version: 1
metadata:
  name: social-login-sources
entries:
{% for source in social_login_sources %}
  - model: authentik_sources_oauth.oauthsource
    id: source-{{ source.slug }}
    identifiers:
      slug: {{ source.slug }}
    state: present
    attrs:
      name: {{ source.name }}
      slug: {{ source.slug }}
      provider_type: {{ source.provider_type }}
      consumer_key: {{ source.client_id }}
      consumer_secret: {{ source.client_secret }}
      authentication_flow: !Find [authentik_flows.flow, [slug, default-source-authentication]]
      enrollment_flow: !Find [authentik_flows.flow, [slug, default-source-enrollment]]

{% endfor %}
  # --- Add social login sources to the login identification stage ---
  - model: authentik_stages_identification.identificationstage
    identifiers:
      name: default-authentication-identification
    state: present
    attrs:
      user_fields:
        - email
        - username
      enrollment_flow: !Find [authentik_flows.flow, [slug, default-enrollment-flow]]
      recovery_flow: !Find [authentik_flows.flow, [slug, default-recovery-flow]]
      sources:
{% for source in social_login_sources %}
        - !KeyOf source-{{ source.slug }}
{% endfor %}