scopes           = ["openid", "email", "profile"]
+    token_url        = "https://authentik.${var.cloudflare_zone}/application/o/token/"
+  }
+}
\ No newline at end of file