project-afterlife/apps/cms/config/plugins.ts

export default () => ({
  i18n: {
    enabled: true,
    config: {
      defaultLocale: "es",
      locales: ["es", "en"],
    },
  },
  "users-permissions": {
    config: {
      providers: {
        // Authentik OIDC provider for CMS admin SSO
        authentik: {
          enabled: true,
          icon: "authentik",
          key: "",
          secret: "",
          callback: `${process.env.PUBLIC_STRAPI_URL || "http://localhost:1337"}/api/auth/authentik/callback`,
          scope: ["openid", "email", "profile"],
          // Authentik endpoints
          authorization_endpoint: `${process.env.AUTHENTIK_URL || "http://10.0.0.20:9000"}/application/o/authorize/`,
          access_token_endpoint: `${process.env.AUTHENTIK_URL || "http://10.0.0.20:9000"}/application/o/token/`,
          access_token_params: {},
          grant_type: "authorization_code",
        },
      },
    },
  },
});