diff --git a/apps/argocd-config/argocd-cm.yaml b/apps/argocd-config/argocd-cm.yaml
index e6a3aa0..a47e4b3 100644
--- a/apps/argocd-config/argocd-cm.yaml
+++ b/apps/argocd-config/argocd-cm.yaml
@@ -9,21 +9,13 @@ metadata:
 data:
   url: "https://argocd.k3s.stabify.de"
   
-  # DEX Config statt OIDC (für CLI Support)
-  dex.config: |
-    connectors:
-    - config:
-        issuer: https://auth.apps.k3s.stabify.de/application/o/argocd/
-        clientID: wETzydDHkt2EbIY0I2MqFyC0lTv3OpHbDkRNhoKP
-        clientSecret: $argocd-oidc-secret:dex.authentik.clientSecret
-        insecureEnableGroups: true
-        scopes:
-          - openid
-          - profile
-          - email
-      name: authentik
-      type: oidc
-      id: authentik
+  # OIDC Direct Config (Dex Bypass)
+  oidc.config: |
+    name: Authentik
+    issuer: https://auth.apps.k3s.stabify.de/application/o/argocd/
+    clientID: $argocd-oidc-secret:oidc.authentik.clientId
+    clientSecret: $argocd-oidc-secret:oidc.authentik.clientSecret
+    requestedScopes: ["openid", "profile", "email", "groups"]
 
   # Resource Customizations (unverändert)
   resource.customizations.ignoreResourceUpdates.ConfigMap: |
diff --git a/apps/argocd-config/external-secret.yaml b/apps/argocd-config/external-secret.yaml
index 9a8c869..38cd1fb 100644
--- a/apps/argocd-config/external-secret.yaml
+++ b/apps/argocd-config/external-secret.yaml
@@ -13,11 +13,10 @@ spec:
     template:
       engineVersion: v2
       data:
-        # ArgoCD Dex Config Key
-        dex.authentik.clientSecret: "{{ .oidc_client_secret }}"
-        # Dex braucht keine clientID im Secret, die steht in der ConfigMap.
-        # Aber wir können sie hier lassen oder entfernen.
-        oidc.authentik.clientId: "{{ .oidc_client_id }}" # Legacy / Optional
+        # ArgoCD OIDC Config Keys
+        oidc.authentik.clientId: "{{ .oidc_client_id }}"
+        oidc.authentik.clientSecret: "{{ .oidc_client_secret }}"
+
 
   data:
     - secretKey: client_id