No more sercretString dans oauth2

application/application.tf

@@ -7,13 +7,14 @@ data "authentik_group" "akadmin" {
 }
 resource "authentik_group" "groups" {
   name       = local.main_group
-  attributes = jsonencode({ "${local.app_name}" = true })
+  attributes = jsonencode({ "${local.app_name}" = var.attributes })
 }
 
 resource "authentik_group" "subgroup" {
   count  = length(var.sub_groups)
   name   = format("%s-%s", local.main_group, var.sub_groups[count.index])
   parent = authentik_group.groups.id
+  attributes = length(var.sub_groups_attributes)>count.index?jsonencode({ "${local.app_name}" = var.sub_groups_attributes[count.index] }):jsonencode({ "${local.app_name}" = var.attributes })
 }
 
 resource "authentik_application" "prj_app" {
@@ -30,7 +31,7 @@ resource "authentik_policy_expression" "policy" {
   name       = local.main_group
   expression = <<-EOF
     attr = request.user.group_attributes()
-    return attr['${local.app_name}'] if '${local.app_name}' in attr else False
+    return True if '${local.app_name}' in attr else False
   EOF
 }
 

application/variables.tf

@@ -26,3 +26,9 @@ variable "backchannel_providers" {
   type    = list(number)
   default = null
 }
+variable "attributes" {
+  default = {enable = true}
+}
+variable "sub_groups_attributes" {
+  default = []
+}