Hello & thanks for your work so far.
I'm currently testing your plugin with our Strapi app and I run into the following problem:
Initialize new Strapi instance with a clean database and create your Super Admin user - let's say with email user1@domain.com
Go to /admin & login as user1@domain.com with your choosen password. Everything works normally.
Logout & Go to /strapi-plugin-sso/oidc & login with user2@domain.com.
Logout, go to /admin & login as user1@domain.com again. Now your user1 lost its Super Admin role despite never been managed via the sso plugin at all.
I initialy didn't choose any role at the SSO page in the admin panel because I want to set roles for the users individually. When I choose lets say author as default role even the Super Admin user1 gets assigned the author role and loses its Super Admin role.
In my case Admins, Editors & Authors will use the same OAuth Provider (Nextcloud in my case with OIDC Plugin).
Strapi Version: 4.24.5
Node Version: 18.20.3
Plugin config:
'strapi-plugin-sso': {
enabled: true,
config: {
// Either sets token to session storage if false or local storage if true
REMEMBER_ME: true,
// OpenID Connect
OIDC_REDIRECT_URI: env('API_URL') + '/strapi-plugin-sso/oidc/callback', // URI after successful login
OIDC_CLIENT_ID: env('OIDC_CLIENT_ID'),
OIDC_CLIENT_SECRET: env('OIDC_CLIENT_SECRET'),
OIDC_SCOPES: 'openid profile email', // https://oauth.net/2/scope/
// API Endpoints required for OIDC
OIDC_AUTHORIZATION_ENDPOINT: 'https://domain.cloud/index.php/apps/oidc/authorize',
OIDC_TOKEN_ENDPOINT: 'https://domain.cloud/index.php/apps/oidc/token',
OIDC_USER_INFO_ENDPOINT: 'https://domain.cloud/index.php/apps/oidc/userinfo',
OIDC_USER_INFO_ENDPOINT_WITH_AUTH_HEADER: true,
OIDC_GRANT_TYPE: 'authorization_code', // https://oauth.net/2/grant-types/
// customizable username arguments
OIDC_FAMILY_NAME_FIELD: 'name',
OIDC_GIVEN_NAME_FIELD: 'given_name', // Nextcloud doesn't have distinct first-/last name fields
}
}
With this behavior the plugin is basically useless for us, because just granting Super Admin role as default for everyone is obviously no option.
Hello & thanks for your work so far. I'm currently testing your plugin with our Strapi app and I run into the following problem:
user1@domain.comuser1@domain.comwith your choosen password. Everything works normally.user2@domain.com.user1@domain.comagain. Now your user1 lost its Super Admin role despite never been managed via the sso plugin at all.I initialy didn't choose any role at the SSO page in the admin panel because I want to set roles for the users individually. When I choose lets say
authoras default role even the Super Adminuser1gets assigned theauthorrole and loses its Super Admin role.In my case Admins, Editors & Authors will use the same OAuth Provider (Nextcloud in my case with OIDC Plugin).
Strapi Version: 4.24.5 Node Version: 18.20.3
Plugin config:
With this behavior the plugin is basically useless for us, because just granting Super Admin role as default for everyone is obviously no option.