strapi-plugin-oidc 1.3.1 → 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +2 -2
  2. package/dist/server/index.js +15 -0
  3. package/dist/server/index.mjs +15 -0
  4. package/package.json +1 -1
package/README.md CHANGED
@@ -70,7 +70,7 @@ Once configured, you can initiate the OIDC login flow by navigating to:
70
70
 
71
71
  (e.g., `http://localhost:1337/strapi-plugin-oidc/oidc` for local development).
72
72
 
73
- When the **Enforce OIDC Login** option is enabled in the Admin Settings, the standard Strapi admin login page will be automatically redirected to this URL.
73
+ When the **Enforce OIDC Login** option is enabled in the Admin Settings, the standard login fields are removed from the login page and only the SSO button remains — click it to start the OIDC flow.
74
74
 
75
75
  ## Admin Settings
76
76
 
@@ -79,7 +79,7 @@ Once the plugin is installed and configured, you can manage the OIDC settings fr
79
79
  - **Whitelist Management**: Restrict login to specific users by adding their email addresses to the whitelist. You can also whitelist entire email domains (e.g., `*@company.com`). If the whitelist is empty, any user who successfully authenticates via your OIDC provider will be able to log in and an account will be automatically created for them.
80
80
  - **Default Role Assignment**: Select the default Strapi admin role that will be assigned to newly created users when they log in for the first time via OIDC.
81
81
  - **SSO Login Button**: A "Login via SSO" button is always injected into the Strapi login page, allowing users to authenticate via OIDC. The button text is configurable via the `OIDC_SSO_BUTTON_TEXT` config option.
82
- - **Enforce OIDC Login**: When enabled, the standard email/password fields, remember me checkbox, and login button are hidden on the login page, leaving only the SSO button. All direct login API calls are also blocked server-side. _(Note: This option is automatically disabled and grayed out if your whitelist is empty to prevent accidentally locking everyone out of the admin panel)._
82
+ - **Enforce OIDC Login**: When enabled, the standard email/password fields, remember me checkbox, login button, and forgot-password link are removed from the login page, leaving only the SSO button. All direct login API calls are also blocked server-side. _(Note: This option is automatically disabled and grayed out if your whitelist is empty to prevent accidentally locking everyone out of the admin panel)._
83
83
  - **`OIDC_ENFORCE` config override**: Setting `OIDC_ENFORCE: true` or `OIDC_ENFORCE: false` in your plugin config takes priority over the Admin UI toggle and locks it. Set `OIDC_ENFORCE: false` in your config to regain access if you are ever locked out, then restart Strapi.
84
84
 
85
85
  ## Credits & Changes
package/dist/server/index.js CHANGED
@@ -95,6 +95,21 @@ async function bootstrap({ strapi: strapi2 }) {
95
95
  }
96
96
  ];
97
97
  await strapi2.admin.services.permission.actionProvider.registerMany(actions);
98
+ const enforceOIDCConfig = getEnforceOIDCConfig(strapi2);
99
+ if (enforceOIDCConfig !== null) {
100
+ try {
101
+ const whitelistService2 = strapi2.plugin("strapi-plugin-oidc").service("whitelist");
102
+ const settings = await whitelistService2.getSettings();
103
+ if (settings.enforceOIDC !== enforceOIDCConfig) {
104
+ await whitelistService2.setSettings({ ...settings, enforceOIDC: enforceOIDCConfig });
105
+ strapi2.log.info(
106
+ `[strapi-plugin-oidc] OIDC_ENFORCE=${enforceOIDCConfig} written to database settings`
107
+ );
108
+ }
109
+ } catch (err) {
110
+ strapi2.log.error("[strapi-plugin-oidc] Failed to sync OIDC_ENFORCE to database:", err);
111
+ }
112
+ }
98
113
  try {
99
114
  const oidcRoleCount = await strapi2.query("plugin::strapi-plugin-oidc.roles").count({
100
115
  where: { oauth_type: "4" }
package/dist/server/index.mjs CHANGED
@@ -89,6 +89,21 @@ async function bootstrap({ strapi: strapi2 }) {
89
89
  }
90
90
  ];
91
91
  await strapi2.admin.services.permission.actionProvider.registerMany(actions);
92
+ const enforceOIDCConfig = getEnforceOIDCConfig(strapi2);
93
+ if (enforceOIDCConfig !== null) {
94
+ try {
95
+ const whitelistService2 = strapi2.plugin("strapi-plugin-oidc").service("whitelist");
96
+ const settings = await whitelistService2.getSettings();
97
+ if (settings.enforceOIDC !== enforceOIDCConfig) {
98
+ await whitelistService2.setSettings({ ...settings, enforceOIDC: enforceOIDCConfig });
99
+ strapi2.log.info(
100
+ `[strapi-plugin-oidc] OIDC_ENFORCE=${enforceOIDCConfig} written to database settings`
101
+ );
102
+ }
103
+ } catch (err) {
104
+ strapi2.log.error("[strapi-plugin-oidc] Failed to sync OIDC_ENFORCE to database:", err);
105
+ }
106
+ }
92
107
  try {
93
108
  const oidcRoleCount = await strapi2.query("plugin::strapi-plugin-oidc.roles").count({
94
109
  where: { oauth_type: "4" }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "strapi-plugin-oidc",
3
- "version": "1.3.1",
3
+ "version": "1.3.2",
4
4
  "description": "A Strapi plugin that provides OpenID Connect (OIDC) authentication functionality for the Strapi Admin Panel.",
5
5
  "strapi": {
6
6
  "displayName": "OIDC Plugin",