strapi-plugin-oidc 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 edmogeor
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,88 @@
+<div align="center">
+  <img src="https://raw.githubusercontent.com/edmogeor/strapi-plugin-oidc/main/assets/icon.png" width="140" alt="OIDC Plugin for Strapi Logo"/>
+  <h1>OIDC Plugin for Strapi</h1>
+  <p>
+    <a href="https://github.com/edmogeor/strapi-plugin-oidc/actions/workflows/test.yml">
+      <img src="https://github.com/edmogeor/strapi-plugin-oidc/actions/workflows/test.yml/badge.svg" alt="Tests">
+    </a>
+  </p>
+</div>
+
+A Strapi plugin that provides OpenID Connect (OIDC) authentication functionality for the Strapi Admin Panel. 
+
+This plugin allows your administrators to log in to the Strapi administration interface using external OIDC identity providers such as Zitadel, Keycloak, Auth0, AWS Cognito, and others.
+
+## Installation
+
+You can install the plugin via `npm` or `yarn`:
+
+```bash
+# Using npm
+npm install strapi-plugin-oidc
+
+# Using yarn
+yarn add strapi-plugin-oidc
+```
+
+## Configuration
+
+To enable and configure the plugin, update your `config/plugins.js` (or `config/plugins.ts`) file with your OIDC provider's settings.
+
+```javascript
+module.exports = ({ env }) => ({
+  // ...
+  'strapi-plugin-oidc': {
+    enabled: true,
+    config: {
+      // Set to true to store the token in local storage, false for session storage
+      REMEMBER_ME: false,
+
+      // OpenID Connect Settings
+      OIDC_REDIRECT_URI: 'http://localhost:1337/strapi-plugin-oidc/oidc/callback', // Callback URI after successful login
+      OIDC_CLIENT_ID: '[Client ID from OpenID Provider]',
+      OIDC_CLIENT_SECRET: '[Client Secret from OpenID Provider]',
+
+      OIDC_SCOPES: 'openid profile email', // Standard OIDC scopes
+      
+      // API Endpoints required for OIDC provider
+      OIDC_AUTHORIZATION_ENDPOINT: '[Authorization Endpoint]',
+      OIDC_TOKEN_ENDPOINT: '[Token Endpoint]',
+      OIDC_USER_INFO_ENDPOINT: '[User Info Endpoint]',
+      OIDC_USER_INFO_ENDPOINT_WITH_AUTH_HEADER: false,
+      OIDC_GRANT_TYPE: 'authorization_code', 
+      
+      // Customizable user field mapping for user creation
+      OIDC_FAMILY_NAME_FIELD: 'family_name',
+      OIDC_GIVEN_NAME_FIELD: 'given_name',
+      
+      // Redirect to OIDC provider's logout page when users log out of Strapi
+      OIDC_LOGOUT_URL: '[OIDC Provider Logout URL]' 
+    }
+  }
+  // ...
+});
+```
+
+Make sure to replace the placeholder values (e.g., `[Client ID from OpenID Provider]`) with the actual connection details from your chosen OIDC identity provider.
+
+## Admin Settings
+
+Once the plugin is installed and configured, you can manage the OIDC settings from the Strapi Admin Panel under **Settings** > **OIDC Plugin**.
+
+- **Whitelist Management**: Restrict login to specific users by adding their email addresses to the whitelist. You can also whitelist entire email domains (e.g., `*@company.com`). If the whitelist is empty, any user who successfully authenticates via your OIDC provider will be able to log in and an account will be automatically created for them.
+- **Default Role Assignment**: Select the default Strapi admin role that will be assigned to newly created users when they log in for the first time via OIDC.
+- **Enforce OIDC Login**: When enabled, the default Strapi email and password login form will be disabled, forcing all administrators to log in using your OIDC provider. *(Note: This option is automatically disabled and grayed out if your whitelist is empty to prevent accidentally locking everyone out of the admin panel).*
+
+## Credits & Changes
+
+This plugin is a hard fork of the original [`strapi-plugin-sso`](https://github.com/yasudacloud/strapi-plugin-sso) created by **yasudacloud**. Huge thanks to them for creating the foundation of this plugin!
+
+### Changes made to the original codebase:
+- Removed alternative SSO methods to simplify the plugin.
+- Redesigned the Whitelist and Role management UI (switched to native Strapi cards, added pagination, etc.).
+- Added an OIDC logout redirect URL.
+- Added an option to "Enforce OIDC login" with an admin toggle (automatically disabled if the whitelist is empty).
+- Migrated the testing framework to Vitest and added comprehensive test coverage for controllers and services.
+- Cleaned up dead code and unused dependencies to improve maintainability.
+- Upgraded to use newer versions of Node.js.
+- Added misc. quality of life improvements and bug fixes.

package/dist/_chunks/en-AsM8uCFB.mjs

@@ -0,0 +1,23 @@
+const en = {
+  "page.title": "Default role setting at first login",
+  "page.notes": "This will not be reflected for already registered users.",
+  "page.save": "Save",
+  "page.save.success": "Updated settings",
+  "page.save.error": "Update failed.",
+  "page.cancel": "Cancel",
+  "page.ok": "OK",
+  "tab.roles": "Roles",
+  "tab.whitelist": "Whitelist",
+  "tab.whitelist.error.unique": "Already registered email address.",
+  "tab.whitelist.enabled": "Whitelist is currently enabled.",
+  "tab.whitelist.disabled": "Whitelist is currently disabled.",
+  "tab.whitelist.description": "Only the following email addresses are allowed to authenticate with SSO.",
+  "tab.whitelist.table.no": "No",
+  "tab.whitelist.table.email": "Email",
+  "tab.whitelist.table.created": "Created At",
+  "tab.whitelist.delete.title": "Confirmation",
+  "tab.whitelist.delete.description": "Are you sure you want to delete this?"
+};
+export {
+  en as default
+};

package/dist/_chunks/en-BbQ9XzfO.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const en = {
+  "page.title": "Default role setting at first login",
+  "page.notes": "This will not be reflected for already registered users.",
+  "page.save": "Save",
+  "page.save.success": "Updated settings",
+  "page.save.error": "Update failed.",
+  "page.cancel": "Cancel",
+  "page.ok": "OK",
+  "tab.roles": "Roles",
+  "tab.whitelist": "Whitelist",
+  "tab.whitelist.error.unique": "Already registered email address.",
+  "tab.whitelist.enabled": "Whitelist is currently enabled.",
+  "tab.whitelist.disabled": "Whitelist is currently disabled.",
+  "tab.whitelist.description": "Only the following email addresses are allowed to authenticate with SSO.",
+  "tab.whitelist.table.no": "No",
+  "tab.whitelist.table.email": "Email",
+  "tab.whitelist.table.created": "Created At",
+  "tab.whitelist.delete.title": "Confirmation",
+  "tab.whitelist.delete.description": "Are you sure you want to delete this?"
+};
+exports.default = en;

package/dist/_chunks/fr-C8Qw4iPZ.js

@@ -0,0 +1,4 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const fr = {};
+exports.default = fr;

package/dist/_chunks/fr-hkSxFuzl.mjs

@@ -0,0 +1,4 @@
+const fr = {};
+export {
+  fr as default
+};

package/dist/_chunks/index-Bq6bRISt.js

@@ -0,0 +1,414 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const jsxRuntime = require("react/jsx-runtime");
+const react = require("react");
+const reactRouterDom = require("react-router-dom");
+const admin = require("@strapi/strapi/admin");
+const designSystem = require("@strapi/design-system");
+const reactIntl = require("react-intl");
+const index = require("./index-DR3YYYZL.js");
+const styled = require("styled-components");
+const icons = require("@strapi/icons");
+const _interopDefault = (e) => e && e.__esModule ? e : { default: e };
+const styled__default = /* @__PURE__ */ _interopDefault(styled);
+const getTrad = (id) => `${index.pluginId}.${id}`;
+const ButtonWrapper = styled__default.default.div`
+    margin: 10px 0 0 0;
+
+    & button {
+        margin: 0 0 0 auto;
+    }
+`;
+const Description = styled__default.default.p`
+    font-size: 16px;
+    margin: 20px 0;
+`;
+function Role({ ssoRoles, roles, onSaveRole, onChangeRoleCheck }) {
+  const { formatMessage } = reactIntl.useIntl();
+  return /* @__PURE__ */ jsxRuntime.jsxs(jsxRuntime.Fragment, { children: [
+    /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Table, { colCount: roles.length + 1, rowCount: ssoRoles.length, children: [
+      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Thead, { children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Tr, { children: [
+        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Checkbox, { style: { display: "none" } }) }),
+        roles.map((role) => /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { children: role["name"] }, role["id"]))
+      ] }) }),
+      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Tbody, { children: ssoRoles.map((ssoRole) => /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Tr, { children: [
+        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Td, { children: ssoRole["name"] }),
+        roles.map((role) => /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { children: /* @__PURE__ */ jsxRuntime.jsx(
+          designSystem.Checkbox,
+          {
+            checked: ssoRole["role"] && ssoRole["role"].includes(role["id"]),
+            onCheckedChange: (value) => onChangeRoleCheck(value, ssoRole["oauth_type"], role["id"]),
+            children: ""
+          }
+        ) }, role["id"]))
+      ] }, ssoRole["oauth_type"])) })
+    ] }),
+    /* @__PURE__ */ jsxRuntime.jsx(Description, { children: formatMessage({
+      id: getTrad("page.notes"),
+      defaultMessage: "This will not be reflected for already registered users."
+    }) }),
+    /* @__PURE__ */ jsxRuntime.jsx(ButtonWrapper, { children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Button, { variant: "default", onClick: onSaveRole, children: formatMessage({
+      id: getTrad("page.save"),
+      defaultMessage: "Save"
+    }) }) })
+  ] });
+}
+const LocalizedDate = ({ date }) => {
+  const userLocale = navigator.language || "en-US";
+  return new Intl.DateTimeFormat(userLocale, {
+    year: "numeric",
+    month: "long",
+    day: "numeric",
+    hour: "2-digit",
+    minute: "2-digit"
+  }).format(new Date(date));
+};
+function Whitelist({ users, roles, useWhitelist, loading, onSave, onDelete, onToggle }) {
+  const [email, setEmail] = react.useState("");
+  const [selectedRoles, setSelectedRoles] = react.useState([]);
+  const { formatMessage } = reactIntl.useIntl();
+  const onSaveEmail = react.useCallback(async () => {
+    const emailText = email.trim();
+    if (users.some((user) => user.email === emailText)) {
+      alert(
+        formatMessage({
+          id: getTrad("tab.whitelist.error.unique"),
+          defaultMessage: "Already registered email address."
+        })
+      );
+    } else {
+      await onSave(emailText, selectedRoles);
+      setEmail("");
+      setSelectedRoles([]);
+    }
+  }, [email, selectedRoles, users, onSave, formatMessage]);
+  const isValidEmail = react.useCallback(() => {
+    const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+    return emailRegex.test(email);
+  }, [email]);
+  return /* @__PURE__ */ jsxRuntime.jsx(jsxRuntime.Fragment, { children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Box, { padding: 4, children: [
+    /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { gap: 4, marginBottom: 4, children: [
+      /* @__PURE__ */ jsxRuntime.jsx(
+        designSystem.Toggle,
+        {
+          checked: useWhitelist,
+          onLabel: "Enabled",
+          offLabel: "Disabled",
+          onChange: onToggle
+        }
+      ),
+      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "delta", children: useWhitelist ? formatMessage({
+        id: getTrad("tab.whitelist.enabled"),
+        defaultMessage: "Whitelist is currently enabled."
+      }) : formatMessage({
+        id: getTrad("tab.whitelist.disabled"),
+        defaultMessage: "Whitelist is currently disabled."
+      }) })
+    ] }),
+    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { tag: "p", marginBottom: 4, children: formatMessage({
+      id: getTrad("tab.whitelist.description"),
+      defaultMessage: "Only the following email addresses are allowed to authenticate with SSO."
+    }) }),
+    /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Grid.Root, { tag: "fieldset", gap: 4, padding: "0px", gridCols: 3, borderWidth: 0, marginTop: 5, marginBottom: 5, children: [
+      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Grid.Item, { xs: 1, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Field.Root, { children: /* @__PURE__ */ jsxRuntime.jsx(
+        designSystem.Field.Input,
+        {
+          type: "email",
+          disabled: loading,
+          value: email,
+          hasError: email && !isValidEmail(),
+          onChange: (e) => setEmail(e.currentTarget.value),
+          placeholder: "Email address"
+        }
+      ) }) }),
+      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Grid.Item, { xs: 1, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Field.Root, { children: /* @__PURE__ */ jsxRuntime.jsx(
+        designSystem.MultiSelect,
+        {
+          placeholder: "Select specific roles",
+          withTags: true,
+          value: selectedRoles,
+          onChange: setSelectedRoles,
+          children: roles.map((role) => /* @__PURE__ */ jsxRuntime.jsx(designSystem.MultiSelectOption, { value: role.id.toString(), children: role.name }, role.id))
+        }
+      ) }) }),
+      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Grid.Item, { xs: 1, children: /* @__PURE__ */ jsxRuntime.jsx(
+        designSystem.Button,
+        {
+          startIcon: /* @__PURE__ */ jsxRuntime.jsx(icons.Plus, {}),
+          disabled: loading || email.trim() === "" || !isValidEmail(),
+          loading,
+          onClick: onSaveEmail,
+          children: formatMessage({
+            id: getTrad("page.save"),
+            defaultMessage: "Save"
+          })
+        }
+      ) })
+    ] }),
+    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Divider, {}),
+    /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Table, { colCount: 5, rowCount: users.length, children: [
+      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Thead, { children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Tr, { children: [
+        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { children: formatMessage({
+          id: getTrad("tab.whitelist.table.no"),
+          defaultMessage: "No"
+        }) }),
+        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { children: formatMessage({
+          id: getTrad("tab.whitelist.table.email"),
+          defaultMessage: "Email"
+        }) }),
+        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { children: "Roles" }),
+        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { children: formatMessage({
+          id: getTrad("tab.whitelist.table.created"),
+          defaultMessage: "Created At"
+        }) }),
+        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { children: " " })
+      ] }) }),
+      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Tbody, { children: users.map((user) => {
+        const userRolesNames = (user.roles || []).map((roleId) => {
+          const r = roles.find((ro) => ro.id.toString() === roleId.toString());
+          return r ? r.name : roleId;
+        }).join(", ");
+        return /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Tr, { children: [
+          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Td, { children: user.id }),
+          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Td, { children: user.email }),
+          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Td, { children: userRolesNames || "Default" }),
+          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Td, { children: /* @__PURE__ */ jsxRuntime.jsx(LocalizedDate, { date: user.createdAt }) }),
+          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Td, { children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Dialog.Root, { children: [
+            /* @__PURE__ */ jsxRuntime.jsx(designSystem.Dialog.Trigger, { children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.IconButton, { label: "Delete", withTooltip: false, children: /* @__PURE__ */ jsxRuntime.jsx(icons.Trash, {}) }) }),
+            /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Dialog.Content, { children: [
+              /* @__PURE__ */ jsxRuntime.jsx(designSystem.Dialog.Header, { children: formatMessage({
+                id: getTrad("tab.whitelist.delete.title"),
+                defaultMessage: "Confirmation"
+              }) }),
+              /* @__PURE__ */ jsxRuntime.jsx(designSystem.Dialog.Body, { icon: /* @__PURE__ */ jsxRuntime.jsx(icons.WarningCircle, { fill: "danger600" }), children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Typography, { variant: "delta", children: [
+                formatMessage({
+                  id: getTrad("tab.whitelist.delete.description"),
+                  defaultMessage: "Are you sure you want to delete this?"
+                }),
+                /* @__PURE__ */ jsxRuntime.jsx("br", {}),
+                user.email
+              ] }) }),
+              /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Dialog.Footer, { children: [
+                /* @__PURE__ */ jsxRuntime.jsx(designSystem.Dialog.Cancel, { children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Button, { fullWidth: true, variant: "tertiary", children: formatMessage({
+                  id: getTrad("page.cancel"),
+                  defaultMessage: "Cancel"
+                }) }) }),
+                /* @__PURE__ */ jsxRuntime.jsx(designSystem.Dialog.Action, { children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Button, { fullWidth: true, variant: "danger-light", onClick: () => onDelete(user.id), children: formatMessage({
+                  id: getTrad("page.ok"),
+                  defaultMessage: "OK"
+                }) }) })
+              ] })
+            ] })
+          ] }) })
+        ] }, user.id);
+      }) })
+    ] })
+  ] }) });
+}
+const AlertMessage = styled__default.default.div`
+    margin-left: -250px;
+    position: fixed;
+    left: 50%;
+    top: 2.875rem;
+    z-index: 10;
+    width: 31.25rem;
+`;
+function SuccessAlertMessage({ onClose: onClose2 }) {
+  const { formatMessage } = reactIntl.useIntl();
+  return /* @__PURE__ */ jsxRuntime.jsx(AlertMessage, { children: /* @__PURE__ */ jsxRuntime.jsx(
+    designSystem.Alert,
+    {
+      title: "Success",
+      variant: "success",
+      closeLabel: "",
+      onClose: onClose2,
+      children: formatMessage({
+        id: getTrad("page.save.success"),
+        defaultMessage: "Updated settings"
+      })
+    }
+  ) });
+}
+function ErrorAlertMessage() {
+  const { formatMessage } = reactIntl.useIntl();
+  return /* @__PURE__ */ jsxRuntime.jsx(AlertMessage, { children: /* @__PURE__ */ jsxRuntime.jsx(
+    designSystem.Alert,
+    {
+      title: "Error",
+      variant: "danger",
+      closeLabel: "",
+      onClose,
+      children: formatMessage({
+        id: getTrad("page.save.error"),
+        defaultMessage: "Update failed."
+      })
+    }
+  ) });
+}
+const HomePage = () => {
+  const { formatMessage } = reactIntl.useIntl();
+  const [loading, setLoading] = react.useState(false);
+  const [ssoRoles, setSSORoles] = react.useState([]);
+  const [roles, setRoles] = react.useState([]);
+  const [useWhitelist, setUseWhitelist] = react.useState(false);
+  const [users, setUsers] = react.useState([]);
+  const [showSuccess, setSuccess] = react.useState(false);
+  const [showError, setError] = react.useState(false);
+  const { get, put, post, del } = admin.useFetchClient();
+  react.useEffect(() => {
+    get(`/strapi-plugin-oidc/sso-roles`).then((response) => {
+      setSSORoles(response.data);
+    });
+    get(`/admin/roles`).then((response) => {
+      setRoles(response.data.data);
+    });
+    get("/strapi-plugin-oidc/whitelist").then((response) => {
+      setUsers(response.data.whitelistUsers);
+      setUseWhitelist(response.data.useWhitelist);
+    });
+  }, [setSSORoles, setRoles]);
+  const onChangeRoleCheck = (value, ssoId, role) => {
+    for (const ssoRole of ssoRoles) {
+      if (ssoRole["oauth_type"] === ssoId) {
+        if (ssoRole["role"]) {
+          if (value) {
+            ssoRole["role"].push(role);
+          } else {
+            ssoRole["role"] = ssoRole["role"].filter((selectRole) => selectRole !== role);
+          }
+        } else {
+          ssoRole["role"] = [role];
+        }
+      }
+    }
+    setSSORoles(ssoRoles.slice());
+  };
+  const onSaveRole = async () => {
+    try {
+      await put("/strapi-plugin-oidc/sso-roles", {
+        roles: ssoRoles.map((role) => ({
+          "oauth_type": role["oauth_type"],
+          role: role["role"]
+        }))
+      });
+      setSuccess(true);
+      setTimeout(() => {
+        setSuccess(false);
+      }, 3e3);
+    } catch (e) {
+      console.error(e);
+      setError(true);
+      setTimeout(() => {
+        setError(false);
+      }, 3e3);
+    }
+  };
+  const onRegisterWhitelist = async (email, selectedRoles) => {
+    setLoading(true);
+    post("/strapi-plugin-oidc/whitelist", {
+      email,
+      roles: selectedRoles
+    }).then((response) => {
+      get("/strapi-plugin-oidc/whitelist").then((response2) => {
+        setUsers(response2.data.whitelistUsers);
+        setUseWhitelist(response2.data.useWhitelist);
+      });
+      setLoading(false);
+      setSuccess(true);
+      setTimeout(() => {
+        setSuccess(false);
+      }, 3e3);
+    });
+  };
+  const onDeleteWhitelist = async (id) => {
+    setLoading(true);
+    del(`/strapi-plugin-oidc/whitelist/${id}`).then((response) => {
+      get("/strapi-plugin-oidc/whitelist").then((response2) => {
+        setUsers(response2.data.whitelistUsers);
+        setUseWhitelist(response2.data.useWhitelist);
+      });
+      setLoading(false);
+      setSuccess(true);
+      setTimeout(() => {
+        setSuccess(false);
+      }, 3e3);
+    });
+  };
+  const onToggleWhitelist = async (e) => {
+    const newValue = e.target.checked;
+    setLoading(true);
+    try {
+      await put("/strapi-plugin-oidc/whitelist/settings", {
+        useWhitelist: newValue
+      });
+      setUseWhitelist(newValue);
+      setSuccess(true);
+      setTimeout(() => {
+        setSuccess(false);
+      }, 3e3);
+    } catch (err) {
+      console.error(err);
+      setError(true);
+      setTimeout(() => {
+        setError(false);
+      }, 3e3);
+    } finally {
+      setLoading(false);
+    }
+  };
+  return /* @__PURE__ */ jsxRuntime.jsxs(admin.Page.Protect, { permissions: [{ action: "plugin::strapi-plugin-oidc.read", subject: null }], children: [
+    /* @__PURE__ */ jsxRuntime.jsx(
+      admin.Layouts.Header,
+      {
+        title: "OIDC",
+        subtitle: formatMessage({
+          id: getTrad("page.title"),
+          defaultMessage: "Default role setting at first login"
+        })
+      }
+    ),
+    showSuccess && /* @__PURE__ */ jsxRuntime.jsx(SuccessAlertMessage, { onClose: () => setSuccess(false) }),
+    showError && /* @__PURE__ */ jsxRuntime.jsx(ErrorAlertMessage, { onClose: () => setError(false) }),
+    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Box, { padding: 10, children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Tabs.Root, { defaultValue: "role", children: [
+      /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Tabs.List, { "aria-label": "Manage your attribute", style: { maxWidth: 300 }, children: [
+        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Tabs.Trigger, { value: "role", children: formatMessage({
+          id: getTrad("tab.roles"),
+          defaultMessage: "Roles"
+        }) }),
+        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Tabs.Trigger, { value: "whitelist", children: formatMessage({
+          id: getTrad("tab.whitelist"),
+          defaultMessage: "Whitelist"
+        }) })
+      ] }),
+      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Tabs.Content, { value: "role", style: { background: "initial" }, children: /* @__PURE__ */ jsxRuntime.jsx(
+        Role,
+        {
+          roles,
+          ssoRoles,
+          onSaveRole,
+          onChangeRoleCheck
+        }
+      ) }),
+      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Tabs.Content, { value: "whitelist", children: /* @__PURE__ */ jsxRuntime.jsx(
+        Whitelist,
+        {
+          loading,
+          users,
+          roles,
+          useWhitelist,
+          onSave: onRegisterWhitelist,
+          onDelete: onDeleteWhitelist,
+          onToggle: onToggleWhitelist
+        }
+      ) })
+    ] }) })
+  ] });
+};
+const HomePage$1 = react.memo(HomePage);
+const App = () => {
+  return /* @__PURE__ */ jsxRuntime.jsx("div", { children: /* @__PURE__ */ jsxRuntime.jsxs(reactRouterDom.Routes, { children: [
+    /* @__PURE__ */ jsxRuntime.jsx(reactRouterDom.Route, { index: true, element: /* @__PURE__ */ jsxRuntime.jsx(HomePage$1, {}) }),
+    /* @__PURE__ */ jsxRuntime.jsx(reactRouterDom.Route, { path: "*", element: /* @__PURE__ */ jsxRuntime.jsx(admin.Page.Error, {}) })
+  ] }) });
+};
+exports.default = App;