npm - strapi-plugin-oidc - Versions diffs - 1.0.0 - Mend

strapi-plugin-oidc 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/LICENSE +21 -0
package/README.md +88 -0
package/dist/_chunks/en-AsM8uCFB.mjs +23 -0
package/dist/_chunks/en-BbQ9XzfO.js +23 -0
package/dist/_chunks/fr-C8Qw4iPZ.js +4 -0
package/dist/_chunks/fr-hkSxFuzl.mjs +4 -0
package/dist/_chunks/index-Bq6bRISt.js +414 -0
package/dist/_chunks/index-BuS0wmlA.mjs +412 -0
package/dist/_chunks/index-CHl-03dY.mjs +204 -0
package/dist/_chunks/index-DR3YYYZL.js +203 -0
package/dist/_chunks/ja-B2WcMFA2.js +23 -0
package/dist/_chunks/ja-COdupAQd.mjs +23 -0
package/dist/admin/en-f0TxVfx7.mjs +41 -0
package/dist/admin/en-jFPbEFeK.js +41 -0
package/dist/admin/index-BuuCScSN.mjs +143 -0
package/dist/admin/index-C0GkDnGG.js +142 -0
package/dist/admin/index-D_0jCOLk.js +491 -0
package/dist/admin/index-DwpTg1-J.mjs +489 -0
package/dist/admin/index.js +4 -0
package/dist/admin/index.mjs +4 -0
package/dist/server/index.js +746 -0
package/dist/server/index.mjs +741 -0
package/package.json +107 -0

package/dist/server/index.mjs ADDED Viewed

@@ -0,0 +1,741 @@
+import axios from "axios";
+import { randomUUID, randomBytes } from "node:crypto";
+import pkceChallenge from "pkce-challenge";
+import strapiUtils from "@strapi/utils";
+import generator from "generate-password";
+function register$1() {
+}
+async function bootstrap({ strapi: strapi2 }) {
+  const actions = [
+    {
+      section: "plugins",
+      displayName: "Read",
+      uid: "read",
+      pluginName: "strapi-plugin-oidc"
+    },
+    {
+      section: "plugins",
+      displayName: "Update",
+      uid: "update",
+      pluginName: "strapi-plugin-oidc"
+    }
+  ];
+  await strapi2.admin.services.permission.actionProvider.registerMany(actions);
+  try {
+    const oidcRoleCount = await strapi2.query("plugin::strapi-plugin-oidc.roles").count({
+      where: { oauth_type: "4" }
+    });
+    if (oidcRoleCount === 0) {
+      const editorRole = await strapi2.query("admin::role").findOne({
+        where: { code: "strapi-editor" }
+      });
+      if (editorRole) {
+        await strapi2.query("plugin::strapi-plugin-oidc.roles").create({
+          data: {
+            oauth_type: "4",
+            roles: [editorRole.id.toString()]
+          }
+        });
+      }
+    }
+  } catch (err) {
+    strapi2.log.warn("Could not initialize default OIDC role:", err.message);
+  }
+  strapi2.db.lifecycles.subscribe({
+    models: ["admin::user"],
+    async afterUpdate(event) {
+      const { result } = event;
+      if (!result?.email) return;
+      const query = strapi2.query("plugin::strapi-plugin-oidc.whitelists");
+      const whitelistEntry = await query.findOne({ where: { email: result.email } });
+      if (!whitelistEntry) return;
+      const userWithRoles = await strapi2.query("admin::user").findOne({
+        where: { id: result.id },
+        populate: ["roles"]
+      });
+      if (userWithRoles?.roles) {
+        const roleIds = userWithRoles.roles.map((r) => r.id.toString());
+        await query.update({
+          where: { id: whitelistEntry.id },
+          data: { roles: roleIds }
+        });
+      }
+    }
+  });
+}
+function destroy() {
+}
+const config = {
+  default: {
+    REMEMBER_ME: false,
+    OIDC_REDIRECT_URI: "http://localhost:1337/strapi-plugin-oidc/oidc/callback",
+    OIDC_CLIENT_ID: "",
+    OIDC_CLIENT_SECRET: "",
+    OIDC_SCOPES: "openid profile email",
+    OIDC_AUTHORIZATION_ENDPOINT: "",
+    OIDC_TOKEN_ENDPOINT: "",
+    OIDC_USER_INFO_ENDPOINT: "",
+    OIDC_USER_INFO_ENDPOINT_WITH_AUTH_HEADER: false,
+    OIDC_GRANT_TYPE: "authorization_code",
+    OIDC_FAMILY_NAME_FIELD: "family_name",
+    OIDC_GIVEN_NAME_FIELD: "given_name",
+    OIDC_LOGOUT_URL: ""
+  },
+  validator() {
+  }
+};
+const info$2 = { "singularName": "roles", "pluralName": "oidc-roles", "collectionName": "oidc-roles", "displayName": "oidc-role", "description": "" };
+const options$1 = { "draftAndPublish": false };
+const pluginOptions$1 = { "content-manager": { "visible": false }, "content-type-builder": { "visible": false } };
+const attributes$1 = { "oauth_type": { "type": "string", "configurable": false, "required": true }, "roles": { "type": "json", "configurable": false } };
+const schema$1 = {
+  info: info$2,
+  options: options$1,
+  pluginOptions: pluginOptions$1,
+  attributes: attributes$1
+};
+const roles = {
+  schema: schema$1
+};
+const info$1 = { "singularName": "whitelists", "pluralName": "whitelists", "collectionName": "whitelists", "displayName": "whitelist", "description": "" };
+const options = { "draftAndPublish": false };
+const pluginOptions = { "content-manager": { "visible": false }, "content-type-builder": { "visible": false } };
+const attributes = { "email": { "type": "string", "configurable": false, "required": true, "unique": true }, "roles": { "type": "json", "configurable": false } };
+const schema = {
+  info: info$1,
+  options,
+  pluginOptions,
+  attributes
+};
+const whitelists = {
+  schema
+};
+const contentTypes = {
+  roles,
+  whitelists
+};
+function configValidation() {
+  const config2 = strapi.config.get("plugin::strapi-plugin-oidc");
+  if (config2["OIDC_CLIENT_ID"] && config2["OIDC_CLIENT_SECRET"] && config2["OIDC_REDIRECT_URI"] && config2["OIDC_SCOPES"] && config2["OIDC_TOKEN_ENDPOINT"] && config2["OIDC_USER_INFO_ENDPOINT"] && config2["OIDC_GRANT_TYPE"] && config2["OIDC_FAMILY_NAME_FIELD"] && config2["OIDC_GIVEN_NAME_FIELD"] && config2["OIDC_AUTHORIZATION_ENDPOINT"]) {
+    return config2;
+  }
+  throw new Error("OIDC_AUTHORIZATION_ENDPOINT,OIDC_TOKEN_ENDPOINT, OIDC_USER_INFO_ENDPOINT,OIDC_CLIENT_ID, OIDC_CLIENT_SECRET, OIDC_REDIRECT_URI, and OIDC_SCOPES are required");
+}
+async function oidcSignIn(ctx) {
+  let { state } = ctx.query;
+  const { OIDC_CLIENT_ID, OIDC_REDIRECT_URI, OIDC_SCOPES, OIDC_AUTHORIZATION_ENDPOINT } = configValidation();
+  const { code_verifier: codeVerifier, code_challenge: codeChallenge } = await pkceChallenge();
+  ctx.session.codeVerifier = codeVerifier;
+  if (!state) {
+    state = randomBytes(32).toString("base64url");
+  }
+  ctx.session.oidcState = state;
+  const params = new URLSearchParams();
+  params.append("response_type", "code");
+  params.append("client_id", OIDC_CLIENT_ID);
+  params.append("redirect_uri", OIDC_REDIRECT_URI);
+  params.append("scope", OIDC_SCOPES);
+  params.append("code_challenge", codeChallenge);
+  params.append("code_challenge_method", "S256");
+  params.append("state", state);
+  const authorizationUrl = `${OIDC_AUTHORIZATION_ENDPOINT}?${params.toString()}`;
+  ctx.set("Location", authorizationUrl);
+  return ctx.send({}, 302);
+}
+async function oidcSignInCallback(ctx) {
+  const config2 = configValidation();
+  const httpClient = axios.create();
+  const userService = strapi.service("admin::user");
+  const oauthService2 = strapi.plugin("strapi-plugin-oidc").service("oauth");
+  const roleService2 = strapi.plugin("strapi-plugin-oidc").service("role");
+  const whitelistService2 = strapi.plugin("strapi-plugin-oidc").service("whitelist");
+  if (!ctx.query.code) {
+    return ctx.send(oauthService2.renderSignUpError(`code Not Found`));
+  }
+  if (!ctx.query.state || ctx.query.state !== ctx.session.oidcState) {
+    return ctx.send(oauthService2.renderSignUpError(`Invalid state`));
+  }
+  const params = new URLSearchParams();
+  params.append("code", ctx.query.code);
+  params.append("client_id", config2["OIDC_CLIENT_ID"]);
+  params.append("client_secret", config2["OIDC_CLIENT_SECRET"]);
+  params.append("redirect_uri", config2["OIDC_REDIRECT_URI"]);
+  params.append("grant_type", config2["OIDC_GRANT_TYPE"]);
+  params.append("code_verifier", ctx.session.codeVerifier);
+  try {
+    const response = await httpClient.post(config2["OIDC_TOKEN_ENDPOINT"], params, {
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded"
+      }
+    });
+    let userInfoEndpointHeaders = {};
+    let userInfoEndpointParameters = `?access_token=${response.data.access_token}`;
+    if (config2["OIDC_USER_INFO_ENDPOINT_WITH_AUTH_HEADER"]) {
+      userInfoEndpointHeaders = {
+        headers: { Authorization: `Bearer ${response.data.access_token}` }
+      };
+      userInfoEndpointParameters = "";
+    }
+    const userInfoEndpoint = `${config2["OIDC_USER_INFO_ENDPOINT"]}${userInfoEndpointParameters}`;
+    const userResponse = await httpClient.get(
+      userInfoEndpoint,
+      userInfoEndpointHeaders
+    );
+    const email = userResponse.data.email;
+    const whitelistUser = await whitelistService2.checkWhitelistForEmail(email);
+    const dbUser = await userService.findOneByEmail(email);
+    let activateUser;
+    let jwtToken;
+    if (dbUser) {
+      activateUser = dbUser;
+      jwtToken = await oauthService2.generateToken(dbUser, ctx);
+    } else {
+      let roles2 = [];
+      if (whitelistUser && whitelistUser.roles && whitelistUser.roles.length > 0) {
+        roles2 = whitelistUser.roles;
+      } else {
+        const oidcRoles = await roleService2.oidcRoles();
+        roles2 = oidcRoles && oidcRoles["roles"] ? oidcRoles["roles"] : [];
+      }
+      const defaultLocale = oauthService2.localeFindByHeader(ctx.request.headers);
+      activateUser = await oauthService2.createUser(
+        email,
+        userResponse.data[config2["OIDC_FAMILY_NAME_FIELD"]],
+        userResponse.data[config2["OIDC_GIVEN_NAME_FIELD"]],
+        defaultLocale,
+        roles2
+      );
+      jwtToken = await oauthService2.generateToken(activateUser, ctx);
+      await oauthService2.triggerWebHook(activateUser);
+    }
+    oauthService2.triggerSignInSuccess(activateUser);
+    const nonce = randomUUID();
+    const html = oauthService2.renderSignUpSuccess(jwtToken, activateUser, nonce);
+    ctx.set("Content-Security-Policy", `script-src 'nonce-${nonce}'`);
+    ctx.send(html);
+  } catch (e) {
+    console.error(e);
+    ctx.send(oauthService2.renderSignUpError(e.message));
+  }
+}
+async function logout(ctx) {
+  const config2 = strapi.config.get("plugin::strapi-plugin-oidc");
+  const logoutUrl = config2["OIDC_LOGOUT_URL"];
+  if (logoutUrl) {
+    ctx.redirect(logoutUrl);
+  } else {
+    const adminPanelUrl = strapi.config.get("admin.url", "/admin");
+    ctx.redirect(`${adminPanelUrl}/auth/login`);
+  }
+}
+const oidc = {
+  oidcSignIn,
+  oidcSignInCallback,
+  logout
+};
+async function find(ctx) {
+  const roleService2 = strapi.plugin("strapi-plugin-oidc").service("role");
+  const roles2 = await roleService2.find();
+  const oidcConstants = roleService2.getOidcRoles();
+  for (const oidc2 of oidcConstants) {
+    for (const role2 of roles2) {
+      if (role2["oauth_type"] === oidc2["oauth_type"]) {
+        oidc2["role"] = role2["roles"];
+      }
+    }
+  }
+  ctx.send(oidcConstants);
+}
+async function update(ctx) {
+  try {
+    const { roles: roles2 } = ctx.request.body;
+    const roleService2 = strapi.plugin("strapi-plugin-oidc").service("role");
+    await roleService2.update(roles2);
+    ctx.send({}, 204);
+  } catch (e) {
+    console.log(e);
+    ctx.send({}, 400);
+  }
+}
+const role = {
+  find,
+  update
+};
+async function info(ctx) {
+  const whitelistService2 = strapi.plugin("strapi-plugin-oidc").service("whitelist");
+  const settings = await whitelistService2.getSettings();
+  const whitelistUsers = await whitelistService2.getUsers();
+  ctx.body = {
+    useWhitelist: settings.useWhitelist,
+    enforceOIDC: settings.enforceOIDC || false,
+    whitelistUsers
+  };
+}
+async function updateSettings(ctx) {
+  const { useWhitelist, enforceOIDC } = ctx.request.body;
+  const whitelistService2 = strapi.plugin("strapi-plugin-oidc").service("whitelist");
+  await whitelistService2.setSettings({ useWhitelist, enforceOIDC });
+  ctx.body = { useWhitelist, enforceOIDC };
+}
+async function publicSettings(ctx) {
+  const whitelistService2 = strapi.plugin("strapi-plugin-oidc").service("whitelist");
+  const settings = await whitelistService2.getSettings();
+  ctx.body = {
+    enforceOIDC: settings.enforceOIDC || false
+  };
+}
+async function register(ctx) {
+  const { email, roles: roles2 } = ctx.request.body;
+  if (!email) {
+    ctx.body = {
+      message: "Please enter a valid email address"
+    };
+    return;
+  }
+  const emailList = Array.isArray(email) ? email : email.split(",").map((e) => e.trim()).filter((e) => e);
+  const existingUsers = await strapi.query("admin::user").findMany({
+    where: { email: { $in: emailList } },
+    populate: ["roles"]
+  });
+  const whitelistService2 = strapi.plugin("strapi-plugin-oidc").service("whitelist");
+  let matchedExistingUsersCount = 0;
+  for (const singleEmail of emailList) {
+    const existingUser = existingUsers.find((u) => u.email === singleEmail);
+    let finalRoles = roles2;
+    if (existingUser && existingUser.roles) {
+      finalRoles = existingUser.roles.map((r) => r.id.toString());
+      matchedExistingUsersCount++;
+    }
+    const alreadyWhitelisted = await strapi.query("plugin::strapi-plugin-oidc.whitelists").findOne({
+      where: { email: singleEmail }
+    });
+    if (!alreadyWhitelisted) {
+      await whitelistService2.registerUser(singleEmail, finalRoles);
+    }
+  }
+  ctx.body = { matchedExistingUsersCount };
+}
+async function removeEmail(ctx) {
+  const { id } = ctx.params;
+  const whitelistService2 = strapi.plugin("strapi-plugin-oidc").service("whitelist");
+  await whitelistService2.removeUser(id);
+  ctx.body = {};
+}
+async function syncUsers(ctx) {
+  const { users } = ctx.request.body;
+  const whitelistService2 = strapi.plugin("strapi-plugin-oidc").service("whitelist");
+  const currentUsers = await whitelistService2.getUsers();
+  let matchedExistingUsersCount = 0;
+  const emailsToSync = users.map((u) => u.email);
+  const existingStrapiUsers = await strapi.query("admin::user").findMany({
+    where: { email: { $in: emailsToSync } },
+    populate: ["roles"]
+  });
+  for (const currUser of currentUsers) {
+    if (!users.find((u) => u.email === currUser.email)) {
+      await whitelistService2.removeUser(currUser.id);
+    }
+  }
+  for (const user of users) {
+    const existingStrapiUser = existingStrapiUsers.find((u) => u.email === user.email);
+    let finalRoles = user.roles;
+    const currUser = currentUsers.find((u) => u.email === user.email);
+    if (!currUser && existingStrapiUser && existingStrapiUser.roles) {
+      finalRoles = existingStrapiUser.roles.map((r) => r.id.toString());
+      matchedExistingUsersCount++;
+    }
+    if (currUser) {
+      await strapi.query("plugin::strapi-plugin-oidc.whitelists").update({
+        where: { id: currUser.id },
+        data: { roles: finalRoles }
+      });
+    } else {
+      await whitelistService2.registerUser(user.email, finalRoles);
+    }
+  }
+  ctx.body = { matchedExistingUsersCount };
+}
+const whitelist = {
+  info,
+  updateSettings,
+  publicSettings,
+  register,
+  removeEmail,
+  syncUsers
+};
+const controllers = {
+  oidc,
+  role,
+  whitelist
+};
+const routes = [
+  {
+    method: "GET",
+    path: "/oidc-roles",
+    handler: "role.find",
+    config: {
+      policies: [
+        "admin::isAuthenticatedAdmin",
+        { name: "admin::hasPermissions", config: { actions: ["plugin::strapi-plugin-oidc.read"] } }
+      ]
+    }
+  },
+  {
+    method: "PUT",
+    path: "/oidc-roles",
+    handler: "role.update",
+    config: {
+      policies: [
+        "admin::isAuthenticatedAdmin",
+        { name: "admin::hasPermissions", config: { actions: ["plugin::strapi-plugin-oidc.update"] } }
+      ]
+    }
+  },
+  {
+    method: "GET",
+    path: "/oidc",
+    handler: "oidc.oidcSignIn",
+    config: {
+      auth: false
+    }
+  },
+  {
+    method: "GET",
+    path: "/oidc/callback",
+    handler: "oidc.oidcSignInCallback",
+    config: {
+      auth: false
+    }
+  },
+  {
+    method: "GET",
+    path: "/logout",
+    handler: "oidc.logout",
+    config: {
+      auth: false
+    }
+  },
+  {
+    method: "GET",
+    path: "/whitelist",
+    handler: "whitelist.info",
+    config: {
+      policies: [
+        "admin::isAuthenticatedAdmin",
+        { name: "admin::hasPermissions", config: { actions: ["plugin::strapi-plugin-oidc.read"] } }
+      ]
+    }
+  },
+  {
+    method: "PUT",
+    path: "/whitelist/settings",
+    handler: "whitelist.updateSettings",
+    config: {
+      policies: [
+        "admin::isAuthenticatedAdmin",
+        { name: "admin::hasPermissions", config: { actions: ["plugin::strapi-plugin-oidc.update"] } }
+      ]
+    }
+  },
+  {
+    method: "GET",
+    path: "/settings/public",
+    handler: "whitelist.publicSettings",
+    config: {
+      auth: false
+    }
+  },
+  {
+    method: "PUT",
+    path: "/whitelist/sync",
+    handler: "whitelist.syncUsers",
+    config: {
+      policies: [
+        "admin::isAuthenticatedAdmin",
+        { name: "admin::hasPermissions", config: { actions: ["plugin::strapi-plugin-oidc.update"] } }
+      ]
+    }
+  },
+  {
+    method: "POST",
+    path: "/whitelist",
+    handler: "whitelist.register",
+    config: {
+      policies: [
+        "admin::isAuthenticatedAdmin",
+        { name: "admin::hasPermissions", config: { actions: ["plugin::strapi-plugin-oidc.update"] } }
+      ]
+    }
+  },
+  {
+    method: "DELETE",
+    path: "/whitelist/:id",
+    handler: "whitelist.removeEmail",
+    config: {
+      policies: [
+        "admin::isAuthenticatedAdmin",
+        { name: "admin::hasPermissions", config: { actions: ["plugin::strapi-plugin-oidc.update"] } }
+      ]
+    }
+  }
+];
+const policies = {};
+function oauthService({ strapi: strapi2 }) {
+  return {
+    async createUser(email, lastname, firstname, locale, roles2 = []) {
+      const userService = strapi2.service("admin::user");
+      if (/[A-Z]/.test(email)) {
+        const dbUser = await userService.findOneByEmail(email.toLocaleLowerCase());
+        if (dbUser) {
+          return dbUser;
+        }
+      }
+      const createdUser = await userService.create({
+        firstname: firstname ? firstname : "unset",
+        lastname: lastname ? lastname : "",
+        email: email.toLocaleLowerCase(),
+        roles: roles2,
+        preferedLanguage: locale
+      });
+      return await userService.register({
+        registrationToken: createdUser.registrationToken,
+        userInfo: {
+          firstname: firstname ? firstname : "unset",
+          lastname: lastname ? lastname : "user",
+          password: generator.generate({
+            length: 43,
+            // 256 bits (https://en.wikipedia.org/wiki/Password_strength#Random_passwords)
+            numbers: true,
+            lowercase: true,
+            uppercase: true,
+            exclude: '()+_-=}{[]|:;"/?.><,`~',
+            strict: true
+          })
+        }
+      });
+    },
+    addGmailAlias(baseEmail, baseAlias) {
+      if (!baseAlias) {
+        return baseEmail;
+      }
+      const alias = baseAlias.replace("/+/g", "");
+      const beforePosition = baseEmail.indexOf("@");
+      const origin = baseEmail.substring(0, beforePosition);
+      const domain = baseEmail.substring(beforePosition);
+      return `${origin}+${alias}${domain}`;
+    },
+    localeFindByHeader(headers) {
+      if (headers["accept-language"] && headers["accept-language"].includes("ja")) {
+        return "ja";
+      } else {
+        return "en";
+      }
+    },
+    async triggerWebHook(user) {
+      let ENTRY_CREATE;
+      const webhookStore = strapi2.serviceMap.get("webhookStore");
+      const eventHub = strapi2.serviceMap.get("eventHub");
+      if (webhookStore) {
+        ENTRY_CREATE = webhookStore.allowedEvents.get("ENTRY_CREATE");
+      }
+      const modelDef = strapi2.getModel("admin::user");
+      const sanitizedEntity = await strapiUtils.sanitize.sanitizers.defaultSanitizeOutput({
+        schema: modelDef,
+        getModel: (uid2) => strapi2.getModel(uid2)
+      }, user);
+      eventHub.emit(ENTRY_CREATE, {
+        model: modelDef.modelName,
+        entry: sanitizedEntity
+      });
+    },
+    triggerSignInSuccess(user) {
+      delete user["password"];
+      const eventHub = strapi2.serviceMap.get("eventHub");
+      eventHub.emit("admin.auth.success", {
+        user,
+        provider: "strapi-plugin-oidc"
+      });
+    },
+    // Sign In Success
+    renderSignUpSuccess(jwtToken, user, nonce) {
+      const config2 = strapi2.config.get("plugin::strapi-plugin-oidc");
+      const REMEMBER_ME = config2["REMEMBER_ME"];
+      const isRememberMe = !!REMEMBER_ME;
+      return `
+<!doctype html>
+<html>
+<head>
+<noscript>
+<h3>JavaScript must be enabled for authentication</h3>
+</noscript>
+<script nonce="${nonce}">
+ window.addEventListener('load', function() {
+  if(${isRememberMe}){
+    localStorage.setItem('jwtToken', '"${jwtToken}"');
+  }else{
+    document.cookie = 'jwtToken=${encodeURIComponent(jwtToken)}; Path=/';
+  }
+  localStorage.setItem('isLoggedIn', 'true');
+  location.href = '${strapi2.config.admin.url}'
+ })
+<\/script>
+</head>
+<body>
+</body>
+</html>`;
+    },
+    // Sign In Error
+    renderSignUpError(message) {
+      return `
+<!doctype html>
+<html>
+<head></head>
+<body>
+<h3>Authentication failed</h3>
+<p>${message}</p>
+</body>
+</html>`;
+    },
+    async generateToken(user, ctx) {
+      const sessionManager = strapi2.sessionManager;
+      if (!sessionManager) {
+        throw new Error("sessionManager is not supported. Please upgrade to Strapi v5.24.1 or later.");
+      }
+      const userId = String(user.id);
+      const deviceId = randomUUID();
+      const config2 = strapi2.config.get("plugin::strapi-plugin-oidc");
+      const REMEMBER_ME = config2["REMEMBER_ME"];
+      const rememberMe = !!REMEMBER_ME;
+      const { token: refreshToken } = await sessionManager(
+        "admin"
+      ).generateRefreshToken(userId, deviceId, {
+        type: rememberMe ? "refresh" : "session"
+      });
+      const cookieOptions = {};
+      ctx.cookies.set("strapi_admin_refresh", refreshToken, cookieOptions);
+      const accessResult = await sessionManager("admin").generateAccessToken(refreshToken);
+      if ("error" in accessResult) {
+        throw new Error(accessResult.error);
+      }
+      const { token: accessToken } = accessResult;
+      return accessToken;
+    }
+  };
+}
+function roleService({ strapi: strapi2 }) {
+  return {
+    OIDC_TYPE: "4",
+    getOidcRoles() {
+      return [
+        {
+          "oauth_type": this.OIDC_TYPE,
+          name: "OIDC"
+        }
+      ];
+    },
+    async oidcRoles() {
+      return await strapi2.query("plugin::strapi-plugin-oidc.roles").findOne({
+        where: {
+          "oauth_type": this.OIDC_TYPE
+        }
+      });
+    },
+    async find() {
+      return await strapi2.query("plugin::strapi-plugin-oidc.roles").findMany();
+    },
+    async update(roles2) {
+      const query = strapi2.query("plugin::strapi-plugin-oidc.roles");
+      await Promise.all(
+        roles2.map(async (role2) => {
+          const oidcRole = await query.findOne({ where: { "oauth_type": role2["oauth_type"] } });
+          if (oidcRole) {
+            await query.update({
+              where: { "oauth_type": role2["oauth_type"] },
+              data: { roles: role2.role }
+            });
+          } else {
+            await query.create({
+              data: {
+                "oauth_type": role2["oauth_type"],
+                roles: role2.role
+              }
+            });
+          }
+        })
+      );
+    }
+  };
+}
+function whitelistService({ strapi: strapi2 }) {
+  return {
+    async getSettings() {
+      const pluginStore = strapi2.store({ type: "plugin", name: "strapi-plugin-oidc" });
+      let settings = await pluginStore.get({ key: "settings" });
+      if (!settings) {
+        settings = { useWhitelist: true, enforceOIDC: false };
+        await pluginStore.set({ key: "settings", value: settings });
+      }
+      return settings;
+    },
+    async setSettings(settings) {
+      const pluginStore = strapi2.store({ type: "plugin", name: "strapi-plugin-oidc" });
+      await pluginStore.set({ key: "settings", value: settings });
+    },
+    async getUsers() {
+      const query = strapi2.query("plugin::strapi-plugin-oidc.whitelists");
+      return await query.findMany();
+    },
+    async registerUser(email, roles2) {
+      const query = strapi2.query("plugin::strapi-plugin-oidc.whitelists");
+      await query.create({
+        data: {
+          email,
+          roles: roles2
+        }
+      });
+    },
+    async removeUser(id) {
+      const query = strapi2.query("plugin::strapi-plugin-oidc.whitelists");
+      await query.delete({
+        where: {
+          id
+        }
+      });
+    },
+    async checkWhitelistForEmail(email) {
+      const settings = await this.getSettings();
+      if (!settings.useWhitelist) {
+        return null;
+      }
+      const query = strapi2.query("plugin::strapi-plugin-oidc.whitelists");
+      const result = await query.findOne({
+        where: {
+          email
+        }
+      });
+      if (result === null) {
+        throw new Error("Not present in whitelist");
+      }
+      return result;
+    }
+  };
+}
+const services = {
+  oauth: oauthService,
+  role: roleService,
+  whitelist: whitelistService
+};
+const index = {
+  register: register$1,
+  bootstrap,
+  destroy,
+  config,
+  controllers,
+  routes,
+  services,
+  contentTypes,
+  policies
+};
+export {
+  index as default
+};