Reafacto OAuth2

Add roles mappings
Remove legacy groups

oauth2/variables.tf

@@ -23,7 +23,7 @@ variable "redirect_path" {
 variable "group_mapping" {
   type = map(string)
   default = {}
-  description = "Group mapping where key application group and value the generic group name"
+  description = "Group mapping where key is authentik suffix group name and value is the application group name"
 }
 variable "owner_references" {
   type = list(object({}))
@@ -39,6 +39,11 @@ variable "scopes" {
     "scope-profile",
   ]
 }
+variable "scope_attributes" {
+  type = string
+  description = "Authentik expression for scope mapping"
+  default = ""
+}
 variable "client_type" {
   type = string
   description = "OAuth client type confidential / public(PKCE)"