From 38106bee835628aea76b08ce4fac8ed83b139832 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 6 Nov 2024 01:57:43 +0000 Subject: [PATCH] Sync documentation of main branch --- .../main/config/quarkus-all-config.adoc | 464 +----------------- .../config/quarkus-core_quarkus.native.adoc | 3 +- .../quarkus-oidc-client-registration.adoc | 66 --- ...tion_quarkus.oidc-client-registration.adoc | 66 --- .../main/config/quarkus-oidc-client.adoc | 186 +------ ...arkus-oidc-client_quarkus.oidc-client.adoc | 186 +------ _generated-doc/main/config/quarkus-oidc.adoc | 186 +------ .../config/quarkus-oidc_quarkus.oidc.adoc | 186 +------ .../main/config/quarkus-websockets-next.adoc | 23 +- ...bsockets-next_quarkus.websockets-next.adoc | 23 +- .../main/infra/quarkus-all-build-items.adoc | 33 +- .../infra/quarkus-maven-plugin-goals.adoc | 18 + .../main/guides/building-native-image.adoc | 6 +- .../guides/deploying-to-google-cloud.adoc | 4 +- _versions/main/guides/mongodb-panache.adoc | 3 +- _versions/main/guides/mongodb.adoc | 3 +- _versions/main/guides/native-reference.adoc | 7 + .../guides/websockets-next-reference.adoc | 39 +- _versions/main/guides/writing-extensions.adoc | 29 ++ 19 files changed, 185 insertions(+), 1346 deletions(-) diff --git a/_generated-doc/main/config/quarkus-all-config.adoc b/_generated-doc/main/config/quarkus-all-config.adoc index fec5abdb8d0..029ad0b64c8 100644 --- a/_generated-doc/main/config/quarkus-all-config.adoc +++ b/_generated-doc/main/config/quarkus-all-config.adoc @@ -6692,6 +6692,7 @@ Enable monitoring various monitoring options. The value should be comma separate - `heapdump` for heampdump support - `jmxclient` for JMX client support (experimental) - `jmxserver` for JMX server support (experimental) + - `nmt` for native memory tracking support - `all` for all monitoring features @@ -6702,7 +6703,7 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_NATIVE_MONITORING+++` endif::add-copy-button-to-env-var[] -- -a|list of `heapdump`, `jvmstat`, `jfr`, `jmxserver`, `jmxclient`, `all` +a|list of `heapdump`, `jvmstat`, `jfr`, `jmxserver`, `jmxclient`, `nmt`, `all` | a|icon:lock[title=Fixed at build time] [[quarkus-core_quarkus-native-enable-reports]] [.property-path]##link:#quarkus-core_quarkus-native-enable-reports[`quarkus.native.enable-reports`]## @@ -52451,8 +52452,6 @@ a| [[quarkus-oidc_quarkus-oidc-auth-server-url]] [.property-path]##link:#quarkus [.description] -- -The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. Do not set this property if you use 'quarkus-oidc' and the public key verification (`public-key`) or certificate chain verification only (`certificate-chain`) is required. The OIDC discovery endpoint is called by default by appending a `.well-known/openid-configuration` path to this URL. For Keycloak, use `https://host:port/realms/++{++realm++}++`, replacing `++{++realm++}++` with the Keycloak realm name. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTH_SERVER_URL+++[] @@ -52468,8 +52467,6 @@ a| [[quarkus-oidc_quarkus-oidc-discovery-enabled]] [.property-path]##link:#quark [.description] -- -Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DISCOVERY_ENABLED+++[] @@ -52485,8 +52482,6 @@ a| [[quarkus-oidc_quarkus-oidc-registration-path]] [.property-path]##link:#quark [.description] -- -The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_REGISTRATION_PATH+++[] @@ -52502,8 +52497,6 @@ a| [[quarkus-oidc_quarkus-oidc-connection-delay]] [.property-path]##link:#quarku [.description] -- -The duration to attempt the initial connection to an OIDC server. For example, setting the duration to `20S` allows 10 retries, each 2 seconds apart. This property is only effective when the initial OIDC connection is created. For dropped connections, use the `connection-retry-count` property instead. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CONNECTION_DELAY+++[] @@ -52519,8 +52512,6 @@ a| [[quarkus-oidc_quarkus-oidc-connection-retry-count]] [.property-path]##link:# [.description] -- -The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from `connection-delay`, which applies only to initial connection attempts. For instance, if a request to the OIDC token endpoint fails due to a connection issue, it will be retried as per this setting. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CONNECTION_RETRY_COUNT+++[] @@ -52536,8 +52527,6 @@ a| [[quarkus-oidc_quarkus-oidc-connection-timeout]] [.property-path]##link:#quar [.description] -- -The number of seconds after which the current OIDC connection request times out. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CONNECTION_TIMEOUT+++[] @@ -52553,8 +52542,6 @@ a| [[quarkus-oidc_quarkus-oidc-use-blocking-dns-lookup]] [.property-path]##link: [.description] -- -Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_USE_BLOCKING_DNS_LOOKUP+++[] @@ -52570,8 +52557,6 @@ a| [[quarkus-oidc_quarkus-oidc-max-pool-size]] [.property-path]##link:#quarkus-o [.description] -- -The maximum size of the connection pool used by the WebClient. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_MAX_POOL_SIZE+++[] @@ -52587,8 +52572,6 @@ a| [[quarkus-oidc_quarkus-oidc-follow-redirects]] [.property-path]##link:#quarku [.description] -- -Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_FOLLOW_REDIRECTS+++[] @@ -52604,9 +52587,6 @@ a| [[quarkus-oidc_quarkus-oidc-proxy-host]] [.property-path]##link:#quarkus-oidc [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_HOST+++[] @@ -52622,8 +52602,6 @@ a| [[quarkus-oidc_quarkus-oidc-proxy-port]] [.property-path]##link:#quarkus-oidc [.description] -- -The port number of the Proxy. The default value is `80`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_PORT+++[] @@ -52639,8 +52617,6 @@ a| [[quarkus-oidc_quarkus-oidc-proxy-username]] [.property-path]##link:#quarkus- [.description] -- -The username, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_USERNAME+++[] @@ -52656,8 +52632,6 @@ a| [[quarkus-oidc_quarkus-oidc-proxy-password]] [.property-path]##link:#quarkus- [.description] -- -The password, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_PASSWORD+++[] @@ -52673,12 +52647,6 @@ a| [[quarkus-oidc_quarkus-oidc-tls-tls-configuration-name]] [.property-path]##li [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TLS_TLS_CONFIGURATION_NAME+++[] @@ -52694,8 +52662,6 @@ a| [[quarkus-oidc_quarkus-oidc-token-path]] [.property-path]##link:#quarkus-oidc [.description] -- -The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_PATH+++[] @@ -52711,8 +52677,6 @@ a| [[quarkus-oidc_quarkus-oidc-revoke-path]] [.property-path]##link:#quarkus-oid [.description] -- -The relative path or absolute URL of the OIDC token revocation endpoint. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_REVOKE_PATH+++[] @@ -52728,8 +52692,6 @@ a| [[quarkus-oidc_quarkus-oidc-client-id]] [.property-path]##link:#quarkus-oidc_ [.description] -- -The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ID+++[] @@ -52745,8 +52707,6 @@ a| [[quarkus-oidc_quarkus-oidc-client-name]] [.property-path]##link:#quarkus-oid [.description] -- -The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_NAME+++[] @@ -52762,8 +52722,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-secret]] [.property-path]##link:#quar [.description] -- -The client secret used by the `client_secret_basic` authentication method. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. You can use `client-secret.value` instead, but both properties are mutually exclusive. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_SECRET+++[] @@ -52779,8 +52737,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-value]] [.property-path [.description] -- -The client secret value. This value is ignored if `credentials.secret` is set. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_VALUE+++[] @@ -52796,8 +52752,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-name]] [.prope [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++[] @@ -52813,8 +52767,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-keyring-name]] [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++[] @@ -52830,8 +52782,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-key]] [.proper [.description] -- -The CredentialsProvider client secret key - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++[] @@ -52847,8 +52797,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-method]] [.property-pat [.description] -- -The authentication method. If the `clientSecret.value` secret is set, this method is `basic` by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_METHOD+++[] @@ -52857,15 +52805,13 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_METHOD+++` endif::add-copy-button-to-env-var[] -- -a|tooltip:basic[`client_secret_basic` (default)\: The client id and secret are submitted with the HTTP Authorization Basic scheme.], tooltip:post[`client_secret_post`\: The client id and secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:post-jwt[`client_secret_jwt`\: The client id and generated JWT secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:query[client id and secret are submitted as HTTP query parameters. This option is only supported by the OIDC extension.] +a|`basic`, `post`, `post-jwt`, `query` | a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-source]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-source[`quarkus.oidc.credentials.jwt.source`]## [.description] -- -JWT token source: OIDC provider client or an existing JWT bearer token. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SOURCE+++[] @@ -52881,8 +52827,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret]] [.property-path]##link:# [.description] -- -If provided, indicates that JWT is signed using a secret key. It is mutually exclusive with `key`, `key-file` and `key-store` properties. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET+++[] @@ -52898,8 +52842,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-name]] [.property [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++[] @@ -52915,8 +52857,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-keyring-name]] [. [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++[] @@ -52932,8 +52872,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-key]] [.property- [.description] -- -The CredentialsProvider client secret key - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++[] @@ -52949,8 +52887,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key]] [.property-path]##link:#qua [.description] -- -String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key-file` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY+++[] @@ -52966,8 +52902,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-file]] [.property-path]##link [.description] -- -If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_FILE+++[] @@ -52983,8 +52917,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-file]] [.property-path] [.description] -- -If provided, indicates that JWT is signed using a private key from a keystore. It is mutually exclusive with `secret`, `key` and `key-file` properties. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_FILE+++[] @@ -53000,8 +52932,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-password]] [.property-p [.description] -- -A parameter to specify the password of the keystore file. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_PASSWORD+++[] @@ -53017,8 +52947,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-id]] [.property-path]##link:# [.description] -- -The private key id or alias. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_ID+++[] @@ -53034,8 +52962,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-password]] [.property-path]## [.description] -- -The private key password. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_PASSWORD+++[] @@ -53051,8 +52977,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-audience]] [.property-path]##link [.description] -- -The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_AUDIENCE+++[] @@ -53068,8 +52992,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-token-key-id]] [.property-path]## [.description] -- -The key identifier of the signing key added as a JWT `kid` header. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_TOKEN_KEY_ID+++[] @@ -53085,8 +53007,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-issuer]] [.property-path]##link:# [.description] -- -The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_ISSUER+++[] @@ -53102,8 +53022,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-subject]] [.property-path]##link: [.description] -- -Subject of the signing key added as a JWT `sub` claim The default value is the client id. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SUBJECT+++[] @@ -53119,8 +53037,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-claims-claim-name]] [.property-pa [.description] -- -Additional claims. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++[] @@ -53136,8 +53052,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-signature-algorithm]] [.property- [.description] -- -The signature algorithm used for the `key-file` property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++[] @@ -53153,8 +53067,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-lifespan]] [.property-path]##link [.description] -- -The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_LIFESPAN+++[] @@ -53170,8 +53082,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-assertion]] [.property-path]##lin [.description] -- -If true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_ASSERTION+++[] @@ -54965,8 +54875,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-auth-server-url]] [.property-path]##link:# [.description] -- -The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. Do not set this property if you use 'quarkus-oidc' and the public key verification (`public-key`) or certificate chain verification only (`certificate-chain`) is required. The OIDC discovery endpoint is called by default by appending a `.well-known/openid-configuration` path to this URL. For Keycloak, use `https://host:port/realms/++{++realm++}++`, replacing `++{++realm++}++` with the Keycloak realm name. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTH_SERVER_URL+++[] @@ -54982,8 +54890,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-discovery-enabled]] [.property-path]##link [.description] -- -Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__DISCOVERY_ENABLED+++[] @@ -54999,8 +54905,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-registration-path]] [.property-path]##link [.description] -- -The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__REGISTRATION_PATH+++[] @@ -55016,8 +54920,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-connection-delay]] [.property-path]##link: [.description] -- -The duration to attempt the initial connection to an OIDC server. For example, setting the duration to `20S` allows 10 retries, each 2 seconds apart. This property is only effective when the initial OIDC connection is created. For dropped connections, use the `connection-retry-count` property instead. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CONNECTION_DELAY+++[] @@ -55033,8 +54935,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-connection-retry-count]] [.property-path]# [.description] -- -The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from `connection-delay`, which applies only to initial connection attempts. For instance, if a request to the OIDC token endpoint fails due to a connection issue, it will be retried as per this setting. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CONNECTION_RETRY_COUNT+++[] @@ -55050,8 +54950,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-connection-timeout]] [.property-path]##lin [.description] -- -The number of seconds after which the current OIDC connection request times out. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CONNECTION_TIMEOUT+++[] @@ -55067,8 +54965,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-use-blocking-dns-lookup]] [.property-path] [.description] -- -Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__USE_BLOCKING_DNS_LOOKUP+++[] @@ -55084,8 +54980,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-max-pool-size]] [.property-path]##link:#qu [.description] -- -The maximum size of the connection pool used by the WebClient. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__MAX_POOL_SIZE+++[] @@ -55101,8 +54995,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-follow-redirects]] [.property-path]##link: [.description] -- -Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__FOLLOW_REDIRECTS+++[] @@ -55118,9 +55010,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-proxy-host]] [.property-path]##link:#quark [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROXY_HOST+++[] @@ -55136,8 +55025,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-proxy-port]] [.property-path]##link:#quark [.description] -- -The port number of the Proxy. The default value is `80`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROXY_PORT+++[] @@ -55153,8 +55040,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-proxy-username]] [.property-path]##link:#q [.description] -- -The username, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROXY_USERNAME+++[] @@ -55170,8 +55055,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-proxy-password]] [.property-path]##link:#q [.description] -- -The password, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROXY_PASSWORD+++[] @@ -55187,12 +55070,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-tls-tls-configuration-name]] [.property-pa [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TLS_TLS_CONFIGURATION_NAME+++[] @@ -55208,8 +55085,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-token-path]] [.property-path]##link:#quark [.description] -- -The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_PATH+++[] @@ -55225,8 +55100,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-revoke-path]] [.property-path]##link:#quar [.description] -- -The relative path or absolute URL of the OIDC token revocation endpoint. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__REVOKE_PATH+++[] @@ -55242,8 +55115,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-client-id]] [.property-path]##link:#quarku [.description] -- -The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CLIENT_ID+++[] @@ -55259,8 +55130,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-client-name]] [.property-path]##link:#quar [.description] -- -The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CLIENT_NAME+++[] @@ -55276,8 +55145,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-secret]] [.property-path]##lin [.description] -- -The client secret used by the `client_secret_basic` authentication method. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. You can use `client-secret.value` instead, but both properties are mutually exclusive. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_SECRET+++[] @@ -55293,8 +55160,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-value]] [.proper [.description] -- -The client secret value. This value is ignored if `credentials.secret` is set. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_VALUE+++[] @@ -55310,8 +55175,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-name]] [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++[] @@ -55327,8 +55190,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-keyring [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++[] @@ -55344,8 +55205,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-key]] [ [.description] -- -The CredentialsProvider client secret key - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++[] @@ -55361,8 +55220,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-method]] [.prope [.description] -- -The authentication method. If the `clientSecret.value` secret is set, this method is `basic` by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_METHOD+++[] @@ -55371,15 +55228,13 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_METHOD+++` endif::add-copy-button-to-env-var[] -- -a|tooltip:basic[`client_secret_basic` (default)\: The client id and secret are submitted with the HTTP Authorization Basic scheme.], tooltip:post[`client_secret_post`\: The client id and secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:post-jwt[`client_secret_jwt`\: The client id and generated JWT secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:query[client id and secret are submitted as HTTP query parameters. This option is only supported by the OIDC extension.] +a|`basic`, `post`, `post-jwt`, `query` | a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-source]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-source[`quarkus.oidc."tenant".credentials.jwt.source`]## [.description] -- -JWT token source: OIDC provider client or an existing JWT bearer token. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SOURCE+++[] @@ -55395,8 +55250,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret]] [.property-path]# [.description] -- -If provided, indicates that JWT is signed using a secret key. It is mutually exclusive with `key`, `key-file` and `key-store` properties. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET+++[] @@ -55412,8 +55265,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-name]] [.p [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++[] @@ -55429,8 +55280,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-keyring-na [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++[] @@ -55446,8 +55295,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-key]] [.pr [.description] -- -The CredentialsProvider client secret key - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++[] @@ -55463,8 +55310,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key]] [.property-path]##li [.description] -- -String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key-file` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY+++[] @@ -55480,8 +55325,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-file]] [.property-path [.description] -- -If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_FILE+++[] @@ -55497,8 +55340,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-store-file]] [.propert [.description] -- -If provided, indicates that JWT is signed using a private key from a keystore. It is mutually exclusive with `secret`, `key` and `key-file` properties. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_STORE_FILE+++[] @@ -55514,8 +55355,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-store-password]] [.pro [.description] -- -A parameter to specify the password of the keystore file. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_STORE_PASSWORD+++[] @@ -55531,8 +55370,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-id]] [.property-path]# [.description] -- -The private key id or alias. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_ID+++[] @@ -55548,8 +55385,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-password]] [.property- [.description] -- -The private key password. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_PASSWORD+++[] @@ -55565,8 +55400,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-audience]] [.property-path [.description] -- -The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_AUDIENCE+++[] @@ -55582,8 +55415,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-token-key-id]] [.property- [.description] -- -The key identifier of the signing key added as a JWT `kid` header. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_TOKEN_KEY_ID+++[] @@ -55599,8 +55430,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-issuer]] [.property-path]# [.description] -- -The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_ISSUER+++[] @@ -55616,8 +55445,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-subject]] [.property-path] [.description] -- -Subject of the signing key added as a JWT `sub` claim The default value is the client id. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SUBJECT+++[] @@ -55633,8 +55460,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-claims-claim-name]] [.prop [.description] -- -Additional claims. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++[] @@ -55650,8 +55475,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-signature-algorithm]] [.pr [.description] -- -The signature algorithm used for the `key-file` property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++[] @@ -55667,8 +55490,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-lifespan]] [.property-path [.description] -- -The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_LIFESPAN+++[] @@ -55684,8 +55505,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-assertion]] [.property-pat [.description] -- -If true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_ASSERTION+++[] @@ -57430,8 +57249,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-auth-server-url]] [.property-path]# [.description] -- -The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. Do not set this property if you use 'quarkus-oidc' and the public key verification (`public-key`) or certificate chain verification only (`certificate-chain`) is required. The OIDC discovery endpoint is called by default by appending a `.well-known/openid-configuration` path to this URL. For Keycloak, use `https://host:port/realms/++{++realm++}++`, replacing `++{++realm++}++` with the Keycloak realm name. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_AUTH_SERVER_URL+++[] @@ -57447,8 +57264,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-discovery-enabled]] [.property-path [.description] -- -Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_DISCOVERY_ENABLED+++[] @@ -57464,8 +57279,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-registration-path]] [.property-path [.description] -- -The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PATH+++[] @@ -57481,8 +57294,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-connection-delay]] [.property-path] [.description] -- -The duration to attempt the initial connection to an OIDC server. For example, setting the duration to `20S` allows 10 retries, each 2 seconds apart. This property is only effective when the initial OIDC connection is created. For dropped connections, use the `connection-retry-count` property instead. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CONNECTION_DELAY+++[] @@ -57498,8 +57309,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-connection-retry-count]] [.property [.description] -- -The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from `connection-delay`, which applies only to initial connection attempts. For instance, if a request to the OIDC token endpoint fails due to a connection issue, it will be retried as per this setting. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CONNECTION_RETRY_COUNT+++[] @@ -57515,8 +57324,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-connection-timeout]] [.property-pat [.description] -- -The number of seconds after which the current OIDC connection request times out. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CONNECTION_TIMEOUT+++[] @@ -57532,8 +57339,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-use-blocking-dns-lookup]] [.propert [.description] -- -Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_USE_BLOCKING_DNS_LOOKUP+++[] @@ -57549,8 +57354,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-max-pool-size]] [.property-path]##l [.description] -- -The maximum size of the connection pool used by the WebClient. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_MAX_POOL_SIZE+++[] @@ -57566,8 +57369,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-follow-redirects]] [.property-path] [.description] -- -Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_FOLLOW_REDIRECTS+++[] @@ -57583,9 +57384,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-host]] [.property-path]##link [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_HOST+++[] @@ -57601,8 +57399,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-port]] [.property-path]##link [.description] -- -The port number of the Proxy. The default value is `80`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_PORT+++[] @@ -57618,8 +57414,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-username]] [.property-path]## [.description] -- -The username, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_USERNAME+++[] @@ -57635,8 +57429,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-password]] [.property-path]## [.description] -- -The password, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_PASSWORD+++[] @@ -57652,12 +57444,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-tls-tls-configuration-name]] [.prop [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_TLS_TLS_CONFIGURATION_NAME+++[] @@ -57673,8 +57459,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-token-path]] [.property-path]##link [.description] -- -The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_TOKEN_PATH+++[] @@ -57690,8 +57474,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-revoke-path]] [.property-path]##lin [.description] -- -The relative path or absolute URL of the OIDC token revocation endpoint. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REVOKE_PATH+++[] @@ -57707,8 +57489,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-client-id]] [.property-path]##link: [.description] -- -The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CLIENT_ID+++[] @@ -57724,8 +57504,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-client-name]] [.property-path]##lin [.description] -- -The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CLIENT_NAME+++[] @@ -57741,8 +57519,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-secret]] [.property-pat [.description] -- -The client secret used by the `client_secret_basic` authentication method. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. You can use `client-secret.value` instead, but both properties are mutually exclusive. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_SECRET+++[] @@ -57758,8 +57534,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-value]] [ [.description] -- -The client secret value. This value is ignored if `credentials.secret` is set. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_VALUE+++[] @@ -57775,8 +57549,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-provider- [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++[] @@ -57792,8 +57564,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-provider- [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++[] @@ -57809,8 +57579,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-provider- [.description] -- -The CredentialsProvider client secret key - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++[] @@ -57826,8 +57594,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-method]] [.description] -- -The authentication method. If the `clientSecret.value` secret is set, this method is `basic` by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_METHOD+++[] @@ -57836,15 +57602,13 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_METHOD+++` endif::add-copy-button-to-env-var[] -- -a|tooltip:basic[`client_secret_basic` (default)\: The client id and secret are submitted with the HTTP Authorization Basic scheme.], tooltip:post[`client_secret_post`\: The client id and secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:post-jwt[`client_secret_jwt`\: The client id and generated JWT secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:query[client id and secret are submitted as HTTP query parameters. This option is only supported by the OIDC extension.] +a|`basic`, `post`, `post-jwt`, `query` | a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-source]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-source[`quarkus.oidc-client.credentials.jwt.source`]## [.description] -- -JWT token source: OIDC provider client or an existing JWT bearer token. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SOURCE+++[] @@ -57860,8 +57624,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret]] [.property [.description] -- -If provided, indicates that JWT is signed using a secret key. It is mutually exclusive with `key`, `key-file` and `key-store` properties. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET+++[] @@ -57877,8 +57639,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret-provider-nam [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++[] @@ -57894,8 +57654,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret-provider-key [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++[] @@ -57911,8 +57669,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret-provider-key [.description] -- -The CredentialsProvider client secret key - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++[] @@ -57928,8 +57684,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key]] [.property-pa [.description] -- -String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key-file` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY+++[] @@ -57945,8 +57699,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-file]] [.proper [.description] -- -If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_FILE+++[] @@ -57962,8 +57714,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-store-file]] [. [.description] -- -If provided, indicates that JWT is signed using a private key from a keystore. It is mutually exclusive with `secret`, `key` and `key-file` properties. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_STORE_FILE+++[] @@ -57979,8 +57729,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-store-password] [.description] -- -A parameter to specify the password of the keystore file. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_STORE_PASSWORD+++[] @@ -57996,8 +57744,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-id]] [.property [.description] -- -The private key id or alias. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_ID+++[] @@ -58013,8 +57759,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-password]] [.pr [.description] -- -The private key password. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_PASSWORD+++[] @@ -58030,8 +57774,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-audience]] [.proper [.description] -- -The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_AUDIENCE+++[] @@ -58047,8 +57789,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-token-key-id]] [.pr [.description] -- -The key identifier of the signing key added as a JWT `kid` header. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_TOKEN_KEY_ID+++[] @@ -58064,8 +57804,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-issuer]] [.property [.description] -- -The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_ISSUER+++[] @@ -58081,8 +57819,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-subject]] [.propert [.description] -- -Subject of the signing key added as a JWT `sub` claim The default value is the client id. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SUBJECT+++[] @@ -58098,8 +57834,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-claims-claim-name]] [.description] -- -Additional claims. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++[] @@ -58115,8 +57849,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-signature-algorithm [.description] -- -The signature algorithm used for the `key-file` property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++[] @@ -58132,8 +57864,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-lifespan]] [.proper [.description] -- -The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_LIFESPAN+++[] @@ -58149,8 +57879,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-assertion]] [.prope [.description] -- -If true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_ASSERTION+++[] @@ -58408,8 +58136,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-auth-server-url]] [.property-pat [.description] -- -The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. Do not set this property if you use 'quarkus-oidc' and the public key verification (`public-key`) or certificate chain verification only (`certificate-chain`) is required. The OIDC discovery endpoint is called by default by appending a `.well-known/openid-configuration` path to this URL. For Keycloak, use `https://host:port/realms/++{++realm++}++`, replacing `++{++realm++}++` with the Keycloak realm name. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__AUTH_SERVER_URL+++[] @@ -58425,8 +58151,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-discovery-enabled]] [.property-p [.description] -- -Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__DISCOVERY_ENABLED+++[] @@ -58442,8 +58166,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-registration-path]] [.property-p [.description] -- -The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__REGISTRATION_PATH+++[] @@ -58459,8 +58181,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-connection-delay]] [.property-pa [.description] -- -The duration to attempt the initial connection to an OIDC server. For example, setting the duration to `20S` allows 10 retries, each 2 seconds apart. This property is only effective when the initial OIDC connection is created. For dropped connections, use the `connection-retry-count` property instead. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CONNECTION_DELAY+++[] @@ -58476,8 +58196,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-connection-retry-count]] [.prope [.description] -- -The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from `connection-delay`, which applies only to initial connection attempts. For instance, if a request to the OIDC token endpoint fails due to a connection issue, it will be retried as per this setting. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CONNECTION_RETRY_COUNT+++[] @@ -58493,8 +58211,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-connection-timeout]] [.property- [.description] -- -The number of seconds after which the current OIDC connection request times out. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CONNECTION_TIMEOUT+++[] @@ -58510,8 +58226,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-use-blocking-dns-lookup]] [.prop [.description] -- -Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__USE_BLOCKING_DNS_LOOKUP+++[] @@ -58527,8 +58241,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-max-pool-size]] [.property-path] [.description] -- -The maximum size of the connection pool used by the WebClient. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__MAX_POOL_SIZE+++[] @@ -58544,8 +58256,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-follow-redirects]] [.property-pa [.description] -- -Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__FOLLOW_REDIRECTS+++[] @@ -58561,9 +58271,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-proxy-host]] [.property-path]##l [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__PROXY_HOST+++[] @@ -58579,8 +58286,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-proxy-port]] [.property-path]##l [.description] -- -The port number of the Proxy. The default value is `80`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__PROXY_PORT+++[] @@ -58596,8 +58301,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-proxy-username]] [.property-path [.description] -- -The username, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__PROXY_USERNAME+++[] @@ -58613,8 +58316,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-proxy-password]] [.property-path [.description] -- -The password, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__PROXY_PASSWORD+++[] @@ -58630,12 +58331,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-tls-tls-configuration-name]] [.p [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__TLS_TLS_CONFIGURATION_NAME+++[] @@ -58651,8 +58346,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-token-path]] [.property-path]##l [.description] -- -The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__TOKEN_PATH+++[] @@ -58668,8 +58361,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-revoke-path]] [.property-path]## [.description] -- -The relative path or absolute URL of the OIDC token revocation endpoint. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__REVOKE_PATH+++[] @@ -58685,8 +58376,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-client-id]] [.property-path]##li [.description] -- -The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CLIENT_ID+++[] @@ -58702,8 +58391,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-client-name]] [.property-path]## [.description] -- -The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CLIENT_NAME+++[] @@ -58719,8 +58406,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-secret]] [.property- [.description] -- -The client secret used by the `client_secret_basic` authentication method. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. You can use `client-secret.value` instead, but both properties are mutually exclusive. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_SECRET+++[] @@ -58736,8 +58421,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-client-secret-value] [.description] -- -The client secret value. This value is ignored if `credentials.secret` is set. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_CLIENT_SECRET_VALUE+++[] @@ -58753,8 +58436,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-client-secret-provid [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++[] @@ -58770,8 +58451,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-client-secret-provid [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++[] @@ -58787,8 +58466,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-client-secret-provid [.description] -- -The CredentialsProvider client secret key - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++[] @@ -58804,8 +58481,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-client-secret-method [.description] -- -The authentication method. If the `clientSecret.value` secret is set, this method is `basic` by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_CLIENT_SECRET_METHOD+++[] @@ -58814,15 +58489,13 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_CLIENT_SECRET_METHOD+++` endif::add-copy-button-to-env-var[] -- -a|tooltip:basic[`client_secret_basic` (default)\: The client id and secret are submitted with the HTTP Authorization Basic scheme.], tooltip:post[`client_secret_post`\: The client id and secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:post-jwt[`client_secret_jwt`\: The client id and generated JWT secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:query[client id and secret are submitted as HTTP query parameters. This option is only supported by the OIDC extension.] +a|`basic`, `post`, `post-jwt`, `query` | a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-source]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-source[`quarkus.oidc-client."id".credentials.jwt.source`]## [.description] -- -JWT token source: OIDC provider client or an existing JWT bearer token. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_SOURCE+++[] @@ -58838,8 +58511,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-secret]] [.prope [.description] -- -If provided, indicates that JWT is signed using a secret key. It is mutually exclusive with `key`, `key-file` and `key-store` properties. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_SECRET+++[] @@ -58855,8 +58526,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-secret-provider- [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++[] @@ -58872,8 +58541,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-secret-provider- [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++[] @@ -58889,8 +58556,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-secret-provider- [.description] -- -The CredentialsProvider client secret key - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++[] @@ -58906,8 +58571,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-key]] [.property [.description] -- -String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key-file` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_KEY+++[] @@ -58923,8 +58586,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-key-file]] [.pro [.description] -- -If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_KEY_FILE+++[] @@ -58940,8 +58601,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-key-store-file]] [.description] -- -If provided, indicates that JWT is signed using a private key from a keystore. It is mutually exclusive with `secret`, `key` and `key-file` properties. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_KEY_STORE_FILE+++[] @@ -58957,8 +58616,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-key-store-passwo [.description] -- -A parameter to specify the password of the keystore file. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_KEY_STORE_PASSWORD+++[] @@ -58974,8 +58631,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-key-id]] [.prope [.description] -- -The private key id or alias. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_KEY_ID+++[] @@ -58991,8 +58646,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-key-password]] [ [.description] -- -The private key password. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_KEY_PASSWORD+++[] @@ -59008,8 +58661,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-audience]] [.pro [.description] -- -The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_AUDIENCE+++[] @@ -59025,8 +58676,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-token-key-id]] [ [.description] -- -The key identifier of the signing key added as a JWT `kid` header. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_TOKEN_KEY_ID+++[] @@ -59042,8 +58691,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-issuer]] [.prope [.description] -- -The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_ISSUER+++[] @@ -59059,8 +58706,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-subject]] [.prop [.description] -- -Subject of the signing key added as a JWT `sub` claim The default value is the client id. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_SUBJECT+++[] @@ -59076,8 +58721,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-claims-claim-nam [.description] -- -Additional claims. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++[] @@ -59093,8 +58736,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-signature-algori [.description] -- -The signature algorithm used for the `key-file` property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++[] @@ -59110,8 +58751,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-lifespan]] [.pro [.description] -- -The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_LIFESPAN+++[] @@ -59127,8 +58766,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-assertion]] [.pr [.description] -- -If true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_ASSERTION+++[] @@ -59483,8 +59120,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-auth-serv [.description] -- -The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. Do not set this property if you use 'quarkus-oidc' and the public key verification (`public-key`) or certificate chain verification only (`certificate-chain`) is required. The OIDC discovery endpoint is called by default by appending a `.well-known/openid-configuration` path to this URL. For Keycloak, use `https://host:port/realms/++{++realm++}++`, replacing `++{++realm++}++` with the Keycloak realm name. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_AUTH_SERVER_URL+++[] @@ -59500,8 +59135,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-discovery [.description] -- -Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_DISCOVERY_ENABLED+++[] @@ -59517,8 +59150,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-registrat [.description] -- -The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTRATION_PATH+++[] @@ -59534,8 +59165,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-connectio [.description] -- -The duration to attempt the initial connection to an OIDC server. For example, setting the duration to `20S` allows 10 retries, each 2 seconds apart. This property is only effective when the initial OIDC connection is created. For dropped connections, use the `connection-retry-count` property instead. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_CONNECTION_DELAY+++[] @@ -59551,8 +59180,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-connectio [.description] -- -The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from `connection-delay`, which applies only to initial connection attempts. For instance, if a request to the OIDC token endpoint fails due to a connection issue, it will be retried as per this setting. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_CONNECTION_RETRY_COUNT+++[] @@ -59568,8 +59195,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-connectio [.description] -- -The number of seconds after which the current OIDC connection request times out. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_CONNECTION_TIMEOUT+++[] @@ -59585,8 +59210,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-use-block [.description] -- -Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_USE_BLOCKING_DNS_LOOKUP+++[] @@ -59602,8 +59225,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-max-pool- [.description] -- -The maximum size of the connection pool used by the WebClient. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_MAX_POOL_SIZE+++[] @@ -59619,8 +59240,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-follow-re [.description] -- -Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_FOLLOW_REDIRECTS+++[] @@ -59636,9 +59255,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-hos [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_HOST+++[] @@ -59654,8 +59270,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-por [.description] -- -The port number of the Proxy. The default value is `80`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PORT+++[] @@ -59671,8 +59285,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-use [.description] -- -The username, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_USERNAME+++[] @@ -59688,8 +59300,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-pas [.description] -- -The password, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PASSWORD+++[] @@ -59705,12 +59315,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-tls-tls-c [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_TLS_TLS_CONFIGURATION_NAME+++[] @@ -59866,8 +59470,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-auth-s [.description] -- -The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. Do not set this property if you use 'quarkus-oidc' and the public key verification (`public-key`) or certificate chain verification only (`certificate-chain`) is required. The OIDC discovery endpoint is called by default by appending a `.well-known/openid-configuration` path to this URL. For Keycloak, use `https://host:port/realms/++{++realm++}++`, replacing `++{++realm++}++` with the Keycloak realm name. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__AUTH_SERVER_URL+++[] @@ -59883,8 +59485,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-discov [.description] -- -Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__DISCOVERY_ENABLED+++[] @@ -59900,8 +59500,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-regist [.description] -- -The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__REGISTRATION_PATH+++[] @@ -59917,8 +59515,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-connec [.description] -- -The duration to attempt the initial connection to an OIDC server. For example, setting the duration to `20S` allows 10 retries, each 2 seconds apart. This property is only effective when the initial OIDC connection is created. For dropped connections, use the `connection-retry-count` property instead. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__CONNECTION_DELAY+++[] @@ -59934,8 +59530,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-connec [.description] -- -The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from `connection-delay`, which applies only to initial connection attempts. For instance, if a request to the OIDC token endpoint fails due to a connection issue, it will be retried as per this setting. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__CONNECTION_RETRY_COUNT+++[] @@ -59951,8 +59545,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-connec [.description] -- -The number of seconds after which the current OIDC connection request times out. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__CONNECTION_TIMEOUT+++[] @@ -59968,8 +59560,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-use-bl [.description] -- -Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__USE_BLOCKING_DNS_LOOKUP+++[] @@ -59985,8 +59575,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-max-po [.description] -- -The maximum size of the connection pool used by the WebClient. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__MAX_POOL_SIZE+++[] @@ -60002,8 +59590,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-follow [.description] -- -Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__FOLLOW_REDIRECTS+++[] @@ -60019,9 +59605,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-proxy- [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__PROXY_HOST+++[] @@ -60037,8 +59620,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-proxy- [.description] -- -The port number of the Proxy. The default value is `80`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__PROXY_PORT+++[] @@ -60054,8 +59635,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-proxy- [.description] -- -The username, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__PROXY_USERNAME+++[] @@ -60071,8 +59650,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-proxy- [.description] -- -The password, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__PROXY_PASSWORD+++[] @@ -60088,12 +59665,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-tls-tl [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__TLS_TLS_CONFIGURATION_NAME+++[] @@ -76808,7 +76379,7 @@ a|icon:lock[title=Fixed at build time] [[quarkus-websockets-next_quarkus-websock [.description] -- -Specifies whether to activate the CDI request context when an endpoint callback is invoked. By default, the request context is only activated if needed. +Specifies the activation strategy for the CDI request context during endpoint callback invocation. By default, the request context is only activated if needed, i.e. if there is a bean with the given scope, or a bean annotated with a security annotation (such as `@RolesAllowed`), in the dependency tree of the endpoint. ifdef::add-copy-button-to-env-var[] @@ -76818,8 +76389,25 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_WEBSOCKETS_NEXT_SERVER_ACTIVATE_REQUEST_CONTEXT+++` endif::add-copy-button-to-env-var[] -- -a|tooltip:auto[The request context is only activated if needed, i.e. if there is a request scoped bean , or a bean annotated with a security annotation (such as `@RolesAllowed`) in the dependency tree of the endpoint.], tooltip:always[The request context is always activated.] -|tooltip:auto[The request context is only activated if needed, i.e. if there is a request scoped bean , or a bean annotated with a security annotation (such as {@code @RolesAllowed}) in the dependency tree of the endpoint.] +a|tooltip:auto[The context is only activated if needed.], tooltip:always[The context is always activated.] +|tooltip:auto[The context is only activated if needed.] + +a|icon:lock[title=Fixed at build time] [[quarkus-websockets-next_quarkus-websockets-next-server-activate-session-context]] [.property-path]##link:#quarkus-websockets-next_quarkus-websockets-next-server-activate-session-context[`quarkus.websockets-next.server.activate-session-context`]## + +[.description] +-- +Specifies the activation strategy for the CDI session context during endpoint callback invocation. By default, the session context is only activated if needed, i.e. if there is a bean with the given scope in the dependency tree of the endpoint. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_WEBSOCKETS_NEXT_SERVER_ACTIVATE_SESSION_CONTEXT+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_WEBSOCKETS_NEXT_SERVER_ACTIVATE_SESSION_CONTEXT+++` +endif::add-copy-button-to-env-var[] +-- +a|tooltip:auto[The context is only activated if needed.], tooltip:always[The context is always activated.] +|tooltip:auto[The context is only activated if needed.] a| [[quarkus-websockets-next_quarkus-websockets-next-client-offer-per-message-compression]] [.property-path]##link:#quarkus-websockets-next_quarkus-websockets-next-client-offer-per-message-compression[`quarkus.websockets-next.client.offer-per-message-compression`]## diff --git a/_generated-doc/main/config/quarkus-core_quarkus.native.adoc b/_generated-doc/main/config/quarkus-core_quarkus.native.adoc index b8d58704086..8c167b7f1c8 100644 --- a/_generated-doc/main/config/quarkus-core_quarkus.native.adoc +++ b/_generated-doc/main/config/quarkus-core_quarkus.native.adoc @@ -453,6 +453,7 @@ Enable monitoring various monitoring options. The value should be comma separate - `heapdump` for heampdump support - `jmxclient` for JMX client support (experimental) - `jmxserver` for JMX server support (experimental) + - `nmt` for native memory tracking support - `all` for all monitoring features @@ -463,7 +464,7 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_NATIVE_MONITORING+++` endif::add-copy-button-to-env-var[] -- -a|list of `heapdump`, `jvmstat`, `jfr`, `jmxserver`, `jmxclient`, `all` +a|list of `heapdump`, `jvmstat`, `jfr`, `jmxserver`, `jmxclient`, `nmt`, `all` | a|icon:lock[title=Fixed at build time] [[quarkus-core_quarkus-native-enable-reports]] [.property-path]##link:#quarkus-core_quarkus-native-enable-reports[`quarkus.native.enable-reports`]## diff --git a/_generated-doc/main/config/quarkus-oidc-client-registration.adoc b/_generated-doc/main/config/quarkus-oidc-client-registration.adoc index fa03b5b63ed..c580613ddfe 100644 --- a/_generated-doc/main/config/quarkus-oidc-client-registration.adoc +++ b/_generated-doc/main/config/quarkus-oidc-client-registration.adoc @@ -28,8 +28,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-auth-serv [.description] -- -The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. Do not set this property if you use 'quarkus-oidc' and the public key verification (`public-key`) or certificate chain verification only (`certificate-chain`) is required. The OIDC discovery endpoint is called by default by appending a `.well-known/openid-configuration` path to this URL. For Keycloak, use `https://host:port/realms/++{++realm++}++`, replacing `++{++realm++}++` with the Keycloak realm name. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_AUTH_SERVER_URL+++[] @@ -45,8 +43,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-discovery [.description] -- -Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_DISCOVERY_ENABLED+++[] @@ -62,8 +58,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-registrat [.description] -- -The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTRATION_PATH+++[] @@ -79,8 +73,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-connectio [.description] -- -The duration to attempt the initial connection to an OIDC server. For example, setting the duration to `20S` allows 10 retries, each 2 seconds apart. This property is only effective when the initial OIDC connection is created. For dropped connections, use the `connection-retry-count` property instead. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_CONNECTION_DELAY+++[] @@ -96,8 +88,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-connectio [.description] -- -The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from `connection-delay`, which applies only to initial connection attempts. For instance, if a request to the OIDC token endpoint fails due to a connection issue, it will be retried as per this setting. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_CONNECTION_RETRY_COUNT+++[] @@ -113,8 +103,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-connectio [.description] -- -The number of seconds after which the current OIDC connection request times out. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_CONNECTION_TIMEOUT+++[] @@ -130,8 +118,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-use-block [.description] -- -Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_USE_BLOCKING_DNS_LOOKUP+++[] @@ -147,8 +133,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-max-pool- [.description] -- -The maximum size of the connection pool used by the WebClient. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_MAX_POOL_SIZE+++[] @@ -164,8 +148,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-follow-re [.description] -- -Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_FOLLOW_REDIRECTS+++[] @@ -181,9 +163,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-hos [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_HOST+++[] @@ -199,8 +178,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-por [.description] -- -The port number of the Proxy. The default value is `80`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PORT+++[] @@ -216,8 +193,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-use [.description] -- -The username, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_USERNAME+++[] @@ -233,8 +208,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-pas [.description] -- -The password, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PASSWORD+++[] @@ -250,12 +223,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-tls-tls-c [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_TLS_TLS_CONFIGURATION_NAME+++[] @@ -411,8 +378,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-auth-s [.description] -- -The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. Do not set this property if you use 'quarkus-oidc' and the public key verification (`public-key`) or certificate chain verification only (`certificate-chain`) is required. The OIDC discovery endpoint is called by default by appending a `.well-known/openid-configuration` path to this URL. For Keycloak, use `https://host:port/realms/++{++realm++}++`, replacing `++{++realm++}++` with the Keycloak realm name. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__AUTH_SERVER_URL+++[] @@ -428,8 +393,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-discov [.description] -- -Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__DISCOVERY_ENABLED+++[] @@ -445,8 +408,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-regist [.description] -- -The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__REGISTRATION_PATH+++[] @@ -462,8 +423,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-connec [.description] -- -The duration to attempt the initial connection to an OIDC server. For example, setting the duration to `20S` allows 10 retries, each 2 seconds apart. This property is only effective when the initial OIDC connection is created. For dropped connections, use the `connection-retry-count` property instead. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__CONNECTION_DELAY+++[] @@ -479,8 +438,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-connec [.description] -- -The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from `connection-delay`, which applies only to initial connection attempts. For instance, if a request to the OIDC token endpoint fails due to a connection issue, it will be retried as per this setting. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__CONNECTION_RETRY_COUNT+++[] @@ -496,8 +453,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-connec [.description] -- -The number of seconds after which the current OIDC connection request times out. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__CONNECTION_TIMEOUT+++[] @@ -513,8 +468,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-use-bl [.description] -- -Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__USE_BLOCKING_DNS_LOOKUP+++[] @@ -530,8 +483,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-max-po [.description] -- -The maximum size of the connection pool used by the WebClient. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__MAX_POOL_SIZE+++[] @@ -547,8 +498,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-follow [.description] -- -Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__FOLLOW_REDIRECTS+++[] @@ -564,9 +513,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-proxy- [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__PROXY_HOST+++[] @@ -582,8 +528,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-proxy- [.description] -- -The port number of the Proxy. The default value is `80`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__PROXY_PORT+++[] @@ -599,8 +543,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-proxy- [.description] -- -The username, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__PROXY_USERNAME+++[] @@ -616,8 +558,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-proxy- [.description] -- -The password, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__PROXY_PASSWORD+++[] @@ -633,12 +573,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-tls-tl [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__TLS_TLS_CONFIGURATION_NAME+++[] diff --git a/_generated-doc/main/config/quarkus-oidc-client-registration_quarkus.oidc-client-registration.adoc b/_generated-doc/main/config/quarkus-oidc-client-registration_quarkus.oidc-client-registration.adoc index fa03b5b63ed..c580613ddfe 100644 --- a/_generated-doc/main/config/quarkus-oidc-client-registration_quarkus.oidc-client-registration.adoc +++ b/_generated-doc/main/config/quarkus-oidc-client-registration_quarkus.oidc-client-registration.adoc @@ -28,8 +28,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-auth-serv [.description] -- -The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. Do not set this property if you use 'quarkus-oidc' and the public key verification (`public-key`) or certificate chain verification only (`certificate-chain`) is required. The OIDC discovery endpoint is called by default by appending a `.well-known/openid-configuration` path to this URL. For Keycloak, use `https://host:port/realms/++{++realm++}++`, replacing `++{++realm++}++` with the Keycloak realm name. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_AUTH_SERVER_URL+++[] @@ -45,8 +43,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-discovery [.description] -- -Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_DISCOVERY_ENABLED+++[] @@ -62,8 +58,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-registrat [.description] -- -The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTRATION_PATH+++[] @@ -79,8 +73,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-connectio [.description] -- -The duration to attempt the initial connection to an OIDC server. For example, setting the duration to `20S` allows 10 retries, each 2 seconds apart. This property is only effective when the initial OIDC connection is created. For dropped connections, use the `connection-retry-count` property instead. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_CONNECTION_DELAY+++[] @@ -96,8 +88,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-connectio [.description] -- -The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from `connection-delay`, which applies only to initial connection attempts. For instance, if a request to the OIDC token endpoint fails due to a connection issue, it will be retried as per this setting. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_CONNECTION_RETRY_COUNT+++[] @@ -113,8 +103,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-connectio [.description] -- -The number of seconds after which the current OIDC connection request times out. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_CONNECTION_TIMEOUT+++[] @@ -130,8 +118,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-use-block [.description] -- -Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_USE_BLOCKING_DNS_LOOKUP+++[] @@ -147,8 +133,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-max-pool- [.description] -- -The maximum size of the connection pool used by the WebClient. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_MAX_POOL_SIZE+++[] @@ -164,8 +148,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-follow-re [.description] -- -Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_FOLLOW_REDIRECTS+++[] @@ -181,9 +163,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-hos [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_HOST+++[] @@ -199,8 +178,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-por [.description] -- -The port number of the Proxy. The default value is `80`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PORT+++[] @@ -216,8 +193,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-use [.description] -- -The username, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_USERNAME+++[] @@ -233,8 +208,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-pas [.description] -- -The password, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PASSWORD+++[] @@ -250,12 +223,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-tls-tls-c [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_TLS_TLS_CONFIGURATION_NAME+++[] @@ -411,8 +378,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-auth-s [.description] -- -The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. Do not set this property if you use 'quarkus-oidc' and the public key verification (`public-key`) or certificate chain verification only (`certificate-chain`) is required. The OIDC discovery endpoint is called by default by appending a `.well-known/openid-configuration` path to this URL. For Keycloak, use `https://host:port/realms/++{++realm++}++`, replacing `++{++realm++}++` with the Keycloak realm name. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__AUTH_SERVER_URL+++[] @@ -428,8 +393,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-discov [.description] -- -Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__DISCOVERY_ENABLED+++[] @@ -445,8 +408,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-regist [.description] -- -The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__REGISTRATION_PATH+++[] @@ -462,8 +423,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-connec [.description] -- -The duration to attempt the initial connection to an OIDC server. For example, setting the duration to `20S` allows 10 retries, each 2 seconds apart. This property is only effective when the initial OIDC connection is created. For dropped connections, use the `connection-retry-count` property instead. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__CONNECTION_DELAY+++[] @@ -479,8 +438,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-connec [.description] -- -The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from `connection-delay`, which applies only to initial connection attempts. For instance, if a request to the OIDC token endpoint fails due to a connection issue, it will be retried as per this setting. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__CONNECTION_RETRY_COUNT+++[] @@ -496,8 +453,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-connec [.description] -- -The number of seconds after which the current OIDC connection request times out. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__CONNECTION_TIMEOUT+++[] @@ -513,8 +468,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-use-bl [.description] -- -Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__USE_BLOCKING_DNS_LOOKUP+++[] @@ -530,8 +483,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-max-po [.description] -- -The maximum size of the connection pool used by the WebClient. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__MAX_POOL_SIZE+++[] @@ -547,8 +498,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-follow [.description] -- -Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__FOLLOW_REDIRECTS+++[] @@ -564,9 +513,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-proxy- [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__PROXY_HOST+++[] @@ -582,8 +528,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-proxy- [.description] -- -The port number of the Proxy. The default value is `80`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__PROXY_PORT+++[] @@ -599,8 +543,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-proxy- [.description] -- -The username, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__PROXY_USERNAME+++[] @@ -616,8 +558,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-proxy- [.description] -- -The password, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__PROXY_PASSWORD+++[] @@ -633,12 +573,6 @@ a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-tls-tl [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION__ID__TLS_TLS_CONFIGURATION_NAME+++[] diff --git a/_generated-doc/main/config/quarkus-oidc-client.adoc b/_generated-doc/main/config/quarkus-oidc-client.adoc index 4b16e500989..1126aece1f9 100644 --- a/_generated-doc/main/config/quarkus-oidc-client.adoc +++ b/_generated-doc/main/config/quarkus-oidc-client.adoc @@ -28,8 +28,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-auth-server-url]] [.property-path]# [.description] -- -The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. Do not set this property if you use 'quarkus-oidc' and the public key verification (`public-key`) or certificate chain verification only (`certificate-chain`) is required. The OIDC discovery endpoint is called by default by appending a `.well-known/openid-configuration` path to this URL. For Keycloak, use `https://host:port/realms/++{++realm++}++`, replacing `++{++realm++}++` with the Keycloak realm name. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_AUTH_SERVER_URL+++[] @@ -45,8 +43,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-discovery-enabled]] [.property-path [.description] -- -Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_DISCOVERY_ENABLED+++[] @@ -62,8 +58,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-registration-path]] [.property-path [.description] -- -The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PATH+++[] @@ -79,8 +73,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-connection-delay]] [.property-path] [.description] -- -The duration to attempt the initial connection to an OIDC server. For example, setting the duration to `20S` allows 10 retries, each 2 seconds apart. This property is only effective when the initial OIDC connection is created. For dropped connections, use the `connection-retry-count` property instead. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CONNECTION_DELAY+++[] @@ -96,8 +88,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-connection-retry-count]] [.property [.description] -- -The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from `connection-delay`, which applies only to initial connection attempts. For instance, if a request to the OIDC token endpoint fails due to a connection issue, it will be retried as per this setting. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CONNECTION_RETRY_COUNT+++[] @@ -113,8 +103,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-connection-timeout]] [.property-pat [.description] -- -The number of seconds after which the current OIDC connection request times out. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CONNECTION_TIMEOUT+++[] @@ -130,8 +118,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-use-blocking-dns-lookup]] [.propert [.description] -- -Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_USE_BLOCKING_DNS_LOOKUP+++[] @@ -147,8 +133,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-max-pool-size]] [.property-path]##l [.description] -- -The maximum size of the connection pool used by the WebClient. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_MAX_POOL_SIZE+++[] @@ -164,8 +148,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-follow-redirects]] [.property-path] [.description] -- -Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_FOLLOW_REDIRECTS+++[] @@ -181,9 +163,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-host]] [.property-path]##link [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_HOST+++[] @@ -199,8 +178,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-port]] [.property-path]##link [.description] -- -The port number of the Proxy. The default value is `80`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_PORT+++[] @@ -216,8 +193,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-username]] [.property-path]## [.description] -- -The username, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_USERNAME+++[] @@ -233,8 +208,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-password]] [.property-path]## [.description] -- -The password, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_PASSWORD+++[] @@ -250,12 +223,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-tls-tls-configuration-name]] [.prop [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_TLS_TLS_CONFIGURATION_NAME+++[] @@ -271,8 +238,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-token-path]] [.property-path]##link [.description] -- -The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_TOKEN_PATH+++[] @@ -288,8 +253,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-revoke-path]] [.property-path]##lin [.description] -- -The relative path or absolute URL of the OIDC token revocation endpoint. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REVOKE_PATH+++[] @@ -305,8 +268,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-client-id]] [.property-path]##link: [.description] -- -The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CLIENT_ID+++[] @@ -322,8 +283,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-client-name]] [.property-path]##lin [.description] -- -The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CLIENT_NAME+++[] @@ -339,8 +298,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-secret]] [.property-pat [.description] -- -The client secret used by the `client_secret_basic` authentication method. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. You can use `client-secret.value` instead, but both properties are mutually exclusive. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_SECRET+++[] @@ -356,8 +313,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-value]] [ [.description] -- -The client secret value. This value is ignored if `credentials.secret` is set. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_VALUE+++[] @@ -373,8 +328,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-provider- [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++[] @@ -390,8 +343,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-provider- [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++[] @@ -407,8 +358,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-provider- [.description] -- -The CredentialsProvider client secret key - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++[] @@ -424,8 +373,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-method]] [.description] -- -The authentication method. If the `clientSecret.value` secret is set, this method is `basic` by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_METHOD+++[] @@ -434,15 +381,13 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_METHOD+++` endif::add-copy-button-to-env-var[] -- -a|tooltip:basic[`client_secret_basic` (default)\: The client id and secret are submitted with the HTTP Authorization Basic scheme.], tooltip:post[`client_secret_post`\: The client id and secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:post-jwt[`client_secret_jwt`\: The client id and generated JWT secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:query[client id and secret are submitted as HTTP query parameters. This option is only supported by the OIDC extension.] +a|`basic`, `post`, `post-jwt`, `query` | a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-source]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-source[`quarkus.oidc-client.credentials.jwt.source`]## [.description] -- -JWT token source: OIDC provider client or an existing JWT bearer token. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SOURCE+++[] @@ -458,8 +403,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret]] [.property [.description] -- -If provided, indicates that JWT is signed using a secret key. It is mutually exclusive with `key`, `key-file` and `key-store` properties. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET+++[] @@ -475,8 +418,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret-provider-nam [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++[] @@ -492,8 +433,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret-provider-key [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++[] @@ -509,8 +448,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret-provider-key [.description] -- -The CredentialsProvider client secret key - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++[] @@ -526,8 +463,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key]] [.property-pa [.description] -- -String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key-file` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY+++[] @@ -543,8 +478,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-file]] [.proper [.description] -- -If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_FILE+++[] @@ -560,8 +493,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-store-file]] [. [.description] -- -If provided, indicates that JWT is signed using a private key from a keystore. It is mutually exclusive with `secret`, `key` and `key-file` properties. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_STORE_FILE+++[] @@ -577,8 +508,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-store-password] [.description] -- -A parameter to specify the password of the keystore file. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_STORE_PASSWORD+++[] @@ -594,8 +523,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-id]] [.property [.description] -- -The private key id or alias. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_ID+++[] @@ -611,8 +538,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-password]] [.pr [.description] -- -The private key password. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_PASSWORD+++[] @@ -628,8 +553,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-audience]] [.proper [.description] -- -The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_AUDIENCE+++[] @@ -645,8 +568,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-token-key-id]] [.pr [.description] -- -The key identifier of the signing key added as a JWT `kid` header. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_TOKEN_KEY_ID+++[] @@ -662,8 +583,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-issuer]] [.property [.description] -- -The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_ISSUER+++[] @@ -679,8 +598,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-subject]] [.propert [.description] -- -Subject of the signing key added as a JWT `sub` claim The default value is the client id. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SUBJECT+++[] @@ -696,8 +613,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-claims-claim-name]] [.description] -- -Additional claims. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++[] @@ -713,8 +628,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-signature-algorithm [.description] -- -The signature algorithm used for the `key-file` property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++[] @@ -730,8 +643,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-lifespan]] [.proper [.description] -- -The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_LIFESPAN+++[] @@ -747,8 +658,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-assertion]] [.prope [.description] -- -If true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_ASSERTION+++[] @@ -1006,8 +915,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-auth-server-url]] [.property-pat [.description] -- -The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. Do not set this property if you use 'quarkus-oidc' and the public key verification (`public-key`) or certificate chain verification only (`certificate-chain`) is required. The OIDC discovery endpoint is called by default by appending a `.well-known/openid-configuration` path to this URL. For Keycloak, use `https://host:port/realms/++{++realm++}++`, replacing `++{++realm++}++` with the Keycloak realm name. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__AUTH_SERVER_URL+++[] @@ -1023,8 +930,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-discovery-enabled]] [.property-p [.description] -- -Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__DISCOVERY_ENABLED+++[] @@ -1040,8 +945,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-registration-path]] [.property-p [.description] -- -The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__REGISTRATION_PATH+++[] @@ -1057,8 +960,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-connection-delay]] [.property-pa [.description] -- -The duration to attempt the initial connection to an OIDC server. For example, setting the duration to `20S` allows 10 retries, each 2 seconds apart. This property is only effective when the initial OIDC connection is created. For dropped connections, use the `connection-retry-count` property instead. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CONNECTION_DELAY+++[] @@ -1074,8 +975,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-connection-retry-count]] [.prope [.description] -- -The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from `connection-delay`, which applies only to initial connection attempts. For instance, if a request to the OIDC token endpoint fails due to a connection issue, it will be retried as per this setting. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CONNECTION_RETRY_COUNT+++[] @@ -1091,8 +990,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-connection-timeout]] [.property- [.description] -- -The number of seconds after which the current OIDC connection request times out. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CONNECTION_TIMEOUT+++[] @@ -1108,8 +1005,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-use-blocking-dns-lookup]] [.prop [.description] -- -Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__USE_BLOCKING_DNS_LOOKUP+++[] @@ -1125,8 +1020,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-max-pool-size]] [.property-path] [.description] -- -The maximum size of the connection pool used by the WebClient. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__MAX_POOL_SIZE+++[] @@ -1142,8 +1035,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-follow-redirects]] [.property-pa [.description] -- -Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__FOLLOW_REDIRECTS+++[] @@ -1159,9 +1050,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-proxy-host]] [.property-path]##l [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__PROXY_HOST+++[] @@ -1177,8 +1065,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-proxy-port]] [.property-path]##l [.description] -- -The port number of the Proxy. The default value is `80`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__PROXY_PORT+++[] @@ -1194,8 +1080,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-proxy-username]] [.property-path [.description] -- -The username, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__PROXY_USERNAME+++[] @@ -1211,8 +1095,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-proxy-password]] [.property-path [.description] -- -The password, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__PROXY_PASSWORD+++[] @@ -1228,12 +1110,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-tls-tls-configuration-name]] [.p [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__TLS_TLS_CONFIGURATION_NAME+++[] @@ -1249,8 +1125,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-token-path]] [.property-path]##l [.description] -- -The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__TOKEN_PATH+++[] @@ -1266,8 +1140,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-revoke-path]] [.property-path]## [.description] -- -The relative path or absolute URL of the OIDC token revocation endpoint. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__REVOKE_PATH+++[] @@ -1283,8 +1155,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-client-id]] [.property-path]##li [.description] -- -The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CLIENT_ID+++[] @@ -1300,8 +1170,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-client-name]] [.property-path]## [.description] -- -The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CLIENT_NAME+++[] @@ -1317,8 +1185,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-secret]] [.property- [.description] -- -The client secret used by the `client_secret_basic` authentication method. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. You can use `client-secret.value` instead, but both properties are mutually exclusive. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_SECRET+++[] @@ -1334,8 +1200,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-client-secret-value] [.description] -- -The client secret value. This value is ignored if `credentials.secret` is set. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_CLIENT_SECRET_VALUE+++[] @@ -1351,8 +1215,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-client-secret-provid [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++[] @@ -1368,8 +1230,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-client-secret-provid [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++[] @@ -1385,8 +1245,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-client-secret-provid [.description] -- -The CredentialsProvider client secret key - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++[] @@ -1402,8 +1260,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-client-secret-method [.description] -- -The authentication method. If the `clientSecret.value` secret is set, this method is `basic` by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_CLIENT_SECRET_METHOD+++[] @@ -1412,15 +1268,13 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_CLIENT_SECRET_METHOD+++` endif::add-copy-button-to-env-var[] -- -a|tooltip:basic[`client_secret_basic` (default)\: The client id and secret are submitted with the HTTP Authorization Basic scheme.], tooltip:post[`client_secret_post`\: The client id and secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:post-jwt[`client_secret_jwt`\: The client id and generated JWT secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:query[client id and secret are submitted as HTTP query parameters. This option is only supported by the OIDC extension.] +a|`basic`, `post`, `post-jwt`, `query` | a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-source]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-source[`quarkus.oidc-client."id".credentials.jwt.source`]## [.description] -- -JWT token source: OIDC provider client or an existing JWT bearer token. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_SOURCE+++[] @@ -1436,8 +1290,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-secret]] [.prope [.description] -- -If provided, indicates that JWT is signed using a secret key. It is mutually exclusive with `key`, `key-file` and `key-store` properties. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_SECRET+++[] @@ -1453,8 +1305,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-secret-provider- [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++[] @@ -1470,8 +1320,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-secret-provider- [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++[] @@ -1487,8 +1335,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-secret-provider- [.description] -- -The CredentialsProvider client secret key - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++[] @@ -1504,8 +1350,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-key]] [.property [.description] -- -String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key-file` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_KEY+++[] @@ -1521,8 +1365,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-key-file]] [.pro [.description] -- -If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_KEY_FILE+++[] @@ -1538,8 +1380,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-key-store-file]] [.description] -- -If provided, indicates that JWT is signed using a private key from a keystore. It is mutually exclusive with `secret`, `key` and `key-file` properties. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_KEY_STORE_FILE+++[] @@ -1555,8 +1395,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-key-store-passwo [.description] -- -A parameter to specify the password of the keystore file. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_KEY_STORE_PASSWORD+++[] @@ -1572,8 +1410,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-key-id]] [.prope [.description] -- -The private key id or alias. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_KEY_ID+++[] @@ -1589,8 +1425,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-key-password]] [ [.description] -- -The private key password. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_KEY_PASSWORD+++[] @@ -1606,8 +1440,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-audience]] [.pro [.description] -- -The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_AUDIENCE+++[] @@ -1623,8 +1455,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-token-key-id]] [ [.description] -- -The key identifier of the signing key added as a JWT `kid` header. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_TOKEN_KEY_ID+++[] @@ -1640,8 +1470,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-issuer]] [.prope [.description] -- -The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_ISSUER+++[] @@ -1657,8 +1485,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-subject]] [.prop [.description] -- -Subject of the signing key added as a JWT `sub` claim The default value is the client id. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_SUBJECT+++[] @@ -1674,8 +1500,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-claims-claim-nam [.description] -- -Additional claims. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++[] @@ -1691,8 +1515,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-signature-algori [.description] -- -The signature algorithm used for the `key-file` property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++[] @@ -1708,8 +1530,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-lifespan]] [.pro [.description] -- -The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_LIFESPAN+++[] @@ -1725,8 +1545,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-assertion]] [.pr [.description] -- -If true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_ASSERTION+++[] diff --git a/_generated-doc/main/config/quarkus-oidc-client_quarkus.oidc-client.adoc b/_generated-doc/main/config/quarkus-oidc-client_quarkus.oidc-client.adoc index 4b16e500989..1126aece1f9 100644 --- a/_generated-doc/main/config/quarkus-oidc-client_quarkus.oidc-client.adoc +++ b/_generated-doc/main/config/quarkus-oidc-client_quarkus.oidc-client.adoc @@ -28,8 +28,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-auth-server-url]] [.property-path]# [.description] -- -The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. Do not set this property if you use 'quarkus-oidc' and the public key verification (`public-key`) or certificate chain verification only (`certificate-chain`) is required. The OIDC discovery endpoint is called by default by appending a `.well-known/openid-configuration` path to this URL. For Keycloak, use `https://host:port/realms/++{++realm++}++`, replacing `++{++realm++}++` with the Keycloak realm name. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_AUTH_SERVER_URL+++[] @@ -45,8 +43,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-discovery-enabled]] [.property-path [.description] -- -Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_DISCOVERY_ENABLED+++[] @@ -62,8 +58,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-registration-path]] [.property-path [.description] -- -The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PATH+++[] @@ -79,8 +73,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-connection-delay]] [.property-path] [.description] -- -The duration to attempt the initial connection to an OIDC server. For example, setting the duration to `20S` allows 10 retries, each 2 seconds apart. This property is only effective when the initial OIDC connection is created. For dropped connections, use the `connection-retry-count` property instead. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CONNECTION_DELAY+++[] @@ -96,8 +88,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-connection-retry-count]] [.property [.description] -- -The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from `connection-delay`, which applies only to initial connection attempts. For instance, if a request to the OIDC token endpoint fails due to a connection issue, it will be retried as per this setting. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CONNECTION_RETRY_COUNT+++[] @@ -113,8 +103,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-connection-timeout]] [.property-pat [.description] -- -The number of seconds after which the current OIDC connection request times out. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CONNECTION_TIMEOUT+++[] @@ -130,8 +118,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-use-blocking-dns-lookup]] [.propert [.description] -- -Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_USE_BLOCKING_DNS_LOOKUP+++[] @@ -147,8 +133,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-max-pool-size]] [.property-path]##l [.description] -- -The maximum size of the connection pool used by the WebClient. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_MAX_POOL_SIZE+++[] @@ -164,8 +148,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-follow-redirects]] [.property-path] [.description] -- -Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_FOLLOW_REDIRECTS+++[] @@ -181,9 +163,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-host]] [.property-path]##link [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_HOST+++[] @@ -199,8 +178,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-port]] [.property-path]##link [.description] -- -The port number of the Proxy. The default value is `80`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_PORT+++[] @@ -216,8 +193,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-username]] [.property-path]## [.description] -- -The username, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_USERNAME+++[] @@ -233,8 +208,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-password]] [.property-path]## [.description] -- -The password, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_PASSWORD+++[] @@ -250,12 +223,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-tls-tls-configuration-name]] [.prop [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_TLS_TLS_CONFIGURATION_NAME+++[] @@ -271,8 +238,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-token-path]] [.property-path]##link [.description] -- -The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_TOKEN_PATH+++[] @@ -288,8 +253,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-revoke-path]] [.property-path]##lin [.description] -- -The relative path or absolute URL of the OIDC token revocation endpoint. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REVOKE_PATH+++[] @@ -305,8 +268,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-client-id]] [.property-path]##link: [.description] -- -The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CLIENT_ID+++[] @@ -322,8 +283,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-client-name]] [.property-path]##lin [.description] -- -The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CLIENT_NAME+++[] @@ -339,8 +298,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-secret]] [.property-pat [.description] -- -The client secret used by the `client_secret_basic` authentication method. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. You can use `client-secret.value` instead, but both properties are mutually exclusive. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_SECRET+++[] @@ -356,8 +313,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-value]] [ [.description] -- -The client secret value. This value is ignored if `credentials.secret` is set. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_VALUE+++[] @@ -373,8 +328,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-provider- [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++[] @@ -390,8 +343,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-provider- [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++[] @@ -407,8 +358,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-provider- [.description] -- -The CredentialsProvider client secret key - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++[] @@ -424,8 +373,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-method]] [.description] -- -The authentication method. If the `clientSecret.value` secret is set, this method is `basic` by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_METHOD+++[] @@ -434,15 +381,13 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_METHOD+++` endif::add-copy-button-to-env-var[] -- -a|tooltip:basic[`client_secret_basic` (default)\: The client id and secret are submitted with the HTTP Authorization Basic scheme.], tooltip:post[`client_secret_post`\: The client id and secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:post-jwt[`client_secret_jwt`\: The client id and generated JWT secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:query[client id and secret are submitted as HTTP query parameters. This option is only supported by the OIDC extension.] +a|`basic`, `post`, `post-jwt`, `query` | a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-source]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-source[`quarkus.oidc-client.credentials.jwt.source`]## [.description] -- -JWT token source: OIDC provider client or an existing JWT bearer token. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SOURCE+++[] @@ -458,8 +403,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret]] [.property [.description] -- -If provided, indicates that JWT is signed using a secret key. It is mutually exclusive with `key`, `key-file` and `key-store` properties. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET+++[] @@ -475,8 +418,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret-provider-nam [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++[] @@ -492,8 +433,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret-provider-key [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++[] @@ -509,8 +448,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret-provider-key [.description] -- -The CredentialsProvider client secret key - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++[] @@ -526,8 +463,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key]] [.property-pa [.description] -- -String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key-file` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY+++[] @@ -543,8 +478,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-file]] [.proper [.description] -- -If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_FILE+++[] @@ -560,8 +493,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-store-file]] [. [.description] -- -If provided, indicates that JWT is signed using a private key from a keystore. It is mutually exclusive with `secret`, `key` and `key-file` properties. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_STORE_FILE+++[] @@ -577,8 +508,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-store-password] [.description] -- -A parameter to specify the password of the keystore file. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_STORE_PASSWORD+++[] @@ -594,8 +523,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-id]] [.property [.description] -- -The private key id or alias. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_ID+++[] @@ -611,8 +538,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-password]] [.pr [.description] -- -The private key password. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_PASSWORD+++[] @@ -628,8 +553,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-audience]] [.proper [.description] -- -The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_AUDIENCE+++[] @@ -645,8 +568,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-token-key-id]] [.pr [.description] -- -The key identifier of the signing key added as a JWT `kid` header. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_TOKEN_KEY_ID+++[] @@ -662,8 +583,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-issuer]] [.property [.description] -- -The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_ISSUER+++[] @@ -679,8 +598,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-subject]] [.propert [.description] -- -Subject of the signing key added as a JWT `sub` claim The default value is the client id. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SUBJECT+++[] @@ -696,8 +613,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-claims-claim-name]] [.description] -- -Additional claims. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++[] @@ -713,8 +628,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-signature-algorithm [.description] -- -The signature algorithm used for the `key-file` property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++[] @@ -730,8 +643,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-lifespan]] [.proper [.description] -- -The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_LIFESPAN+++[] @@ -747,8 +658,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-assertion]] [.prope [.description] -- -If true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_ASSERTION+++[] @@ -1006,8 +915,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-auth-server-url]] [.property-pat [.description] -- -The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. Do not set this property if you use 'quarkus-oidc' and the public key verification (`public-key`) or certificate chain verification only (`certificate-chain`) is required. The OIDC discovery endpoint is called by default by appending a `.well-known/openid-configuration` path to this URL. For Keycloak, use `https://host:port/realms/++{++realm++}++`, replacing `++{++realm++}++` with the Keycloak realm name. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__AUTH_SERVER_URL+++[] @@ -1023,8 +930,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-discovery-enabled]] [.property-p [.description] -- -Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__DISCOVERY_ENABLED+++[] @@ -1040,8 +945,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-registration-path]] [.property-p [.description] -- -The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__REGISTRATION_PATH+++[] @@ -1057,8 +960,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-connection-delay]] [.property-pa [.description] -- -The duration to attempt the initial connection to an OIDC server. For example, setting the duration to `20S` allows 10 retries, each 2 seconds apart. This property is only effective when the initial OIDC connection is created. For dropped connections, use the `connection-retry-count` property instead. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CONNECTION_DELAY+++[] @@ -1074,8 +975,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-connection-retry-count]] [.prope [.description] -- -The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from `connection-delay`, which applies only to initial connection attempts. For instance, if a request to the OIDC token endpoint fails due to a connection issue, it will be retried as per this setting. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CONNECTION_RETRY_COUNT+++[] @@ -1091,8 +990,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-connection-timeout]] [.property- [.description] -- -The number of seconds after which the current OIDC connection request times out. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CONNECTION_TIMEOUT+++[] @@ -1108,8 +1005,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-use-blocking-dns-lookup]] [.prop [.description] -- -Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__USE_BLOCKING_DNS_LOOKUP+++[] @@ -1125,8 +1020,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-max-pool-size]] [.property-path] [.description] -- -The maximum size of the connection pool used by the WebClient. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__MAX_POOL_SIZE+++[] @@ -1142,8 +1035,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-follow-redirects]] [.property-pa [.description] -- -Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__FOLLOW_REDIRECTS+++[] @@ -1159,9 +1050,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-proxy-host]] [.property-path]##l [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__PROXY_HOST+++[] @@ -1177,8 +1065,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-proxy-port]] [.property-path]##l [.description] -- -The port number of the Proxy. The default value is `80`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__PROXY_PORT+++[] @@ -1194,8 +1080,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-proxy-username]] [.property-path [.description] -- -The username, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__PROXY_USERNAME+++[] @@ -1211,8 +1095,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-proxy-password]] [.property-path [.description] -- -The password, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__PROXY_PASSWORD+++[] @@ -1228,12 +1110,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-tls-tls-configuration-name]] [.p [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__TLS_TLS_CONFIGURATION_NAME+++[] @@ -1249,8 +1125,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-token-path]] [.property-path]##l [.description] -- -The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__TOKEN_PATH+++[] @@ -1266,8 +1140,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-revoke-path]] [.property-path]## [.description] -- -The relative path or absolute URL of the OIDC token revocation endpoint. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__REVOKE_PATH+++[] @@ -1283,8 +1155,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-client-id]] [.property-path]##li [.description] -- -The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CLIENT_ID+++[] @@ -1300,8 +1170,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-client-name]] [.property-path]## [.description] -- -The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CLIENT_NAME+++[] @@ -1317,8 +1185,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-secret]] [.property- [.description] -- -The client secret used by the `client_secret_basic` authentication method. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. You can use `client-secret.value` instead, but both properties are mutually exclusive. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_SECRET+++[] @@ -1334,8 +1200,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-client-secret-value] [.description] -- -The client secret value. This value is ignored if `credentials.secret` is set. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_CLIENT_SECRET_VALUE+++[] @@ -1351,8 +1215,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-client-secret-provid [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++[] @@ -1368,8 +1230,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-client-secret-provid [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++[] @@ -1385,8 +1245,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-client-secret-provid [.description] -- -The CredentialsProvider client secret key - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++[] @@ -1402,8 +1260,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-client-secret-method [.description] -- -The authentication method. If the `clientSecret.value` secret is set, this method is `basic` by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_CLIENT_SECRET_METHOD+++[] @@ -1412,15 +1268,13 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_CLIENT_SECRET_METHOD+++` endif::add-copy-button-to-env-var[] -- -a|tooltip:basic[`client_secret_basic` (default)\: The client id and secret are submitted with the HTTP Authorization Basic scheme.], tooltip:post[`client_secret_post`\: The client id and secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:post-jwt[`client_secret_jwt`\: The client id and generated JWT secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:query[client id and secret are submitted as HTTP query parameters. This option is only supported by the OIDC extension.] +a|`basic`, `post`, `post-jwt`, `query` | a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-source]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-source[`quarkus.oidc-client."id".credentials.jwt.source`]## [.description] -- -JWT token source: OIDC provider client or an existing JWT bearer token. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_SOURCE+++[] @@ -1436,8 +1290,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-secret]] [.prope [.description] -- -If provided, indicates that JWT is signed using a secret key. It is mutually exclusive with `key`, `key-file` and `key-store` properties. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_SECRET+++[] @@ -1453,8 +1305,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-secret-provider- [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++[] @@ -1470,8 +1320,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-secret-provider- [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++[] @@ -1487,8 +1335,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-secret-provider- [.description] -- -The CredentialsProvider client secret key - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++[] @@ -1504,8 +1350,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-key]] [.property [.description] -- -String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key-file` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_KEY+++[] @@ -1521,8 +1365,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-key-file]] [.pro [.description] -- -If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_KEY_FILE+++[] @@ -1538,8 +1380,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-key-store-file]] [.description] -- -If provided, indicates that JWT is signed using a private key from a keystore. It is mutually exclusive with `secret`, `key` and `key-file` properties. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_KEY_STORE_FILE+++[] @@ -1555,8 +1395,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-key-store-passwo [.description] -- -A parameter to specify the password of the keystore file. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_KEY_STORE_PASSWORD+++[] @@ -1572,8 +1410,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-key-id]] [.prope [.description] -- -The private key id or alias. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_KEY_ID+++[] @@ -1589,8 +1425,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-key-password]] [ [.description] -- -The private key password. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_KEY_PASSWORD+++[] @@ -1606,8 +1440,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-audience]] [.pro [.description] -- -The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_AUDIENCE+++[] @@ -1623,8 +1455,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-token-key-id]] [ [.description] -- -The key identifier of the signing key added as a JWT `kid` header. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_TOKEN_KEY_ID+++[] @@ -1640,8 +1470,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-issuer]] [.prope [.description] -- -The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_ISSUER+++[] @@ -1657,8 +1485,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-subject]] [.prop [.description] -- -Subject of the signing key added as a JWT `sub` claim The default value is the client id. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_SUBJECT+++[] @@ -1674,8 +1500,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-claims-claim-nam [.description] -- -Additional claims. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++[] @@ -1691,8 +1515,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-signature-algori [.description] -- -The signature algorithm used for the `key-file` property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++[] @@ -1708,8 +1530,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-lifespan]] [.pro [.description] -- -The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_LIFESPAN+++[] @@ -1725,8 +1545,6 @@ a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-jwt-assertion]] [.pr [.description] -- -If true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT__ID__CREDENTIALS_JWT_ASSERTION+++[] diff --git a/_generated-doc/main/config/quarkus-oidc.adoc b/_generated-doc/main/config/quarkus-oidc.adoc index abff84fbb93..842f3b1def6 100644 --- a/_generated-doc/main/config/quarkus-oidc.adoc +++ b/_generated-doc/main/config/quarkus-oidc.adoc @@ -96,8 +96,6 @@ a| [[quarkus-oidc_quarkus-oidc-auth-server-url]] [.property-path]##link:#quarkus [.description] -- -The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. Do not set this property if you use 'quarkus-oidc' and the public key verification (`public-key`) or certificate chain verification only (`certificate-chain`) is required. The OIDC discovery endpoint is called by default by appending a `.well-known/openid-configuration` path to this URL. For Keycloak, use `https://host:port/realms/++{++realm++}++`, replacing `++{++realm++}++` with the Keycloak realm name. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTH_SERVER_URL+++[] @@ -113,8 +111,6 @@ a| [[quarkus-oidc_quarkus-oidc-discovery-enabled]] [.property-path]##link:#quark [.description] -- -Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DISCOVERY_ENABLED+++[] @@ -130,8 +126,6 @@ a| [[quarkus-oidc_quarkus-oidc-registration-path]] [.property-path]##link:#quark [.description] -- -The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_REGISTRATION_PATH+++[] @@ -147,8 +141,6 @@ a| [[quarkus-oidc_quarkus-oidc-connection-delay]] [.property-path]##link:#quarku [.description] -- -The duration to attempt the initial connection to an OIDC server. For example, setting the duration to `20S` allows 10 retries, each 2 seconds apart. This property is only effective when the initial OIDC connection is created. For dropped connections, use the `connection-retry-count` property instead. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CONNECTION_DELAY+++[] @@ -164,8 +156,6 @@ a| [[quarkus-oidc_quarkus-oidc-connection-retry-count]] [.property-path]##link:# [.description] -- -The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from `connection-delay`, which applies only to initial connection attempts. For instance, if a request to the OIDC token endpoint fails due to a connection issue, it will be retried as per this setting. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CONNECTION_RETRY_COUNT+++[] @@ -181,8 +171,6 @@ a| [[quarkus-oidc_quarkus-oidc-connection-timeout]] [.property-path]##link:#quar [.description] -- -The number of seconds after which the current OIDC connection request times out. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CONNECTION_TIMEOUT+++[] @@ -198,8 +186,6 @@ a| [[quarkus-oidc_quarkus-oidc-use-blocking-dns-lookup]] [.property-path]##link: [.description] -- -Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_USE_BLOCKING_DNS_LOOKUP+++[] @@ -215,8 +201,6 @@ a| [[quarkus-oidc_quarkus-oidc-max-pool-size]] [.property-path]##link:#quarkus-o [.description] -- -The maximum size of the connection pool used by the WebClient. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_MAX_POOL_SIZE+++[] @@ -232,8 +216,6 @@ a| [[quarkus-oidc_quarkus-oidc-follow-redirects]] [.property-path]##link:#quarku [.description] -- -Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_FOLLOW_REDIRECTS+++[] @@ -249,9 +231,6 @@ a| [[quarkus-oidc_quarkus-oidc-proxy-host]] [.property-path]##link:#quarkus-oidc [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_HOST+++[] @@ -267,8 +246,6 @@ a| [[quarkus-oidc_quarkus-oidc-proxy-port]] [.property-path]##link:#quarkus-oidc [.description] -- -The port number of the Proxy. The default value is `80`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_PORT+++[] @@ -284,8 +261,6 @@ a| [[quarkus-oidc_quarkus-oidc-proxy-username]] [.property-path]##link:#quarkus- [.description] -- -The username, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_USERNAME+++[] @@ -301,8 +276,6 @@ a| [[quarkus-oidc_quarkus-oidc-proxy-password]] [.property-path]##link:#quarkus- [.description] -- -The password, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_PASSWORD+++[] @@ -318,12 +291,6 @@ a| [[quarkus-oidc_quarkus-oidc-tls-tls-configuration-name]] [.property-path]##li [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TLS_TLS_CONFIGURATION_NAME+++[] @@ -339,8 +306,6 @@ a| [[quarkus-oidc_quarkus-oidc-token-path]] [.property-path]##link:#quarkus-oidc [.description] -- -The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_PATH+++[] @@ -356,8 +321,6 @@ a| [[quarkus-oidc_quarkus-oidc-revoke-path]] [.property-path]##link:#quarkus-oid [.description] -- -The relative path or absolute URL of the OIDC token revocation endpoint. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_REVOKE_PATH+++[] @@ -373,8 +336,6 @@ a| [[quarkus-oidc_quarkus-oidc-client-id]] [.property-path]##link:#quarkus-oidc_ [.description] -- -The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ID+++[] @@ -390,8 +351,6 @@ a| [[quarkus-oidc_quarkus-oidc-client-name]] [.property-path]##link:#quarkus-oid [.description] -- -The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_NAME+++[] @@ -407,8 +366,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-secret]] [.property-path]##link:#quar [.description] -- -The client secret used by the `client_secret_basic` authentication method. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. You can use `client-secret.value` instead, but both properties are mutually exclusive. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_SECRET+++[] @@ -424,8 +381,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-value]] [.property-path [.description] -- -The client secret value. This value is ignored if `credentials.secret` is set. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_VALUE+++[] @@ -441,8 +396,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-name]] [.prope [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++[] @@ -458,8 +411,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-keyring-name]] [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++[] @@ -475,8 +426,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-key]] [.proper [.description] -- -The CredentialsProvider client secret key - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++[] @@ -492,8 +441,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-method]] [.property-pat [.description] -- -The authentication method. If the `clientSecret.value` secret is set, this method is `basic` by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_METHOD+++[] @@ -502,15 +449,13 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_METHOD+++` endif::add-copy-button-to-env-var[] -- -a|tooltip:basic[`client_secret_basic` (default)\: The client id and secret are submitted with the HTTP Authorization Basic scheme.], tooltip:post[`client_secret_post`\: The client id and secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:post-jwt[`client_secret_jwt`\: The client id and generated JWT secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:query[client id and secret are submitted as HTTP query parameters. This option is only supported by the OIDC extension.] +a|`basic`, `post`, `post-jwt`, `query` | a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-source]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-source[`quarkus.oidc.credentials.jwt.source`]## [.description] -- -JWT token source: OIDC provider client or an existing JWT bearer token. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SOURCE+++[] @@ -526,8 +471,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret]] [.property-path]##link:# [.description] -- -If provided, indicates that JWT is signed using a secret key. It is mutually exclusive with `key`, `key-file` and `key-store` properties. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET+++[] @@ -543,8 +486,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-name]] [.property [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++[] @@ -560,8 +501,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-keyring-name]] [. [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++[] @@ -577,8 +516,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-key]] [.property- [.description] -- -The CredentialsProvider client secret key - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++[] @@ -594,8 +531,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key]] [.property-path]##link:#qua [.description] -- -String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key-file` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY+++[] @@ -611,8 +546,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-file]] [.property-path]##link [.description] -- -If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_FILE+++[] @@ -628,8 +561,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-file]] [.property-path] [.description] -- -If provided, indicates that JWT is signed using a private key from a keystore. It is mutually exclusive with `secret`, `key` and `key-file` properties. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_FILE+++[] @@ -645,8 +576,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-password]] [.property-p [.description] -- -A parameter to specify the password of the keystore file. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_PASSWORD+++[] @@ -662,8 +591,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-id]] [.property-path]##link:# [.description] -- -The private key id or alias. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_ID+++[] @@ -679,8 +606,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-password]] [.property-path]## [.description] -- -The private key password. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_PASSWORD+++[] @@ -696,8 +621,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-audience]] [.property-path]##link [.description] -- -The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_AUDIENCE+++[] @@ -713,8 +636,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-token-key-id]] [.property-path]## [.description] -- -The key identifier of the signing key added as a JWT `kid` header. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_TOKEN_KEY_ID+++[] @@ -730,8 +651,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-issuer]] [.property-path]##link:# [.description] -- -The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_ISSUER+++[] @@ -747,8 +666,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-subject]] [.property-path]##link: [.description] -- -Subject of the signing key added as a JWT `sub` claim The default value is the client id. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SUBJECT+++[] @@ -764,8 +681,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-claims-claim-name]] [.property-pa [.description] -- -Additional claims. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++[] @@ -781,8 +696,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-signature-algorithm]] [.property- [.description] -- -The signature algorithm used for the `key-file` property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++[] @@ -798,8 +711,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-lifespan]] [.property-path]##link [.description] -- -The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_LIFESPAN+++[] @@ -815,8 +726,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-assertion]] [.property-path]##lin [.description] -- -If true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_ASSERTION+++[] @@ -2610,8 +2519,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-auth-server-url]] [.property-path]##link:# [.description] -- -The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. Do not set this property if you use 'quarkus-oidc' and the public key verification (`public-key`) or certificate chain verification only (`certificate-chain`) is required. The OIDC discovery endpoint is called by default by appending a `.well-known/openid-configuration` path to this URL. For Keycloak, use `https://host:port/realms/++{++realm++}++`, replacing `++{++realm++}++` with the Keycloak realm name. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTH_SERVER_URL+++[] @@ -2627,8 +2534,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-discovery-enabled]] [.property-path]##link [.description] -- -Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__DISCOVERY_ENABLED+++[] @@ -2644,8 +2549,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-registration-path]] [.property-path]##link [.description] -- -The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__REGISTRATION_PATH+++[] @@ -2661,8 +2564,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-connection-delay]] [.property-path]##link: [.description] -- -The duration to attempt the initial connection to an OIDC server. For example, setting the duration to `20S` allows 10 retries, each 2 seconds apart. This property is only effective when the initial OIDC connection is created. For dropped connections, use the `connection-retry-count` property instead. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CONNECTION_DELAY+++[] @@ -2678,8 +2579,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-connection-retry-count]] [.property-path]# [.description] -- -The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from `connection-delay`, which applies only to initial connection attempts. For instance, if a request to the OIDC token endpoint fails due to a connection issue, it will be retried as per this setting. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CONNECTION_RETRY_COUNT+++[] @@ -2695,8 +2594,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-connection-timeout]] [.property-path]##lin [.description] -- -The number of seconds after which the current OIDC connection request times out. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CONNECTION_TIMEOUT+++[] @@ -2712,8 +2609,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-use-blocking-dns-lookup]] [.property-path] [.description] -- -Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__USE_BLOCKING_DNS_LOOKUP+++[] @@ -2729,8 +2624,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-max-pool-size]] [.property-path]##link:#qu [.description] -- -The maximum size of the connection pool used by the WebClient. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__MAX_POOL_SIZE+++[] @@ -2746,8 +2639,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-follow-redirects]] [.property-path]##link: [.description] -- -Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__FOLLOW_REDIRECTS+++[] @@ -2763,9 +2654,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-proxy-host]] [.property-path]##link:#quark [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROXY_HOST+++[] @@ -2781,8 +2669,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-proxy-port]] [.property-path]##link:#quark [.description] -- -The port number of the Proxy. The default value is `80`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROXY_PORT+++[] @@ -2798,8 +2684,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-proxy-username]] [.property-path]##link:#q [.description] -- -The username, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROXY_USERNAME+++[] @@ -2815,8 +2699,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-proxy-password]] [.property-path]##link:#q [.description] -- -The password, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROXY_PASSWORD+++[] @@ -2832,12 +2714,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-tls-tls-configuration-name]] [.property-pa [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TLS_TLS_CONFIGURATION_NAME+++[] @@ -2853,8 +2729,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-token-path]] [.property-path]##link:#quark [.description] -- -The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_PATH+++[] @@ -2870,8 +2744,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-revoke-path]] [.property-path]##link:#quar [.description] -- -The relative path or absolute URL of the OIDC token revocation endpoint. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__REVOKE_PATH+++[] @@ -2887,8 +2759,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-client-id]] [.property-path]##link:#quarku [.description] -- -The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CLIENT_ID+++[] @@ -2904,8 +2774,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-client-name]] [.property-path]##link:#quar [.description] -- -The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CLIENT_NAME+++[] @@ -2921,8 +2789,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-secret]] [.property-path]##lin [.description] -- -The client secret used by the `client_secret_basic` authentication method. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. You can use `client-secret.value` instead, but both properties are mutually exclusive. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_SECRET+++[] @@ -2938,8 +2804,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-value]] [.proper [.description] -- -The client secret value. This value is ignored if `credentials.secret` is set. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_VALUE+++[] @@ -2955,8 +2819,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-name]] [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++[] @@ -2972,8 +2834,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-keyring [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++[] @@ -2989,8 +2849,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-key]] [ [.description] -- -The CredentialsProvider client secret key - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++[] @@ -3006,8 +2864,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-method]] [.prope [.description] -- -The authentication method. If the `clientSecret.value` secret is set, this method is `basic` by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_METHOD+++[] @@ -3016,15 +2872,13 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_METHOD+++` endif::add-copy-button-to-env-var[] -- -a|tooltip:basic[`client_secret_basic` (default)\: The client id and secret are submitted with the HTTP Authorization Basic scheme.], tooltip:post[`client_secret_post`\: The client id and secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:post-jwt[`client_secret_jwt`\: The client id and generated JWT secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:query[client id and secret are submitted as HTTP query parameters. This option is only supported by the OIDC extension.] +a|`basic`, `post`, `post-jwt`, `query` | a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-source]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-source[`quarkus.oidc."tenant".credentials.jwt.source`]## [.description] -- -JWT token source: OIDC provider client or an existing JWT bearer token. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SOURCE+++[] @@ -3040,8 +2894,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret]] [.property-path]# [.description] -- -If provided, indicates that JWT is signed using a secret key. It is mutually exclusive with `key`, `key-file` and `key-store` properties. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET+++[] @@ -3057,8 +2909,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-name]] [.p [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++[] @@ -3074,8 +2924,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-keyring-na [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++[] @@ -3091,8 +2939,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-key]] [.pr [.description] -- -The CredentialsProvider client secret key - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++[] @@ -3108,8 +2954,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key]] [.property-path]##li [.description] -- -String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key-file` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY+++[] @@ -3125,8 +2969,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-file]] [.property-path [.description] -- -If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_FILE+++[] @@ -3142,8 +2984,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-store-file]] [.propert [.description] -- -If provided, indicates that JWT is signed using a private key from a keystore. It is mutually exclusive with `secret`, `key` and `key-file` properties. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_STORE_FILE+++[] @@ -3159,8 +2999,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-store-password]] [.pro [.description] -- -A parameter to specify the password of the keystore file. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_STORE_PASSWORD+++[] @@ -3176,8 +3014,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-id]] [.property-path]# [.description] -- -The private key id or alias. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_ID+++[] @@ -3193,8 +3029,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-password]] [.property- [.description] -- -The private key password. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_PASSWORD+++[] @@ -3210,8 +3044,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-audience]] [.property-path [.description] -- -The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_AUDIENCE+++[] @@ -3227,8 +3059,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-token-key-id]] [.property- [.description] -- -The key identifier of the signing key added as a JWT `kid` header. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_TOKEN_KEY_ID+++[] @@ -3244,8 +3074,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-issuer]] [.property-path]# [.description] -- -The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_ISSUER+++[] @@ -3261,8 +3089,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-subject]] [.property-path] [.description] -- -Subject of the signing key added as a JWT `sub` claim The default value is the client id. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SUBJECT+++[] @@ -3278,8 +3104,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-claims-claim-name]] [.prop [.description] -- -Additional claims. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++[] @@ -3295,8 +3119,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-signature-algorithm]] [.pr [.description] -- -The signature algorithm used for the `key-file` property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++[] @@ -3312,8 +3134,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-lifespan]] [.property-path [.description] -- -The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_LIFESPAN+++[] @@ -3329,8 +3149,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-assertion]] [.property-pat [.description] -- -If true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_ASSERTION+++[] diff --git a/_generated-doc/main/config/quarkus-oidc_quarkus.oidc.adoc b/_generated-doc/main/config/quarkus-oidc_quarkus.oidc.adoc index abff84fbb93..842f3b1def6 100644 --- a/_generated-doc/main/config/quarkus-oidc_quarkus.oidc.adoc +++ b/_generated-doc/main/config/quarkus-oidc_quarkus.oidc.adoc @@ -96,8 +96,6 @@ a| [[quarkus-oidc_quarkus-oidc-auth-server-url]] [.property-path]##link:#quarkus [.description] -- -The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. Do not set this property if you use 'quarkus-oidc' and the public key verification (`public-key`) or certificate chain verification only (`certificate-chain`) is required. The OIDC discovery endpoint is called by default by appending a `.well-known/openid-configuration` path to this URL. For Keycloak, use `https://host:port/realms/++{++realm++}++`, replacing `++{++realm++}++` with the Keycloak realm name. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTH_SERVER_URL+++[] @@ -113,8 +111,6 @@ a| [[quarkus-oidc_quarkus-oidc-discovery-enabled]] [.property-path]##link:#quark [.description] -- -Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DISCOVERY_ENABLED+++[] @@ -130,8 +126,6 @@ a| [[quarkus-oidc_quarkus-oidc-registration-path]] [.property-path]##link:#quark [.description] -- -The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_REGISTRATION_PATH+++[] @@ -147,8 +141,6 @@ a| [[quarkus-oidc_quarkus-oidc-connection-delay]] [.property-path]##link:#quarku [.description] -- -The duration to attempt the initial connection to an OIDC server. For example, setting the duration to `20S` allows 10 retries, each 2 seconds apart. This property is only effective when the initial OIDC connection is created. For dropped connections, use the `connection-retry-count` property instead. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CONNECTION_DELAY+++[] @@ -164,8 +156,6 @@ a| [[quarkus-oidc_quarkus-oidc-connection-retry-count]] [.property-path]##link:# [.description] -- -The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from `connection-delay`, which applies only to initial connection attempts. For instance, if a request to the OIDC token endpoint fails due to a connection issue, it will be retried as per this setting. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CONNECTION_RETRY_COUNT+++[] @@ -181,8 +171,6 @@ a| [[quarkus-oidc_quarkus-oidc-connection-timeout]] [.property-path]##link:#quar [.description] -- -The number of seconds after which the current OIDC connection request times out. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CONNECTION_TIMEOUT+++[] @@ -198,8 +186,6 @@ a| [[quarkus-oidc_quarkus-oidc-use-blocking-dns-lookup]] [.property-path]##link: [.description] -- -Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_USE_BLOCKING_DNS_LOOKUP+++[] @@ -215,8 +201,6 @@ a| [[quarkus-oidc_quarkus-oidc-max-pool-size]] [.property-path]##link:#quarkus-o [.description] -- -The maximum size of the connection pool used by the WebClient. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_MAX_POOL_SIZE+++[] @@ -232,8 +216,6 @@ a| [[quarkus-oidc_quarkus-oidc-follow-redirects]] [.property-path]##link:#quarku [.description] -- -Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_FOLLOW_REDIRECTS+++[] @@ -249,9 +231,6 @@ a| [[quarkus-oidc_quarkus-oidc-proxy-host]] [.property-path]##link:#quarkus-oidc [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_HOST+++[] @@ -267,8 +246,6 @@ a| [[quarkus-oidc_quarkus-oidc-proxy-port]] [.property-path]##link:#quarkus-oidc [.description] -- -The port number of the Proxy. The default value is `80`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_PORT+++[] @@ -284,8 +261,6 @@ a| [[quarkus-oidc_quarkus-oidc-proxy-username]] [.property-path]##link:#quarkus- [.description] -- -The username, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_USERNAME+++[] @@ -301,8 +276,6 @@ a| [[quarkus-oidc_quarkus-oidc-proxy-password]] [.property-path]##link:#quarkus- [.description] -- -The password, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_PASSWORD+++[] @@ -318,12 +291,6 @@ a| [[quarkus-oidc_quarkus-oidc-tls-tls-configuration-name]] [.property-path]##li [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TLS_TLS_CONFIGURATION_NAME+++[] @@ -339,8 +306,6 @@ a| [[quarkus-oidc_quarkus-oidc-token-path]] [.property-path]##link:#quarkus-oidc [.description] -- -The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_PATH+++[] @@ -356,8 +321,6 @@ a| [[quarkus-oidc_quarkus-oidc-revoke-path]] [.property-path]##link:#quarkus-oid [.description] -- -The relative path or absolute URL of the OIDC token revocation endpoint. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_REVOKE_PATH+++[] @@ -373,8 +336,6 @@ a| [[quarkus-oidc_quarkus-oidc-client-id]] [.property-path]##link:#quarkus-oidc_ [.description] -- -The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ID+++[] @@ -390,8 +351,6 @@ a| [[quarkus-oidc_quarkus-oidc-client-name]] [.property-path]##link:#quarkus-oid [.description] -- -The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_NAME+++[] @@ -407,8 +366,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-secret]] [.property-path]##link:#quar [.description] -- -The client secret used by the `client_secret_basic` authentication method. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. You can use `client-secret.value` instead, but both properties are mutually exclusive. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_SECRET+++[] @@ -424,8 +381,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-value]] [.property-path [.description] -- -The client secret value. This value is ignored if `credentials.secret` is set. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_VALUE+++[] @@ -441,8 +396,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-name]] [.prope [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++[] @@ -458,8 +411,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-keyring-name]] [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++[] @@ -475,8 +426,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-key]] [.proper [.description] -- -The CredentialsProvider client secret key - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++[] @@ -492,8 +441,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-method]] [.property-pat [.description] -- -The authentication method. If the `clientSecret.value` secret is set, this method is `basic` by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_METHOD+++[] @@ -502,15 +449,13 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_METHOD+++` endif::add-copy-button-to-env-var[] -- -a|tooltip:basic[`client_secret_basic` (default)\: The client id and secret are submitted with the HTTP Authorization Basic scheme.], tooltip:post[`client_secret_post`\: The client id and secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:post-jwt[`client_secret_jwt`\: The client id and generated JWT secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:query[client id and secret are submitted as HTTP query parameters. This option is only supported by the OIDC extension.] +a|`basic`, `post`, `post-jwt`, `query` | a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-source]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-source[`quarkus.oidc.credentials.jwt.source`]## [.description] -- -JWT token source: OIDC provider client or an existing JWT bearer token. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SOURCE+++[] @@ -526,8 +471,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret]] [.property-path]##link:# [.description] -- -If provided, indicates that JWT is signed using a secret key. It is mutually exclusive with `key`, `key-file` and `key-store` properties. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET+++[] @@ -543,8 +486,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-name]] [.property [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++[] @@ -560,8 +501,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-keyring-name]] [. [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++[] @@ -577,8 +516,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-key]] [.property- [.description] -- -The CredentialsProvider client secret key - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++[] @@ -594,8 +531,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key]] [.property-path]##link:#qua [.description] -- -String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key-file` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY+++[] @@ -611,8 +546,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-file]] [.property-path]##link [.description] -- -If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_FILE+++[] @@ -628,8 +561,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-file]] [.property-path] [.description] -- -If provided, indicates that JWT is signed using a private key from a keystore. It is mutually exclusive with `secret`, `key` and `key-file` properties. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_FILE+++[] @@ -645,8 +576,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-password]] [.property-p [.description] -- -A parameter to specify the password of the keystore file. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_PASSWORD+++[] @@ -662,8 +591,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-id]] [.property-path]##link:# [.description] -- -The private key id or alias. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_ID+++[] @@ -679,8 +606,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-password]] [.property-path]## [.description] -- -The private key password. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_PASSWORD+++[] @@ -696,8 +621,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-audience]] [.property-path]##link [.description] -- -The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_AUDIENCE+++[] @@ -713,8 +636,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-token-key-id]] [.property-path]## [.description] -- -The key identifier of the signing key added as a JWT `kid` header. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_TOKEN_KEY_ID+++[] @@ -730,8 +651,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-issuer]] [.property-path]##link:# [.description] -- -The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_ISSUER+++[] @@ -747,8 +666,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-subject]] [.property-path]##link: [.description] -- -Subject of the signing key added as a JWT `sub` claim The default value is the client id. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SUBJECT+++[] @@ -764,8 +681,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-claims-claim-name]] [.property-pa [.description] -- -Additional claims. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++[] @@ -781,8 +696,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-signature-algorithm]] [.property- [.description] -- -The signature algorithm used for the `key-file` property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++[] @@ -798,8 +711,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-lifespan]] [.property-path]##link [.description] -- -The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_LIFESPAN+++[] @@ -815,8 +726,6 @@ a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-assertion]] [.property-path]##lin [.description] -- -If true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_ASSERTION+++[] @@ -2610,8 +2519,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-auth-server-url]] [.property-path]##link:# [.description] -- -The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. Do not set this property if you use 'quarkus-oidc' and the public key verification (`public-key`) or certificate chain verification only (`certificate-chain`) is required. The OIDC discovery endpoint is called by default by appending a `.well-known/openid-configuration` path to this URL. For Keycloak, use `https://host:port/realms/++{++realm++}++`, replacing `++{++realm++}++` with the Keycloak realm name. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTH_SERVER_URL+++[] @@ -2627,8 +2534,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-discovery-enabled]] [.property-path]##link [.description] -- -Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__DISCOVERY_ENABLED+++[] @@ -2644,8 +2549,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-registration-path]] [.property-path]##link [.description] -- -The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__REGISTRATION_PATH+++[] @@ -2661,8 +2564,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-connection-delay]] [.property-path]##link: [.description] -- -The duration to attempt the initial connection to an OIDC server. For example, setting the duration to `20S` allows 10 retries, each 2 seconds apart. This property is only effective when the initial OIDC connection is created. For dropped connections, use the `connection-retry-count` property instead. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CONNECTION_DELAY+++[] @@ -2678,8 +2579,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-connection-retry-count]] [.property-path]# [.description] -- -The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from `connection-delay`, which applies only to initial connection attempts. For instance, if a request to the OIDC token endpoint fails due to a connection issue, it will be retried as per this setting. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CONNECTION_RETRY_COUNT+++[] @@ -2695,8 +2594,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-connection-timeout]] [.property-path]##lin [.description] -- -The number of seconds after which the current OIDC connection request times out. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CONNECTION_TIMEOUT+++[] @@ -2712,8 +2609,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-use-blocking-dns-lookup]] [.property-path] [.description] -- -Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__USE_BLOCKING_DNS_LOOKUP+++[] @@ -2729,8 +2624,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-max-pool-size]] [.property-path]##link:#qu [.description] -- -The maximum size of the connection pool used by the WebClient. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__MAX_POOL_SIZE+++[] @@ -2746,8 +2639,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-follow-redirects]] [.property-path]##link: [.description] -- -Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__FOLLOW_REDIRECTS+++[] @@ -2763,9 +2654,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-proxy-host]] [.property-path]##link:#quark [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROXY_HOST+++[] @@ -2781,8 +2669,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-proxy-port]] [.property-path]##link:#quark [.description] -- -The port number of the Proxy. The default value is `80`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROXY_PORT+++[] @@ -2798,8 +2684,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-proxy-username]] [.property-path]##link:#q [.description] -- -The username, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROXY_USERNAME+++[] @@ -2815,8 +2699,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-proxy-password]] [.property-path]##link:#q [.description] -- -The password, if the Proxy needs authentication. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROXY_PASSWORD+++[] @@ -2832,12 +2714,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-tls-tls-configuration-name]] [.property-pa [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TLS_TLS_CONFIGURATION_NAME+++[] @@ -2853,8 +2729,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-token-path]] [.property-path]##link:#quark [.description] -- -The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_PATH+++[] @@ -2870,8 +2744,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-revoke-path]] [.property-path]##link:#quar [.description] -- -The relative path or absolute URL of the OIDC token revocation endpoint. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__REVOKE_PATH+++[] @@ -2887,8 +2759,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-client-id]] [.property-path]##link:#quarku [.description] -- -The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CLIENT_ID+++[] @@ -2904,8 +2774,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-client-name]] [.property-path]##link:#quar [.description] -- -The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CLIENT_NAME+++[] @@ -2921,8 +2789,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-secret]] [.property-path]##lin [.description] -- -The client secret used by the `client_secret_basic` authentication method. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. You can use `client-secret.value` instead, but both properties are mutually exclusive. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_SECRET+++[] @@ -2938,8 +2804,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-value]] [.proper [.description] -- -The client secret value. This value is ignored if `credentials.secret` is set. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_VALUE+++[] @@ -2955,8 +2819,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-name]] [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++[] @@ -2972,8 +2834,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-keyring [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++[] @@ -2989,8 +2849,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-key]] [ [.description] -- -The CredentialsProvider client secret key - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++[] @@ -3006,8 +2864,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-method]] [.prope [.description] -- -The authentication method. If the `clientSecret.value` secret is set, this method is `basic` by default. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_METHOD+++[] @@ -3016,15 +2872,13 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_METHOD+++` endif::add-copy-button-to-env-var[] -- -a|tooltip:basic[`client_secret_basic` (default)\: The client id and secret are submitted with the HTTP Authorization Basic scheme.], tooltip:post[`client_secret_post`\: The client id and secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:post-jwt[`client_secret_jwt`\: The client id and generated JWT secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:query[client id and secret are submitted as HTTP query parameters. This option is only supported by the OIDC extension.] +a|`basic`, `post`, `post-jwt`, `query` | a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-source]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-source[`quarkus.oidc."tenant".credentials.jwt.source`]## [.description] -- -JWT token source: OIDC provider client or an existing JWT bearer token. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SOURCE+++[] @@ -3040,8 +2894,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret]] [.property-path]# [.description] -- -If provided, indicates that JWT is signed using a secret key. It is mutually exclusive with `key`, `key-file` and `key-store` properties. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET+++[] @@ -3057,8 +2909,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-name]] [.p [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++[] @@ -3074,8 +2924,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-keyring-na [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++[] @@ -3091,8 +2939,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-key]] [.pr [.description] -- -The CredentialsProvider client secret key - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++[] @@ -3108,8 +2954,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key]] [.property-path]##li [.description] -- -String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key-file` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY+++[] @@ -3125,8 +2969,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-file]] [.property-path [.description] -- -If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_FILE+++[] @@ -3142,8 +2984,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-store-file]] [.propert [.description] -- -If provided, indicates that JWT is signed using a private key from a keystore. It is mutually exclusive with `secret`, `key` and `key-file` properties. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_STORE_FILE+++[] @@ -3159,8 +2999,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-store-password]] [.pro [.description] -- -A parameter to specify the password of the keystore file. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_STORE_PASSWORD+++[] @@ -3176,8 +3014,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-id]] [.property-path]# [.description] -- -The private key id or alias. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_ID+++[] @@ -3193,8 +3029,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-password]] [.property- [.description] -- -The private key password. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_PASSWORD+++[] @@ -3210,8 +3044,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-audience]] [.property-path [.description] -- -The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_AUDIENCE+++[] @@ -3227,8 +3059,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-token-key-id]] [.property- [.description] -- -The key identifier of the signing key added as a JWT `kid` header. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_TOKEN_KEY_ID+++[] @@ -3244,8 +3074,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-issuer]] [.property-path]# [.description] -- -The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_ISSUER+++[] @@ -3261,8 +3089,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-subject]] [.property-path] [.description] -- -Subject of the signing key added as a JWT `sub` claim The default value is the client id. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SUBJECT+++[] @@ -3278,8 +3104,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-claims-claim-name]] [.prop [.description] -- -Additional claims. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++[] @@ -3295,8 +3119,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-signature-algorithm]] [.pr [.description] -- -The signature algorithm used for the `key-file` property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++[] @@ -3312,8 +3134,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-lifespan]] [.property-path [.description] -- -The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_LIFESPAN+++[] @@ -3329,8 +3149,6 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-assertion]] [.property-pat [.description] -- -If true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension. - ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_ASSERTION+++[] diff --git a/_generated-doc/main/config/quarkus-websockets-next.adoc b/_generated-doc/main/config/quarkus-websockets-next.adoc index 6d03510c7cf..b279e87d65f 100644 --- a/_generated-doc/main/config/quarkus-websockets-next.adoc +++ b/_generated-doc/main/config/quarkus-websockets-next.adoc @@ -11,7 +11,7 @@ a|icon:lock[title=Fixed at build time] [[quarkus-websockets-next_quarkus-websock [.description] -- -Specifies whether to activate the CDI request context when an endpoint callback is invoked. By default, the request context is only activated if needed. +Specifies the activation strategy for the CDI request context during endpoint callback invocation. By default, the request context is only activated if needed, i.e. if there is a bean with the given scope, or a bean annotated with a security annotation (such as `@RolesAllowed`), in the dependency tree of the endpoint. ifdef::add-copy-button-to-env-var[] @@ -21,8 +21,25 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_WEBSOCKETS_NEXT_SERVER_ACTIVATE_REQUEST_CONTEXT+++` endif::add-copy-button-to-env-var[] -- -a|tooltip:auto[The request context is only activated if needed, i.e. if there is a request scoped bean , or a bean annotated with a security annotation (such as `@RolesAllowed`) in the dependency tree of the endpoint.], tooltip:always[The request context is always activated.] -|tooltip:auto[The request context is only activated if needed, i.e. if there is a request scoped bean , or a bean annotated with a security annotation (such as {@code @RolesAllowed}) in the dependency tree of the endpoint.] +a|tooltip:auto[The context is only activated if needed.], tooltip:always[The context is always activated.] +|tooltip:auto[The context is only activated if needed.] + +a|icon:lock[title=Fixed at build time] [[quarkus-websockets-next_quarkus-websockets-next-server-activate-session-context]] [.property-path]##link:#quarkus-websockets-next_quarkus-websockets-next-server-activate-session-context[`quarkus.websockets-next.server.activate-session-context`]## + +[.description] +-- +Specifies the activation strategy for the CDI session context during endpoint callback invocation. By default, the session context is only activated if needed, i.e. if there is a bean with the given scope in the dependency tree of the endpoint. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_WEBSOCKETS_NEXT_SERVER_ACTIVATE_SESSION_CONTEXT+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_WEBSOCKETS_NEXT_SERVER_ACTIVATE_SESSION_CONTEXT+++` +endif::add-copy-button-to-env-var[] +-- +a|tooltip:auto[The context is only activated if needed.], tooltip:always[The context is always activated.] +|tooltip:auto[The context is only activated if needed.] a| [[quarkus-websockets-next_quarkus-websockets-next-client-offer-per-message-compression]] [.property-path]##link:#quarkus-websockets-next_quarkus-websockets-next-client-offer-per-message-compression[`quarkus.websockets-next.client.offer-per-message-compression`]## diff --git a/_generated-doc/main/config/quarkus-websockets-next_quarkus.websockets-next.adoc b/_generated-doc/main/config/quarkus-websockets-next_quarkus.websockets-next.adoc index 6d03510c7cf..b279e87d65f 100644 --- a/_generated-doc/main/config/quarkus-websockets-next_quarkus.websockets-next.adoc +++ b/_generated-doc/main/config/quarkus-websockets-next_quarkus.websockets-next.adoc @@ -11,7 +11,7 @@ a|icon:lock[title=Fixed at build time] [[quarkus-websockets-next_quarkus-websock [.description] -- -Specifies whether to activate the CDI request context when an endpoint callback is invoked. By default, the request context is only activated if needed. +Specifies the activation strategy for the CDI request context during endpoint callback invocation. By default, the request context is only activated if needed, i.e. if there is a bean with the given scope, or a bean annotated with a security annotation (such as `@RolesAllowed`), in the dependency tree of the endpoint. ifdef::add-copy-button-to-env-var[] @@ -21,8 +21,25 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_WEBSOCKETS_NEXT_SERVER_ACTIVATE_REQUEST_CONTEXT+++` endif::add-copy-button-to-env-var[] -- -a|tooltip:auto[The request context is only activated if needed, i.e. if there is a request scoped bean , or a bean annotated with a security annotation (such as `@RolesAllowed`) in the dependency tree of the endpoint.], tooltip:always[The request context is always activated.] -|tooltip:auto[The request context is only activated if needed, i.e. if there is a request scoped bean , or a bean annotated with a security annotation (such as {@code @RolesAllowed}) in the dependency tree of the endpoint.] +a|tooltip:auto[The context is only activated if needed.], tooltip:always[The context is always activated.] +|tooltip:auto[The context is only activated if needed.] + +a|icon:lock[title=Fixed at build time] [[quarkus-websockets-next_quarkus-websockets-next-server-activate-session-context]] [.property-path]##link:#quarkus-websockets-next_quarkus-websockets-next-server-activate-session-context[`quarkus.websockets-next.server.activate-session-context`]## + +[.description] +-- +Specifies the activation strategy for the CDI session context during endpoint callback invocation. By default, the session context is only activated if needed, i.e. if there is a bean with the given scope in the dependency tree of the endpoint. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_WEBSOCKETS_NEXT_SERVER_ACTIVATE_SESSION_CONTEXT+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_WEBSOCKETS_NEXT_SERVER_ACTIVATE_SESSION_CONTEXT+++` +endif::add-copy-button-to-env-var[] +-- +a|tooltip:auto[The context is only activated if needed.], tooltip:always[The context is always activated.] +|tooltip:auto[The context is only activated if needed.] a| [[quarkus-websockets-next_quarkus-websockets-next-client-offer-per-message-compression]] [.property-path]##link:#quarkus-websockets-next_quarkus-websockets-next-client-offer-per-message-compression[`quarkus.websockets-next.client.offer-per-message-compression`]## diff --git a/_generated-doc/main/infra/quarkus-all-build-items.adoc b/_generated-doc/main/infra/quarkus-all-build-items.adoc index c8a92c6f116..3b0e38de70b 100644 --- a/_generated-doc/main/infra/quarkus-all-build-items.adoc +++ b/_generated-doc/main/infra/quarkus-all-build-items.adoc @@ -3648,6 +3648,17 @@ h|Attributes +a| https://github.com/quarkusio/quarkus/blob/main/extensions/devservices/keycloak/src/main/java/io/quarkus/devservices/keycloak/KeycloakAdminPageBuildItem.java[`io.quarkus.devservices.keycloak.KeycloakAdminPageBuildItem`, window="_blank"] +[.description] +-- +Extensions should produce this build item if a DEV UI card with the Keycloak Admin link should be created for the extension. +-- a|`io.quarkus.devui.spi.page.CardPageBuildItem cardPage` + +_No Javadoc found_ + + + + a| https://github.com/quarkusio/quarkus/blob/main/extensions/devservices/keycloak/src/main/java/io/quarkus/devservices/keycloak/KeycloakDevServicesConfigBuildItem.java[`io.quarkus.devservices.keycloak.KeycloakDevServicesConfigBuildItem`, window="_blank"] [.description] -- @@ -3671,7 +3682,11 @@ a| https://github.com/quarkusio/quarkus/blob/main/extensions/devservices/keycloa [.description] -- A marker build item signifying that integrating extensions (like OIDC and OIDC client) are enabled. The Keycloak Dev Service will be started in DEV mode if at least one item is produced and the Dev Service is not disabled in other fashion. --- a|`io.quarkus.devservices.keycloak.Capability capability` +-- a|`io.quarkus.devservices.keycloak.KeycloakDevServicesConfigurator devServicesConfigurator` + +_No Javadoc found_ + +`java.lang.String authServerUrl` _No Javadoc found_ @@ -7753,22 +7768,6 @@ h|Attributes -a| https://github.com/quarkusio/quarkus/blob/main/extensions/security/spi/src/main/java/io/quarkus/security/spi/AdditionalSecuredClassesBuildItem.java[`io.quarkus.security.spi.AdditionalSecuredClassesBuildItem`, window="_blank"] -[.description] --- -Contains classes that need to have @DenyAll on all methods that don't have security annotations -@deprecated use `AdditionalSecuredMethodsBuildItem` --- a|`java.util.Collection additionalSecuredClasses` - -_No Javadoc found_ - -`java.util.Optional> rolesAllowed` - -_No Javadoc found_ - - - - a| https://github.com/quarkusio/quarkus/blob/main/extensions/security/spi/src/main/java/io/quarkus/security/spi/AdditionalSecuredMethodsBuildItem.java[`io.quarkus.security.spi.AdditionalSecuredMethodsBuildItem`, window="_blank"] [.description] -- diff --git a/_generated-doc/main/infra/quarkus-maven-plugin-goals.adoc b/_generated-doc/main/infra/quarkus-maven-plugin-goals.adoc index 2a0edc49e54..ee77d659faf 100644 --- a/_generated-doc/main/infra/quarkus-maven-plugin-goals.adoc +++ b/_generated-doc/main/infra/quarkus-maven-plugin-goals.adoc @@ -861,6 +861,15 @@ a| [[quarkus-maven-plugin-goal-dependency-sbom-repos]] repos |`List` (required) |`${project.remoteProjectRepositories}` +a| [[quarkus-maven-plugin-goal-dependency-sbom-quarkus.dependency.sbom.runtime-only]] quarkus.dependency.sbom.runtime-only + +[.description] +-- +Whether to limit application dependencies to only those that are included in the runtime +-- +|`boolean` +| + a| [[quarkus-maven-plugin-goal-dependency-sbom-quarkus.dependency.sbom.schema-version]] quarkus.dependency.sbom.schema-version [.description] @@ -941,6 +950,15 @@ a| [[quarkus-maven-plugin-goal-dependency-tree-repos]] repos |`List` (required) |`${project.remoteProjectRepositories}` +a| [[quarkus-maven-plugin-goal-dependency-tree-runtimeOnly]] runtimeOnly + +[.description] +-- +Whether to log only the runtime dependencies of the Quarkus application +-- +|`boolean` +| + a| [[quarkus-maven-plugin-goal-dependency-tree-session]] session |`MavenSession` |`${session}` diff --git a/_versions/main/guides/building-native-image.adoc b/_versions/main/guides/building-native-image.adoc index 760fbe72fb9..baa9be1b69f 100644 --- a/_versions/main/guides/building-native-image.adoc +++ b/_versions/main/guides/building-native-image.adoc @@ -896,7 +896,7 @@ For a more detailed guide about debugging native images please refer to the xref == Using Monitoring Options -Monitoring options such as JDK flight recorder, jvmstat, heap dumps, and remote JMX (experimental in Mandrel 23) +Monitoring options such as JDK flight recorder, jvmstat, heap dumps, NMT (starting with Mandrel 24.1 for JDK 23), and remote JMX can be added to the native executable build. Simply supply a comma separated list of the monitoring options you wish to include at build time. [source,bash] @@ -927,6 +927,10 @@ include at build time. |Adds support for accepting connections from JMX clients. |GraalVM for JDK 17/20 Mandrel 23.0 (17.0.7) +|nmt +|Adds support for native memory tracking. +|GraalVM for JDK 23 Mandrel 24.1 + |all |Adds all monitoring options. |GraalVM 22.3, GraalVM CE 17.0.7 Mandrel 22.3 Mandrel 23.0 (17.0.7) diff --git a/_versions/main/guides/deploying-to-google-cloud.adoc b/_versions/main/guides/deploying-to-google-cloud.adoc index 7a3a7ea54e6..0ba65a1796a 100644 --- a/_versions/main/guides/deploying-to-google-cloud.adoc +++ b/_versions/main/guides/deploying-to-google-cloud.adoc @@ -60,14 +60,14 @@ Then, you will need to create a `src/main/appengine/app.yaml` file, let's keep i [source, yaml] ---- -runtime: java17 +runtime: java21 ---- This will create a default service for your App Engine application. [NOTE] ==== -You can also use another Java runtime supported by App Engine, for example, for Java 21, use `runtime: java21` instead. +You can also use another Java runtime supported by App Engine, for example, for Java 17, use `runtime: java17` instead. ==== App Engine Standard does not support the default Quarkus' specific packaging layout, therefore, you must set up your application to be packaged as an uber-jar via your `application.properties` file: diff --git a/_versions/main/guides/mongodb-panache.adoc b/_versions/main/guides/mongodb-panache.adoc index bef7cf9c635..853f6e27b7d 100644 --- a/_versions/main/guides/mongodb-panache.adoc +++ b/_versions/main/guides/mongodb-panache.adoc @@ -707,7 +707,7 @@ TIP: Using `@BsonProperty` is not needed to define custom column mappings, as th TIP: You can have your projection class extends from another class. In this case, the parent class also needs to have use `@ProjectionFor` annotation. -TIP: If you run Java 17+, records are a good fit for projection classes. +TIP: Records are a good fit for projection classes. == Query debugging @@ -724,6 +724,7 @@ quarkus.log.category."io.quarkus.mongodb.panache.common.runtime".level=DEBUG MongoDB with Panache uses the link:{mongodb-doc-root-url}/fundamentals/data-formats/document-data-format-pojo/[PojoCodecProvider], with link:{mongodb-doc-root-url}/fundamentals/data-formats/document-data-format-pojo/#configure-the-driver-for-pojos[automatic POJO support], to automatically convert your object to a BSON document. +This codec also supports Java records so you can use them for your entities or an attribute of your entities. In case you encounter the `org.bson.codecs.configuration.CodecConfigurationException` exception, it means the codec is not able to automatically convert your object. diff --git a/_versions/main/guides/mongodb.adoc b/_versions/main/guides/mongodb.adoc index 59d936c5544..3885605ace9 100644 --- a/_versions/main/guides/mongodb.adoc +++ b/_versions/main/guides/mongodb.adoc @@ -570,7 +570,8 @@ public class CodecFruitService { == The POJO Codec The link:https://www.mongodb.com/docs/drivers/java/sync/current/fundamentals/data-formats/document-data-format-pojo/[POJO Codec] provides a set of annotations that enable the customization of -the way a POJO is mapped to a MongoDB collection and this codec is initialized automatically by Quarkus +the way a POJO is mapped to a MongoDB collection and this codec is initialized automatically by Quarkus. +This codec also supports Java records so you can use them for your POJOs or an attribute of your POJOs. One of these annotations is the `@BsonDiscriminator` annotation that allows to storage multiple Java types in a single MongoDB collection by adding a discriminator field inside the document. It can be useful when working with abstract types or interfaces. diff --git a/_versions/main/guides/native-reference.adoc b/_versions/main/guides/native-reference.adoc index f2ae15a6aee..f4e6e491bf8 100644 --- a/_versions/main/guides/native-reference.adoc +++ b/_versions/main/guides/native-reference.adoc @@ -2447,6 +2447,13 @@ The following table outlines Native Image JFR support and limitations by version * Event streaming |* No old object sampling +|GraalVM CE for JDK 23 and Mandrel 24.1 +|* Everything from GraalVM CE for JDK 17/20 and Mandrel 23.0 +* Additional events +* Always on allocation profiling (event throttling) +* Partial support for old object sampling (no tracking paths to GC roots) +* Support for `-XX:FlightRecorderOptions` +| * Old object sampling is missing path to GC root support |=== diff --git a/_versions/main/guides/websockets-next-reference.adoc b/_versions/main/guides/websockets-next-reference.adoc index 7935bb99743..e90a96fe228 100644 --- a/_versions/main/guides/websockets-next-reference.adoc +++ b/_versions/main/guides/websockets-next-reference.adoc @@ -162,6 +162,16 @@ However, developers can specify alternative scopes to fit their specific require `@Singleton` and `@ApplicationScoped` endpoints are shared across all WebSocket connections. Therefore, implementations should be either stateless or thread-safe. +==== Session context + +If an endpoint is annotated with `@SessionScoped`, or depends directly or indirectly on a `@SessionScoped` bean, then each WebSocket connection is associated with its own _session context_. +The session context is active during endpoint callback invocation. +Subsequent invocations of <> within the same connection utilize the same session context. +The session context remains active until the connection is closed (usually when the `@OnClose` method completes execution), at which point it is terminated. + +TIP: It is also possible to set the `quarkus.websockets-next.server.activate-session-context` config property to `always`. In this case, the session context is always activated, no matter if a `@SessionScoped` bean participates in the dependency tree. + +.`@SessionScoped` Endpoint [source,java] ---- import jakarta.enterprise.context.SessionScoped; @@ -172,20 +182,27 @@ public class MyWebSocket { } ---- -<1> This server endpoint is not shared and is scoped to the session. +<1> This server endpoint is not shared and is scoped to the session/connection. + +==== Request context + +If an endpoint is annotated with `@RequestScoped`, or with a security annotation (such as `@RolesAllowed`), or depends directly or indirectly on a `@RequestScoped` bean, or on a bean annotated with a security annotation, then each WebSocket endpoint callback method execution is associated with a new _request context_. +The request context is active during endpoint callback invocation. + +TIP: It is also possible to set the `quarkus.websockets-next.server.activate-request-context` config property to `always`. In this case, the request context is always activated when an endpoint callback is invoked. -Each WebSocket connection is associated with its own _session_ context. -When the `@OnOpen` method is invoked, a session context corresponding to the WebSocket connection is created. -Subsequent calls to `@On[Text|Binary]Message` or `@OnClose` methods utilize this same session context. -The session context remains active until the `@OnClose` method completes execution, at which point it is terminated. +.`@RequestScoped` Endpoint +[source,java] +---- +import jakarta.enterprise.context.RequestScoped; -In cases where a WebSocket endpoint does not declare an `@OnOpen` method, the session context is still created. -It remains active until the connection terminates, regardless of the presence of an `@OnClose` method. +@WebSocket(path = "/ws") +@RequestScoped <1> +public class MyWebSocket { -Endpoint callbacks may also have the request context activated for the duration of the method execution (until it produced its result). -By default, the request context is only activated if needed, i.e. if there is a request scoped bean , or a bean annotated with a security annotation (such as `@RolesAllowed`) in the dependency tree of the endpoint. -However, it is possible to set the `quarkus.websockets-next.server.activate-request-context` config property to `always`. -In this case, the request context is always activated when an endpoint callback is invoked. +} +---- +<1> This server endpoint is instantiated for each callback method execution. [[callback-methods]] === Callback methods diff --git a/_versions/main/guides/writing-extensions.adoc b/_versions/main/guides/writing-extensions.adoc index 727afd45f6d..fc78f9b1ecc 100644 --- a/_versions/main/guides/writing-extensions.adoc +++ b/_versions/main/guides/writing-extensions.adoc @@ -1970,6 +1970,35 @@ information about this start, in particular: It also provides a global context map you can use to store information between restarts, without needing to resort to static fields. +Here is an example of a build step that persists context across live reloads: + +[source,java] +---- +@BuildStep(onlyIf = {IsDevelopment.class}) +public void keyPairDevService(LiveReloadBuildItem liveReloadBuildItem, BuildProducer keyPairs) { + + KeyPairContext ctx = liveReloadBuildItem.getContextObject(KeyPairContext.class); // <1> + if (ctx == null && !liveReloadBuildItem.isLiveReload()) { // <2> + KeyPair keyPair = generateKeyPair(2048); + Map properties = generateDevServiceProperties(keyPair); + liveReloadBuildItem.setContextObject( // <3> + KeyPairContext.class, new KeyPairContext(properties)); + keyPairs.produce(new KeyPairBuildItem(properties)); + } + + if (ctx != null) { + Map properties = ctx.getProperties(); + keyPairs.produce(new KeyPairBuildItem(properties)); + } +} + +static record KeyPairContext(Map properties) {} +---- + +<1> You can retrieve the context from `LiveReloadBuildItem`. This call returns `null` if there is no context for the specified type; otherwise, it returns the stored instance from a previous live reload execution. +<2> You can check if this is the first execution (not a live reload). +<3> The `LiveReloadBuildItem#setContext` method allows you to set a context across live reloads. + ==== Triggering Live Reload Live reload is generally triggered by an HTTP request, however not all applications are HTTP applications and some extensions