Deploy Authentik with a default OAuth2 provider and application using Blueprints

[ladislav-dolezal]

I have successfully deployed the Authentik provider and application using the following (blueprints) YAML file. However, I couldn’t figure out how to add scopes to the OAuth2 provider in this setup. Can someone help?
I want to automatically define the following scopes in my blueprints.yaml for the OAuth2 application — openid, email, profile, and offline_access — so I don’t have to configure them manually.

My blueprints.yaml:

    version: 1
    metadata:
      name: inqu-analytics-oauth2
    entries:
      - model: "authentik_providers_oauth2.scopemapping"
        id: "provider-oauth2"
        identifiers:
          name: "analytics"
        state: "present"
        attrs:
          name: "analytics"
          authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
          #change to your authentification url
          authentification_url: "https://auth.${DOMAIN}"
          client_type: "confidential"
          access_code_validity: "minutes=10"
          access_token_validity: "days=7"
          refresh_token_validity: "hours=1"
          invalidation_flow: !Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]]
          client_id: "${OAUTH2_APP_CLIENT_ID}"
          client_secret: "${OAUTH2_APP_CLIENT_SECRET}"
          redirect_uris:
            - url: "https://auth.${DOMAIN}/oauth2/callback"
              matching_mode: "strict"
      - model: "authentik_core.application"
        id: "analytics-application"
        state: "present"
        identifiers:
          name: "analytics"
        attrs:
          name: "analytics-application"
          slug: "analytics-application"
          policy_engine_mode: "any"
          provider: !Find [authentik_providers_oauth2.oauth2provider, [name, analytics]]

[anpavlov]

Hi, you can add this to provider attrs

    property_mappings:
    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, offline_access]]