strapi-plugin-oidc 1.2.4 → 1.3.2

package/README.md

@@ -37,39 +37,32 @@ module.exports = ({ env }) => ({
   'strapi-plugin-oidc': {
     enabled: true,
     config: {
-      // Set to true to store the token in local storage, false for session storage
-      REMEMBER_ME: false,
-      // How long the remember me session should last in days (defaults to 30 days)
-      REMEMBER_ME_DAYS: 30,
-
-      // OpenID Connect Settings
-      OIDC_REDIRECT_URI: 'http://localhost:1337/strapi-plugin-oidc/oidc/callback', // Callback URI after successful login
+      // --- Required ---
       OIDC_CLIENT_ID: '[Client ID from OpenID Provider]',
       OIDC_CLIENT_SECRET: '[Client Secret from OpenID Provider]',
-
-      OIDC_SCOPES: 'openid profile email', // Standard OIDC scopes
-
-      // API Endpoints required for OIDC provider
+      OIDC_REDIRECT_URI: '[Your Strapi URL]/strapi-plugin-oidc/oidc/callback',
       OIDC_AUTHORIZATION_ENDPOINT: '[Authorization Endpoint]',
       OIDC_TOKEN_ENDPOINT: '[Token Endpoint]',
       OIDC_USER_INFO_ENDPOINT: '[User Info Endpoint]',
-      OIDC_USER_INFO_ENDPOINT_WITH_AUTH_HEADER: false,
-      OIDC_GRANT_TYPE: 'authorization_code',
 
-      // Customizable user field mapping for user creation
-      OIDC_FAMILY_NAME_FIELD: 'family_name',
-      OIDC_GIVEN_NAME_FIELD: 'given_name',
-
-      // Redirect to OIDC provider's logout page when users log out of Strapi
-      OIDC_LOGOUT_URL: '[OIDC Provider Logout URL]',
+      // --- Defaults provided — only set if your provider differs ---
+      OIDC_SCOPES: 'openid profile email',
+      OIDC_GRANT_TYPE: 'authorization_code',
+      OIDC_FAMILY_NAME_FIELD: 'family_name', // OIDC claim for the user's surname
+      OIDC_GIVEN_NAME_FIELD: 'given_name', // OIDC claim for the user's first name
+
+      // --- Optional ---
+      OIDC_USER_INFO_ENDPOINT_WITH_AUTH_HEADER: false, // true = Bearer token header, false = query param
+      OIDC_LOGOUT_URL: '', // OIDC provider logout URL; omit to return to Strapi login instead
+      OIDC_SSO_BUTTON_TEXT: 'Login via SSO', // Text on the SSO button injected into the login page
+      OIDC_ENFORCE: null, // null = use Admin UI setting; true/false = override it in config
+      REMEMBER_ME: false, // true = persist session across browser restarts, using Strapi's built-in refresh token duration
     },
   },
   // ...
 });
 ```
 
-Make sure to replace the placeholder values (e.g., `[Client ID from OpenID Provider]`) with the actual connection details from your chosen OIDC identity provider.
-
 ## How to Login
 
 Once configured, you can initiate the OIDC login flow by navigating to:
@@ -77,7 +70,7 @@ Once configured, you can initiate the OIDC login flow by navigating to:
 
 (e.g., `http://localhost:1337/strapi-plugin-oidc/oidc` for local development).
 
-When the **Enforce OIDC Login** option is enabled in the Admin Settings, the standard Strapi admin login page will be automatically redirected to this URL.
+When the **Enforce OIDC Login** option is enabled in the Admin Settings, the standard login fields are removed from the login page and only the SSO button remains — click it to start the OIDC flow.
 
 ## Admin Settings
 
@@ -85,7 +78,9 @@ Once the plugin is installed and configured, you can manage the OIDC settings fr
 
 - **Whitelist Management**: Restrict login to specific users by adding their email addresses to the whitelist. You can also whitelist entire email domains (e.g., `*@company.com`). If the whitelist is empty, any user who successfully authenticates via your OIDC provider will be able to log in and an account will be automatically created for them.
 - **Default Role Assignment**: Select the default Strapi admin role that will be assigned to newly created users when they log in for the first time via OIDC.
-- **Enforce OIDC Login**: When enabled, the default Strapi email and password login form will be disabled and the standard login will be redirected to the OIDC login URL, forcing all administrators to log in using your OIDC provider. _(Note: This option is automatically disabled and grayed out if your whitelist is empty to prevent accidentally locking everyone out of the admin panel)._
+- **SSO Login Button**: A "Login via SSO" button is always injected into the Strapi login page, allowing users to authenticate via OIDC. The button text is configurable via the `OIDC_SSO_BUTTON_TEXT` config option.
+- **Enforce OIDC Login**: When enabled, the standard email/password fields, remember me checkbox, login button, and forgot-password link are removed from the login page, leaving only the SSO button. All direct login API calls are also blocked server-side. _(Note: This option is automatically disabled and grayed out if your whitelist is empty to prevent accidentally locking everyone out of the admin panel)._
+- **`OIDC_ENFORCE` config override**: Setting `OIDC_ENFORCE: true` or `OIDC_ENFORCE: false` in your plugin config takes priority over the Admin UI toggle and locks it. Set `OIDC_ENFORCE: false` in your config to regain access if you are ever locked out, then restart Strapi.
 
 ## Credits & Changes
 
@@ -97,10 +92,10 @@ This plugin is a hard fork of the original [`strapi-plugin-sso`](https://github.
 - Redesigned the Whitelist and Role management UI (switched to native Strapi cards, added pagination, etc.).
 - Added an OIDC logout redirect URL.
 - Added an option to "Enforce OIDC login" with an admin toggle (automatically disabled if the whitelist is empty).
-- Added configurable "Remember Me" duration for sessions (`REMEMBER_ME_DAYS`).
+- Added "Remember Me" support for OIDC sessions, using Strapi's built-in refresh token duration and idle lifespan.
 - Migrated the testing framework to Vitest and added comprehensive test coverage for controllers and services.
 - Cleaned up dead code and unused dependencies to improve maintainability.
 - Upgraded to use newer versions of Node.js.
 - Added styled success and error pages.
-- Added an optional "Login via SSO" button on the Strapi login page, allowing users to authenticate via OIDC without enforcing it for everyone. Button text is configurable from the admin settings.
+- Always injects a "Login via SSO" button on the Strapi login page. Button text is configurable via `OIDC_SSO_BUTTON_TEXT`. When enforcement is on, standard login fields are hidden so only the SSO button is visible.
 - Added misc. quality of life improvements and bug fixes.

package/dist/admin/{index-CYL_geya.js → index-BqyGGX8X.js}

@@ -7,26 +7,19 @@ const react = require("react");
 const designSystem = require("@strapi/design-system");
 const icons = require("@strapi/icons");
 const reactIntl = require("react-intl");
-const index = require("./index-Cxj6lwW7.js");
+const index = require("./index-Cse9ex24.js");
 const styled = require("styled-components");
 const _interopDefault = (e) => e && e.__esModule ? e : { default: e };
 const styled__default = /* @__PURE__ */ _interopDefault(styled);
-function getTrad(id) {
-  const pluginIdWithId = `${index.pluginId}.${id}`;
-  return {
-    id: pluginIdWithId,
-    defaultMessage: index.en[id] || pluginIdWithId
-  };
-}
 function Role({ oidcRoles, roles, onChangeRole }) {
   const { formatMessage } = reactIntl.useIntl();
   return /* @__PURE__ */ jsxRuntime.jsxs(jsxRuntime.Fragment, { children: [
-    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { tag: "p", variant: "omega", textColor: "neutral600", marginBottom: 4, children: formatMessage(getTrad("roles.notes")) }),
+    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { tag: "p", variant: "omega", textColor: "neutral600", marginBottom: 4, children: formatMessage(index.getTrad("roles.notes")) }),
     /* @__PURE__ */ jsxRuntime.jsx(designSystem.Flex, { direction: "column", alignItems: "stretch", gap: 4, marginBottom: 4, children: oidcRoles.map((oidcRole) => /* @__PURE__ */ jsxRuntime.jsx(designSystem.Box, { children: /* @__PURE__ */ jsxRuntime.jsx(
       designSystem.MultiSelect,
       {
         withTags: true,
-        placeholder: formatMessage(getTrad("roles.placeholder")),
+        placeholder: formatMessage(index.getTrad("roles.placeholder")),
         value: oidcRole.role ? oidcRole.role.map((r) => String(r)) : [],
         onChange: (value) => {
           if (value && value.length > 0) {
@@ -78,7 +71,7 @@ function Whitelist({
     if (users.some((user) => user.email === emailText)) {
       toggleNotification({
         type: "warning",
-        message: formatMessage(getTrad("whitelist.error.unique"))
+        message: formatMessage(index.getTrad("whitelist.error.unique"))
       });
     } else {
       await onSave(emailText, selectedRoles);
@@ -90,8 +83,8 @@ function Whitelist({
     const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
     return emailRegex.test(email);
   }, [email]);
-  return /* @__PURE__ */ jsxRuntime.jsx(jsxRuntime.Fragment, { children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Box, { children: [
-    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { tag: "p", variant: "omega", textColor: "neutral600", marginBottom: 4, children: formatMessage(getTrad("whitelist.description")) }),
+  return /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Box, { children: [
+    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { tag: "p", variant: "omega", textColor: "neutral600", marginBottom: 4, children: formatMessage(index.getTrad("whitelist.description")) }),
     useWhitelist && /* @__PURE__ */ jsxRuntime.jsxs(jsxRuntime.Fragment, { children: [
       /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { gap: 4, marginTop: 5, marginBottom: 5, alignItems: "flex-start", children: [
         /* @__PURE__ */ jsxRuntime.jsx(designSystem.Box, { style: { flex: 1 }, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Field.Root, { children: /* @__PURE__ */ jsxRuntime.jsx(
@@ -102,14 +95,14 @@ function Whitelist({
             value: email,
             hasError: Boolean(email && !isValidEmail()),
             onChange: (e) => setEmail(e.currentTarget.value),
-            placeholder: formatMessage(getTrad("whitelist.email.placeholder"))
+            placeholder: formatMessage(index.getTrad("whitelist.email.placeholder"))
           }
         ) }) }),
         /* @__PURE__ */ jsxRuntime.jsx(designSystem.Box, { style: { flex: 1 }, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Field.Root, { children: /* @__PURE__ */ jsxRuntime.jsx(
           designSystem.MultiSelect,
           {
             withTags: true,
-            placeholder: formatMessage(getTrad("whitelist.roles.placeholder")),
+            placeholder: formatMessage(index.getTrad("whitelist.roles.placeholder")),
             value: selectedRoles,
             onChange: (value) => {
               setSelectedRoles(value || []);
@@ -125,20 +118,20 @@ function Whitelist({
             disabled: loading || email.trim() === "" || !isValidEmail(),
             loading,
             onClick: onSaveEmail,
-            children: formatMessage(getTrad("page.add"))
+            children: formatMessage(index.getTrad("page.add"))
           }
         ) })
       ] }),
       /* @__PURE__ */ jsxRuntime.jsx(designSystem.Divider, {}),
       /* @__PURE__ */ jsxRuntime.jsxs(CustomTable, { colCount: 5, rowCount: users.length, children: [
         /* @__PURE__ */ jsxRuntime.jsx(designSystem.Thead, { children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Tr, { children: [
-          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { children: formatMessage(getTrad("whitelist.table.no")) }),
-          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { children: formatMessage(getTrad("whitelist.table.email")) }),
-          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { children: formatMessage(getTrad("whitelist.table.roles")) }),
-          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { children: formatMessage(getTrad("whitelist.table.created")) }),
+          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { children: formatMessage(index.getTrad("whitelist.table.no")) }),
+          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { children: formatMessage(index.getTrad("whitelist.table.email")) }),
+          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { children: formatMessage(index.getTrad("whitelist.table.roles")) }),
+          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { children: formatMessage(index.getTrad("whitelist.table.created")) }),
           /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { style: { paddingRight: 0 }, children: " " })
         ] }) }),
-        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Tbody, { children: users.length === 0 ? /* @__PURE__ */ jsxRuntime.jsx(designSystem.Tr, { children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Td, { colSpan: 5, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Flex, { justifyContent: "center", padding: 4, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { textColor: "neutral600", children: formatMessage(getTrad("whitelist.table.empty")) }) }) }) }) : paginatedUsers.map((user, index2) => {
+        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Tbody, { children: users.length === 0 ? /* @__PURE__ */ jsxRuntime.jsx(designSystem.Tr, { children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Td, { colSpan: 5, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Flex, { justifyContent: "center", padding: 4, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { textColor: "neutral600", children: formatMessage(index.getTrad("whitelist.table.empty")) }) }) }) }) : paginatedUsers.map((user, index$1) => {
           const getRoleNames = (roleIds) => roleIds.map((roleId) => {
             const r = roles.find((ro) => String(ro.id) === String(roleId));
             return r ? r.name : roleId;
@@ -152,7 +145,7 @@ function Whitelist({
             userRolesNames = getRoleNames(defaultRolesIds);
           }
           return /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Tr, { children: [
-            /* @__PURE__ */ jsxRuntime.jsx(designSystem.Td, { children: index2 + 1 + (page - 1) * PAGE_SIZE }),
+            /* @__PURE__ */ jsxRuntime.jsx(designSystem.Td, { children: index$1 + 1 + (page - 1) * PAGE_SIZE }),
             /* @__PURE__ */ jsxRuntime.jsx(designSystem.Td, { children: user.email }),
             /* @__PURE__ */ jsxRuntime.jsx(designSystem.Td, { children: userRolesNames || "-" }),
             /* @__PURE__ */ jsxRuntime.jsx(designSystem.Td, { children: /* @__PURE__ */ jsxRuntime.jsx(LocalizedDate, { date: user.createdAt }) }),
@@ -166,27 +159,27 @@ function Whitelist({
                   /* @__PURE__ */ jsxRuntime.jsx(designSystem.Dialog.Trigger, { children: /* @__PURE__ */ jsxRuntime.jsx(
                     designSystem.IconButton,
                     {
-                      label: formatMessage(getTrad("whitelist.delete.label")),
+                      label: formatMessage(index.getTrad("whitelist.delete.label")),
                       withTooltip: false,
                       children: /* @__PURE__ */ jsxRuntime.jsx(icons.Trash, {})
                     }
                   ) }),
                   /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Dialog.Content, { children: [
-                    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Dialog.Header, { children: formatMessage(getTrad("whitelist.delete.title")) }),
+                    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Dialog.Header, { children: formatMessage(index.getTrad("whitelist.delete.title")) }),
                     /* @__PURE__ */ jsxRuntime.jsx(designSystem.Dialog.Body, { icon: /* @__PURE__ */ jsxRuntime.jsx(icons.WarningCircle, { fill: "danger600" }), children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { direction: "column", alignItems: "center", gap: 2, children: [
-                      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Flex, { justifyContent: "center", children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { id: "confirm-description", children: formatMessage(getTrad("whitelist.delete.description")) }) }),
+                      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Flex, { justifyContent: "center", children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { id: "confirm-description", children: formatMessage(index.getTrad("whitelist.delete.description")) }) }),
                       /* @__PURE__ */ jsxRuntime.jsx(designSystem.Flex, { justifyContent: "center", children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "omega", fontWeight: "bold", children: user.email }) }),
-                      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Flex, { justifyContent: "center", marginTop: 2, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "pi", textColor: "neutral600", children: formatMessage(getTrad("whitelist.delete.note")) }) })
+                      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Flex, { justifyContent: "center", marginTop: 2, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "pi", textColor: "neutral600", children: formatMessage(index.getTrad("whitelist.delete.note")) }) })
                     ] }) }),
                     /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Dialog.Footer, { children: [
-                      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Dialog.Cancel, { children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Button, { fullWidth: true, variant: "tertiary", children: formatMessage(getTrad("page.cancel")) }) }),
+                      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Dialog.Cancel, { children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Button, { fullWidth: true, variant: "tertiary", children: formatMessage(index.getTrad("page.cancel")) }) }),
                       /* @__PURE__ */ jsxRuntime.jsx(designSystem.Dialog.Action, { children: /* @__PURE__ */ jsxRuntime.jsx(
                         designSystem.Button,
                         {
                           fullWidth: true,
                           variant: "danger-light",
                           onClick: () => onDelete(user.email),
-                          children: formatMessage(getTrad("page.ok"))
+                          children: formatMessage(index.getTrad("page.ok"))
                         }
                       ) })
                     ] })
@@ -206,10 +199,10 @@ function Whitelist({
               e.preventDefault();
               setPage((p) => Math.max(1, p - 1));
             },
-            children: "Go to previous page"
+            children: formatMessage(index.getTrad("pagination.previous"))
           }
         ),
-        Array.from({ length: pageCount }).map((_, i) => /* @__PURE__ */ jsxRuntime.jsxs(
+        Array.from({ length: pageCount }).map((_, i) => /* @__PURE__ */ jsxRuntime.jsx(
           designSystem.PageLink,
           {
             number: i + 1,
@@ -218,10 +211,7 @@ function Whitelist({
               e.preventDefault();
               setPage(i + 1);
             },
-            children: [
-              "Go to page ",
-              i + 1
-            ]
+            children: formatMessage(index.getTrad("pagination.page"), { page: i + 1 })
           },
           i + 1
         )),
@@ -233,12 +223,12 @@ function Whitelist({
               e.preventDefault();
               setPage((p) => Math.min(pageCount, p + 1));
             },
-            children: "Go to next page"
+            children: formatMessage(index.getTrad("pagination.next"))
           }
         )
       ] }) }) })
     ] })
-  ] }) });
+  ] });
 }
 const AlertMessage = styled__default.default.div`
   position: fixed;
@@ -250,11 +240,29 @@ const AlertMessage = styled__default.default.div`
 `;
 function SuccessAlertMessage({ onClose }) {
   const { formatMessage } = reactIntl.useIntl();
-  return /* @__PURE__ */ jsxRuntime.jsx(AlertMessage, { children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Alert, { title: "Success", variant: "success", closeLabel: "", onClose, children: formatMessage(getTrad("page.save.success")) }) });
+  return /* @__PURE__ */ jsxRuntime.jsx(AlertMessage, { children: /* @__PURE__ */ jsxRuntime.jsx(
+    designSystem.Alert,
+    {
+      title: formatMessage(index.getTrad("alert.title.success")),
+      variant: "success",
+      closeLabel: "",
+      onClose,
+      children: formatMessage(index.getTrad("page.save.success"))
+    }
+  ) });
 }
 function ErrorAlertMessage({ onClose }) {
   const { formatMessage } = reactIntl.useIntl();
-  return /* @__PURE__ */ jsxRuntime.jsx(AlertMessage, { children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Alert, { title: "Error", variant: "danger", closeLabel: "", onClose, children: formatMessage(getTrad("page.save.error")) }) });
+  return /* @__PURE__ */ jsxRuntime.jsx(AlertMessage, { children: /* @__PURE__ */ jsxRuntime.jsx(
+    designSystem.Alert,
+    {
+      title: formatMessage(index.getTrad("alert.title.error")),
+      variant: "danger",
+      closeLabel: "",
+      onClose,
+      children: formatMessage(index.getTrad("page.save.error"))
+    }
+  ) });
 }
 function MatchedUserAlertMessage({
   onClose,
@@ -262,7 +270,16 @@ function MatchedUserAlertMessage({
 }) {
   const { formatMessage } = reactIntl.useIntl();
   const id = count > 1 ? "whitelist.users_exists" : "whitelist.user_exists";
-  return /* @__PURE__ */ jsxRuntime.jsx(AlertMessage, { children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Alert, { title: "Info", variant: "default", closeLabel: "", onClose, children: formatMessage(getTrad(id)) }) });
+  return /* @__PURE__ */ jsxRuntime.jsx(AlertMessage, { children: /* @__PURE__ */ jsxRuntime.jsx(
+    designSystem.Alert,
+    {
+      title: formatMessage(index.getTrad("alert.title.info")),
+      variant: "default",
+      closeLabel: "",
+      onClose,
+      children: formatMessage(index.getTrad(id))
+    }
+  ) });
 }
 const SwitchContainer = styled__default.default.label`
   position: relative;
@@ -346,12 +363,9 @@ function useOidcSettings() {
   const [useWhitelist, setUseWhitelist] = react.useState(false);
   const [initialEnforceOIDC, setInitialEnforceOIDC] = react.useState(false);
   const [enforceOIDC, setEnforceOIDC] = react.useState(false);
+  const [enforceOIDCConfig, setEnforceOIDCConfig] = react.useState(null);
   const [initialUsers, setInitialUsers] = react.useState([]);
   const [users, setUsers] = react.useState([]);
-  const [initialShowSSOButton, setInitialShowSSOButton] = react.useState(true);
-  const [showSSOButton, setShowSSOButton] = react.useState(true);
-  const [initialSSOButtonText, setInitialSSOButtonText] = react.useState("Login via SSO");
-  const [ssoButtonText, setSSOButtonText] = react.useState("Login via SSO");
   react.useEffect(() => {
     get(`/strapi-plugin-oidc/oidc-roles`).then((response) => {
       setOIDCRoles(response.data);
@@ -367,10 +381,7 @@ function useOidcSettings() {
       setInitialUseWhitelist(response.data.useWhitelist);
       setEnforceOIDC(response.data.enforceOIDC);
       setInitialEnforceOIDC(response.data.enforceOIDC);
-      setShowSSOButton(response.data.showSSOButton !== false);
-      setInitialShowSSOButton(response.data.showSSOButton !== false);
-      setSSOButtonText(response.data.ssoButtonText || "Login via SSO");
-      setInitialSSOButtonText(response.data.ssoButtonText || "Login via SSO");
+      setEnforceOIDCConfig(response.data.enforceOIDCConfig ?? null);
     });
   }, [get]);
   const onChangeRole = (values, oidcId) => {
@@ -400,13 +411,7 @@ function useOidcSettings() {
   const onToggleEnforce = (e) => {
     setEnforceOIDC(e.target.checked);
   };
-  const onToggleShowSSOButton = (e) => {
-    setShowSSOButton(e.target.checked);
-  };
-  const onChangeSSOButtonText = (e) => {
-    setSSOButtonText(e.target.value);
-  };
-  const isDirty = useWhitelist !== initialUseWhitelist || enforceOIDC !== initialEnforceOIDC || showSSOButton !== initialShowSSOButton || ssoButtonText !== initialSSOButtonText || JSON.stringify(oidcRoles) !== JSON.stringify(initialOidcRoles) || JSON.stringify(users) !== JSON.stringify(initialUsers);
+  const isDirty = useWhitelist !== initialUseWhitelist || enforceOIDC !== initialEnforceOIDC || JSON.stringify(oidcRoles) !== JSON.stringify(initialOidcRoles) || JSON.stringify(users) !== JSON.stringify(initialUsers);
   const onSaveAll = async () => {
     setLoading(true);
     try {
@@ -421,15 +426,11 @@ function useOidcSettings() {
       });
       await put("/strapi-plugin-oidc/whitelist/settings", {
         useWhitelist,
-        enforceOIDC,
-        showSSOButton,
-        ssoButtonText
+        enforceOIDC
       });
       setInitialOIDCRoles(JSON.parse(JSON.stringify(oidcRoles)));
       setInitialUseWhitelist(useWhitelist);
       setInitialEnforceOIDC(enforceOIDC);
-      setInitialShowSSOButton(showSSOButton);
-      setInitialSSOButtonText(ssoButtonText);
       get("/strapi-plugin-oidc/whitelist").then((getResponse) => {
         setUsers(getResponse.data.whitelistUsers);
         setInitialUsers(JSON.parse(JSON.stringify(getResponse.data.whitelistUsers)));
@@ -459,10 +460,9 @@ function useOidcSettings() {
       roles,
       useWhitelist,
       enforceOIDC,
+      enforceOIDCConfig,
       initialEnforceOIDC,
       users,
-      showSSOButton,
-      ssoButtonText,
       isDirty
     },
     actions: {
@@ -474,8 +474,6 @@ function useOidcSettings() {
       onDeleteWhitelist,
       onToggleWhitelist,
       onToggleEnforce,
-      onToggleShowSSOButton,
-      onChangeSSOButtonText,
       onSaveAll
     }
   };
@@ -487,8 +485,8 @@ function HomePage$1() {
     /* @__PURE__ */ jsxRuntime.jsx(
       admin.Layouts.Header,
       {
-        title: formatMessage(getTrad("page.title.oidc")),
-        subtitle: formatMessage(getTrad("page.title"))
+        title: formatMessage(index.getTrad("page.title.oidc")),
+        subtitle: formatMessage(index.getTrad("page.title"))
       }
     ),
     state.showSuccess && /* @__PURE__ */ jsxRuntime.jsx(SuccessAlertMessage, { onClose: () => actions.setSuccess(false) }),
@@ -496,7 +494,7 @@ function HomePage$1() {
     state.showMatched > 0 && /* @__PURE__ */ jsxRuntime.jsx(MatchedUserAlertMessage, { count: state.showMatched, onClose: () => actions.setMatched(0) }),
     /* @__PURE__ */ jsxRuntime.jsx(admin.Layouts.Content, { children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { direction: "column", alignItems: "stretch", gap: 6, children: [
       /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Box, { background: "neutral0", hasRadius: true, shadow: "filterShadow", padding: 6, children: [
-        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Box, { paddingBottom: 4, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "beta", tag: "h2", children: formatMessage(getTrad("roles.title")) }) }),
+        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Box, { paddingBottom: 4, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "beta", tag: "h2", children: formatMessage(index.getTrad("roles.title")) }) }),
         /* @__PURE__ */ jsxRuntime.jsx(
           Role,
           {
@@ -508,13 +506,13 @@ function HomePage$1() {
       ] }),
       /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Box, { background: "neutral0", hasRadius: true, shadow: "filterShadow", padding: 6, children: [
         /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { justifyContent: "space-between", paddingBottom: 4, children: [
-          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "beta", tag: "h2", children: formatMessage(getTrad("whitelist.title")) }),
+          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "beta", tag: "h2", children: formatMessage(index.getTrad("whitelist.title")) }),
           /* @__PURE__ */ jsxRuntime.jsx(
             CustomSwitch,
             {
               checked: state.useWhitelist,
               onChange: actions.onToggleWhitelist,
-              label: state.useWhitelist ? formatMessage(getTrad("whitelist.toggle.enabled")) : formatMessage(getTrad("whitelist.toggle.disabled"))
+              label: state.useWhitelist ? formatMessage(index.getTrad("whitelist.toggle.enabled")) : formatMessage(index.getTrad("whitelist.toggle.disabled"))
             }
           )
         ] }),
@@ -532,58 +530,28 @@ function HomePage$1() {
         )
       ] }),
       /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Box, { background: "neutral0", hasRadius: true, shadow: "filterShadow", padding: 6, children: [
-        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Box, { paddingBottom: 6, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "beta", tag: "h2", children: formatMessage(getTrad("login.settings.title")) }) }),
-        /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { direction: "column", alignItems: "stretch", gap: 4, children: [
-          /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { direction: "column", alignItems: "stretch", gap: 2, children: [
-            /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { alignItems: "center", gap: 3, wrap: "wrap", children: [
-              /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "omega", style: { minWidth: "280px" }, children: formatMessage(getTrad("enforce.title")) }),
-              /* @__PURE__ */ jsxRuntime.jsx(designSystem.Box, { minWidth: "160px", children: /* @__PURE__ */ jsxRuntime.jsx(
-                CustomSwitch,
-                {
-                  checked: state.enforceOIDC,
-                  onChange: actions.onToggleEnforce,
-                  disabled: state.useWhitelist && state.users.length === 0,
-                  label: state.enforceOIDC ? formatMessage(getTrad("enforce.toggle.enabled")) : formatMessage(getTrad("enforce.toggle.disabled"))
-                }
-              ) })
-            ] }),
-            state.enforceOIDC && state.enforceOIDC !== state.initialEnforceOIDC && /* @__PURE__ */ jsxRuntime.jsx(designSystem.Box, { background: "danger100", padding: 3, hasRadius: true, children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { gap: 3, alignItems: "center", children: [
-              /* @__PURE__ */ jsxRuntime.jsx(icons.WarningCircle, { fill: "danger600" }),
-              /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { textColor: "danger600", children: formatMessage(getTrad("enforce.warning")) })
-            ] }) })
-          ] }),
+        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Box, { paddingBottom: 6, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "beta", tag: "h2", children: formatMessage(index.getTrad("login.settings.title")) }) }),
+        /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { direction: "column", alignItems: "stretch", gap: 2, children: [
           /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { alignItems: "center", gap: 3, wrap: "wrap", children: [
-            /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "omega", style: { minWidth: "280px" }, children: formatMessage(getTrad("login.sso.show")) }),
+            /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "omega", style: { minWidth: "280px" }, children: formatMessage(index.getTrad("enforce.title")) }),
             /* @__PURE__ */ jsxRuntime.jsx(designSystem.Box, { minWidth: "160px", children: /* @__PURE__ */ jsxRuntime.jsx(
               CustomSwitch,
               {
-                checked: state.showSSOButton,
-                onChange: actions.onToggleShowSSOButton,
-                label: state.showSSOButton ? formatMessage(getTrad("enforce.toggle.enabled")) : formatMessage(getTrad("enforce.toggle.disabled"))
+                checked: state.enforceOIDC,
+                onChange: actions.onToggleEnforce,
+                disabled: state.enforceOIDCConfig !== null || state.useWhitelist && state.users.length === 0,
+                label: state.enforceOIDC ? formatMessage(index.getTrad("enforce.toggle.enabled")) : formatMessage(index.getTrad("enforce.toggle.disabled"))
               }
             ) })
           ] }),
-          state.showSSOButton && /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { alignItems: "center", gap: 3, wrap: "wrap", children: [
-            /* @__PURE__ */ jsxRuntime.jsx(
-              designSystem.Typography,
-              {
-                variant: "omega",
-                tag: "label",
-                htmlFor: "sso-button-text",
-                style: { minWidth: "280px" },
-                children: formatMessage(getTrad("login.sso.button.text.label"))
-              }
-            ),
-            /* @__PURE__ */ jsxRuntime.jsx(designSystem.Box, { style: { flex: 1, minWidth: "160px" }, children: /* @__PURE__ */ jsxRuntime.jsx(
-              designSystem.TextInput,
-              {
-                id: "sso-button-text",
-                "aria-label": formatMessage(getTrad("login.sso.button.text.label")),
-                value: state.ssoButtonText,
-                onChange: actions.onChangeSSOButtonText
-              }
-            ) })
-          ] })
+          state.enforceOIDCConfig !== null && /* @__PURE__ */ jsxRuntime.jsx(designSystem.Box, { background: "primary100", padding: 3, hasRadius: true, children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { gap: 3, alignItems: "center", children: [
+            /* @__PURE__ */ jsxRuntime.jsx(icons.Information, { fill: "primary600" }),
+            /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { textColor: "primary600", children: formatMessage(index.getTrad("enforce.config.info")) })
+          ] }) }),
+          state.enforceOIDCConfig === null && state.enforceOIDC && state.enforceOIDC !== state.initialEnforceOIDC && /* @__PURE__ */ jsxRuntime.jsx(designSystem.Box, { background: "danger100", padding: 3, hasRadius: true, children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { gap: 3, alignItems: "center", children: [
+            /* @__PURE__ */ jsxRuntime.jsx(icons.WarningCircle, { fill: "danger600" }),
+            /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { textColor: "danger600", children: formatMessage(index.getTrad("enforce.warning")) })
+          ] }) })
         ] })
       ] }),
       /* @__PURE__ */ jsxRuntime.jsx(designSystem.Flex, { justifyContent: "flex-end", children: /* @__PURE__ */ jsxRuntime.jsx(
@@ -593,7 +561,7 @@ function HomePage$1() {
           onClick: actions.onSaveAll,
           disabled: !state.isDirty || state.loading,
           loading: state.loading,
-          children: formatMessage(getTrad("page.save"))
+          children: formatMessage(index.getTrad("page.save"))
         }
       ) })
     ] }) })