Add access_service_auth.tf

access_service_auth.tf

@@ -0,0 +1,26 @@
+resource "cloudflare_zero_trust_access_identity_provider" "gmail" {
+  account_id = local.cloudflare_account_id
+  name       = "Gmail"
+  type       = "google"
+  config {
+    client_id        = var.google_client_id
+    client_secret    = var.google_secret
+    email_claim_name = "email"
+  }
+}
+
+resource "cloudflare_zero_trust_access_identity_provider" "authentik_oidc" {
+  account_id = local.cloudflare_account_id
+  name       = "Authentik OIDC"
+  type       = "oidc"
+  config {
+    auth_url         = "https://authentik.${var.cloudflare_zone}/application/o/authorize/"
+    certs_url        = "https://authentik.${var.cloudflare_zone}/application/o/cloudflare-access/jwks/"
+    claims           = ["given_name", "preferred_username", "nickname", "groups", "role"]
+    client_id        = var.authentik_oidc_client_id
+    client_secret    = var.authentik_oidc_secret
+    email_claim_name = "email"
+    scopes           = ["openid", "email", "profile"]
+    token_url        = "https://authentik.${var.cloudflare_zone}/application/o/token/"
+  }
+}