From 286816d32e5dab73f32aa30abc4b94cb28205652 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 4 Oct 2023 01:58:03 +0000 Subject: [PATCH] Sync documentation of main branch --- _data/versioned/main/index/quarkus.yaml | 46 +++--- ....quarkus.mongodb.runtime.MongoClientConfig | 2 +- .../io.quarkus.oidc.OidcTenantConfig | 2 +- ....deployment.AmqpDevServicesBuildTimeConfig | 2 +- ...us.vertx.http.runtime.TrafficShapingConfig | 1 + .../io.quarkus.mongodb.runtime.MongodbConfig | 2 +- .../io.quarkus.oidc.runtime.OidcConfig | 2 +- ...saging.amqp.deployment.AmqpBuildTimeConfig | 2 +- ...arkus.vertx.http.runtime.HttpConfiguration | 2 +- .../main/config/quarkus-all-config.adoc | 156 +++++++++++++++++- .../quarkus-amqp-amqp-build-time-config.adoc | 10 +- .../quarkus-http-http-configuration.adoc | 106 ++++++++++++ ...godb-config-group-mongo-client-config.adoc | 36 ++++ .../quarkus-mongodb-general-config-items.adoc | 36 ++++ .../quarkus-mongodb-mongodb-config.adoc | 36 ++++ .../main/config/quarkus-mongodb.adoc | 36 ++++ .../quarkus-oidc-general-config-items.adoc | 4 +- .../main/config/quarkus-oidc-oidc-config.adoc | 4 +- .../quarkus-oidc-oidc-tenant-config.adoc | 4 +- _generated-doc/main/config/quarkus-oidc.adoc | 4 +- ...p-amqp-dev-services-build-time-config.adoc | 10 +- ...vemessaging-amqp-general-config-items.adoc | 10 +- ...arkus-smallrye-reactivemessaging-amqp.adoc | 10 +- ...p-config-group-traffic-shaping-config.adoc | 145 ++++++++++++++++ ...arkus-vertx-http-general-config-items.adoc | 106 ++++++++++++ .../main/config/quarkus-vertx-http.adoc | 106 ++++++++++++ _versions/main/guides/dev-ui-v2.adoc | 60 +++---- .../main/guides/grpc-getting-started.adoc | 4 +- _versions/main/guides/http-reference.adoc | 69 +++++++- .../images/oidc-mastodon-register-app.png | Bin 0 -> 73290 bytes .../images/oidc-mastodon-registered-apps.png | Bin 0 -> 13470 bytes _versions/main/guides/kafka.adoc | 62 ++++++- ...idc-code-flow-authentication-tutorial.adoc | 2 +- .../security-openid-connect-providers.adoc | 33 ++++ _versions/main/guides/transaction.adoc | 2 +- _versions/main/guides/upx.adoc | 2 - _versions/main/guides/virtual-threads.adoc | 6 +- 37 files changed, 1016 insertions(+), 104 deletions(-) create mode 100644 _generated-doc/main/config/all-configuration-groups-generated-doc/io.quarkus.vertx.http.runtime.TrafficShapingConfig create mode 100644 _generated-doc/main/config/quarkus-vertx-http-config-group-traffic-shaping-config.adoc create mode 100644 _versions/main/guides/images/oidc-mastodon-register-app.png create mode 100644 _versions/main/guides/images/oidc-mastodon-registered-apps.png diff --git a/_data/versioned/main/index/quarkus.yaml b/_data/versioned/main/index/quarkus.yaml index ac40b996c7..83312cb6da 100644 --- a/_data/versioned/main/index/quarkus.yaml +++ b/_data/versioned/main/index/quarkus.yaml @@ -5,7 +5,7 @@ types: - title: Authorization of web endpoints filename: security-authorize-web-endpoints-reference.adoc summary: Quarkus has an integrated pluggable web security layer. - categories: "web, security" + categories: "security, web" id: security-authorize-web-endpoints-reference type: reference url: /guides/security-authorize-web-endpoints-reference @@ -55,7 +55,7 @@ types: - title: Logging configuration filename: logging.adoc summary: "Read about the use of logging API in Quarkus, configuring logging output, and using logging adapters to unify the output from other logging APIs." - categories: "getting-started, observability, core" + categories: "observability, core, getting-started" id: logging type: reference url: /guides/logging @@ -159,21 +159,21 @@ types: - title: Authentication mechanisms in Quarkus filename: security-authentication-mechanisms.adoc summary: "The Quarkus Security framework supports multiple authentication mechanisms, which you can use to secure your applications." - categories: "web, security" + categories: "security, web" id: security-authentication-mechanisms type: concepts url: /guides/security-authentication-mechanisms - title: Basic authentication filename: security-basic-authentication.adoc summary: HTTP Basic authentication is one of the least resource-demanding techniques that enforce access controls to web resources. - categories: "web, security" + categories: "security, web" id: security-basic-authentication type: concepts url: /guides/security-basic-authentication - title: Configuring Well-Known OpenID Connect Providers filename: security-openid-connect-providers.adoc summary: This document explains how to configure well-known social OIDC and OAuth2 providers. - categories: "web, security" + categories: "security, web" id: security-openid-connect-providers type: concepts url: /guides/security-openid-connect-providers @@ -194,21 +194,21 @@ types: - title: OpenID Connect (OIDC) Bearer token authentication filename: security-oidc-bearer-token-authentication.adoc summary: Secure HTTP access to Jakarta REST (formerly known as JAX-RS) endpoints in your application with Bearer token authentication by using the Quarkus OpenID Connect (OIDC) extension. - categories: "web, security" + categories: "security, web" id: security-oidc-bearer-token-authentication type: concepts url: /guides/security-oidc-bearer-token-authentication - title: OpenID Connect authorization code flow mechanism for protecting web applications filename: security-oidc-code-flow-authentication.adoc summary: "To protect your web applications, you can use the industry-standard OpenID Connect (OIDC) Authorization Code Flow mechanism provided by the Quarkus OIDC extension." - categories: "web, security" + categories: "security, web" id: security-oidc-code-flow-authentication type: concepts url: /guides/security-oidc-code-flow-authentication - title: Proactive authentication filename: security-proactive-authentication.adoc summary: Proactive authentication is enabled in Quarkus by default. - categories: "web, security" + categories: "security, web" id: security-proactive-authentication type: concepts url: /guides/security-proactive-authentication @@ -265,7 +265,7 @@ types: - title: Use virtual threads in REST applications filename: resteasy-reactive-virtual-threads.adoc summary: How to use virtual threads in a REST application - categories: "web, core" + categories: "core, web" id: resteasy-reactive-virtual-threads type: howto url: /guides/resteasy-reactive-virtual-threads @@ -312,7 +312,7 @@ types: - title: Protect a web application by using OpenID Connect (OIDC) authorization code flow filename: security-oidc-code-flow-authentication-tutorial.adoc summary: "With the Quarkus OpenID Connect (OIDC) extension, you can protect application HTTP endpoints by using the OIDC Authorization Code Flow mechanism." - categories: "web, security" + categories: "security, web" id: security-oidc-code-flow-authentication-tutorial type: tutorial url: /guides/security-oidc-code-flow-authentication-tutorial @@ -325,7 +325,7 @@ types: - title: Secure a Quarkus application with Basic authentication and Jakarta Persistence filename: security-basic-authentication-tutorial.adoc summary: Secure your Quarkus application endpoints by combining the built-in Quarkus Basic authentication with the Jakarta Persistence identity provider to enable role-based access control (RBAC). - categories: "getting-started, security" + categories: "security, getting-started" id: security-basic-authentication-tutorial type: tutorial url: /guides/security-basic-authentication-tutorial @@ -338,7 +338,7 @@ types: - title: Your second Quarkus application filename: getting-started-dev-services.adoc summary: Discover some of the features that make developing with Quarkus a joyful experience. - categories: "getting-started, data, core" + categories: "core, getting-started, data" id: getting-started-dev-services-tutorial type: tutorial url: /guides/getting-started-dev-services @@ -394,7 +394,7 @@ types: - title: AppCDS filename: appcds.adoc summary: This reference guide explains how to enable AppCDS with Quarkus. - categories: "cloud, core" + categories: "core, cloud" type: guide url: /guides/appcds - title: Application Data Caching @@ -528,7 +528,7 @@ types: - title: Deploying on OpenShift filename: deploying-to-openshift.adoc summary: This guide covers how to deploy a native application on OpenShift. - categories: "native, cloud" + categories: "cloud, native" id: deploy-openshift type: guide url: /guides/deploying-to-openshift @@ -583,7 +583,7 @@ types: - title: Dev Services for Databases filename: databases-dev-services.adoc summary: "When testing or running in dev mode Quarkus can provide you with a zero-config database out of the box, a feature we refer to as Dev Services." - categories: "data, tooling" + categories: "tooling, data" type: guide url: /guides/databases-dev-services - title: Dev Services for Elasticsearch @@ -818,7 +818,7 @@ types: - title: Kubernetes extension filename: deploying-to-kubernetes.adoc summary: This guide covers how to deploy a native application on Kubernetes. - categories: "native, cloud" + categories: "cloud, native" id: deploy-kubernetes type: guide url: /guides/deploying-to-kubernetes @@ -957,14 +957,14 @@ types: - title: Quarkus and Gradle filename: gradle-tooling.adoc summary: Develop and build your Quarkus application with Gradle - categories: "native, tooling" + categories: "tooling, native" id: gradle-tooling type: guide url: /guides/gradle-tooling - title: Quarkus and Maven filename: maven-tooling.adoc summary: Develop and build your Quarkus application with Maven - categories: "native, tooling" + categories: "tooling, native" id: maven-tooling type: guide url: /guides/maven-tooling @@ -1062,7 +1062,7 @@ types: - title: SmallRye Fault Tolerance filename: smallrye-fault-tolerance.adoc summary: This guide demonstrates how your Quarkus application can utilize the SmallRye Fault Tolerance specification through the SmallRye Fault Tolerance extension. - categories: "web, observability" + categories: "observability, web" type: guide url: /guides/smallrye-fault-tolerance - title: SmallRye GraphQL @@ -1092,14 +1092,14 @@ types: - title: Testing Your Application filename: getting-started-testing.adoc summary: "This guide covers testing in JVM mode, native mode, and injection of resources into tests" - categories: "native, core, tooling" + categories: "core, tooling, native" id: testing type: guide url: /guides/getting-started-testing - title: Tips for writing native applications filename: writing-native-applications-tips.adoc summary: This guide is a collection of tips to help you solve the problems you encounter when compiling applications to native executable. - categories: "writing-extensions, native, core" + categories: "core, writing-extensions, native" type: guide url: /guides/writing-native-applications-tips - title: Using Apache Kafka Streams @@ -1228,7 +1228,7 @@ types: - title: Using SSL With Native Executables filename: native-and-ssl.adoc summary: "In this guide, we will discuss how you can get your native images to support SSL, as native images don't support it out of the box." - categories: "native, core, security" + categories: "security, core, native" type: guide url: /guides/native-and-ssl - title: Using Security with .properties File @@ -1347,7 +1347,7 @@ types: - title: Writing JSON REST Services filename: rest-json.adoc summary: JSON is now the lingua franca between microservices. - categories: "web, serialization" + categories: "serialization, web" type: guide url: /guides/rest-json - title: Writing REST Services with RESTEasy Reactive diff --git a/_generated-doc/main/config/all-configuration-groups-generated-doc/io.quarkus.mongodb.runtime.MongoClientConfig b/_generated-doc/main/config/all-configuration-groups-generated-doc/io.quarkus.mongodb.runtime.MongoClientConfig index e08e1f7e05..00ebe49af2 100644 --- a/_generated-doc/main/config/all-configuration-groups-generated-doc/io.quarkus.mongodb.runtime.MongoClientConfig +++ b/_generated-doc/main/config/all-configuration-groups-generated-doc/io.quarkus.mongodb.runtime.MongoClientConfig @@ -1 +1 @@ -[{"configDocKey":{"type":"string","key":".connection-string","additionalKeys":[],"configDoc":"Configures the connection string. The format is: `mongodb://++[++username:password@++]++host1++[++:port1++][++,host2++[++:port2++]++,...++[++,hostN++[++:portN++]]][++/++[++database.collection++][++?options++]]++`\n\n`mongodb://` is a required prefix to identify that this is a string in the standard connection format.\n\n`username:password@` are optional. If given, the driver will attempt to log in to a database after connecting to a database server. For some authentication mechanisms, only the username is specified and the password is not, in which case the \":\" after the username is left off as well.\n\n`host1` is the only required part of the connection string. It identifies a server address to connect to.\n\n`:portX` is optional and defaults to :27017 if not provided.\n\n`/database` is the name of the database to log in to and thus is only relevant if the `username:password@` syntax is used. If not specified the `admin` database will be used by default.\n\n`?options` are connection options. Note that if `database` is absent there is still a `/` required between the last host and the `?` introducing the options. Options are name=value pairs and the pairs are separated by \"&\".\n\nAn alternative format, using the `mongodb{plus}srv` protocol, is:\n\n```\nmongodb+srv://[username:password@]host[/[database][?options]]\n```\n\n\n\n - `mongodb{plus}srv://` is a required prefix for this format.\n - `username:password@` are optional. If given, the driver will attempt to login to a database after connecting to a database server. For some authentication mechanisms, only the username is specified and the password is not, in which case the \":\" after the username is left off as well\n - `host` is the only required part of the URI. It identifies a single host name for which SRV records are looked up from a Domain Name Server after prefixing the host name with `\"_mongodb._tcp\"`. The host/port for each SRV record becomes the seed list used to connect, as if each one were provided as host/port pair in a URI using the normal mongodb protocol.\n - `/database` is the name of the database to login to and thus is only relevant if the `username:password@` syntax is used. If not specified the \"admin\" database will be used by default.\n - `?options` are connection options. Note that if `database` is absent there is still a `/` required between the last host and the `?` introducing the options. Options are name=value pairs and the pairs are separated by \"&\". Additionally with the mongodb{plus}srv protocol, TXT records are looked up from a Domain Name Server for the given host, and the text value of each one is prepended to any options on the URI itself. Because the last specified value for any option wins, that means that options provided on the URI will override any that are provided via TXT records.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"connection-string","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".hosts","additionalKeys":[],"configDoc":"Configures the MongoDB server addressed (one if single mode). The addresses are passed as `host:port`.","withinAMap":false,"defaultValue":"127.0.0.1:27017","javaDocSiteLink":"","docMapKey":"hosts","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".database","additionalKeys":[],"configDoc":"Configure the database name.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"database","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".application-name","additionalKeys":[],"configDoc":"Configures the application name.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"application-name","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":".max-pool-size","additionalKeys":[],"configDoc":"Configures the maximum number of connections in the connection pool.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"max-pool-size","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":".min-pool-size","additionalKeys":[],"configDoc":"Configures the minimum number of connections in the connection pool.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"min-pool-size","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".max-connection-idle-time","additionalKeys":[],"configDoc":"Maximum idle time of a pooled connection. A connection that exceeds this limit will be closed.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"max-connection-idle-time","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".max-connection-life-time","additionalKeys":[],"configDoc":"Maximum lifetime of a pooled connection. A connection that exceeds this limit will be closed.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"max-connection-life-time","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".maintenance-frequency","additionalKeys":[],"configDoc":"Configures the time period between runs of the maintenance job.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"maintenance-frequency","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".maintenance-initial-delay","additionalKeys":[],"configDoc":"Configures period of time to wait before running the first maintenance job on the connection pool.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"maintenance-initial-delay","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".connect-timeout","additionalKeys":[],"configDoc":"How long a connection can take to be opened before timing out.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"connect-timeout","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".read-timeout","additionalKeys":[],"configDoc":"How long a socket read can take before timing out.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"read-timeout","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".tls-insecure","additionalKeys":[],"configDoc":"If connecting with TLS, this option enables insecure TLS connections.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"tls-insecure","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".tls","additionalKeys":[],"configDoc":"Whether to connect using TLS.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"tls","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".replica-set-name","additionalKeys":[],"configDoc":"Implies that the hosts given are a seed list, and the driver will attempt to find all members of the set.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"replica-set-name","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".server-selection-timeout","additionalKeys":[],"configDoc":"How long the driver will wait for server selection to succeed before throwing an exception.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"server-selection-timeout","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".local-threshold","additionalKeys":[],"configDoc":"When choosing among multiple MongoDB servers to send a request, the driver will only send that request to a server whose ping time is less than or equal to the server with the fastest ping time plus the local threshold.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"local-threshold","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".heartbeat-frequency","additionalKeys":[],"configDoc":"The frequency that the driver will attempt to determine the current state of each server in the cluster.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"heartbeat-frequency","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocSection":{"name":".write-concern","optional":false,"withinAMap":false,"sectionDetails":"== Write concern","sectionDetailsTitle":"Write concern","configPhase":"BUILD_TIME","topLevelGrouping":"","configGroupType":"io.quarkus.mongodb.runtime.WriteConcernConfig","showSection":true,"configDocItems":[{"configDocKey":{"type":"boolean","key":".write-concern.safe","additionalKeys":[],"configDoc":"Configures the safety. If set to `true`: the driver ensures that all writes are acknowledged by the MongoDB server, or else throws an exception. (see also `w` and `wtimeoutMS`). If set fo\n - `false`: the driver does not ensure that all writes are acknowledged by the MongoDB server.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"safe","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".write-concern.journal","additionalKeys":[],"configDoc":"Configures the journal writing aspect. If set to `true`: the driver waits for the server to group commit to the journal file on disk. If set to `false`: the driver does not wait for the server to group commit to the journal file on disk.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"journal","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".write-concern.w","additionalKeys":[],"configDoc":"When set, the driver adds `w: wValue` to all write commands. It requires `safe` to be `true`. The value is typically a number, but can also be the `majority` string.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"w","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".write-concern.retry-writes","additionalKeys":[],"configDoc":"If set to `true`, the driver will retry supported write operations if they fail due to a network error.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"retry-writes","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".write-concern.w-timeout","additionalKeys":[],"configDoc":"When set, the driver adds `wtimeout : ms` to all write commands. It requires `safe` to be `true`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"w-timeout","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}],"anchorPrefix":null}},{"configDocKey":{"type":"string","key":".read-concern","additionalKeys":[],"configDoc":"Configures the read concern. Supported values are: `local++|++majority++|++linearizable++|++snapshot++|++available`","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"read-concern","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".read-preference","additionalKeys":[],"configDoc":"Configures the read preference. Supported values are: `primary++|++primaryPreferred++|++secondary++|++secondaryPreferred++|++nearest`","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"read-preference","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocSection":{"name":".credentials","optional":false,"withinAMap":false,"sectionDetails":"== Credentials and authentication mechanism","sectionDetailsTitle":"Credentials and authentication mechanism","configPhase":"BUILD_TIME","topLevelGrouping":"","configGroupType":"io.quarkus.mongodb.runtime.CredentialConfig","showSection":true,"configDocItems":[{"configDocKey":{"type":"string","key":".credentials.username","additionalKeys":[],"configDoc":"Configures the username.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"username","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.password","additionalKeys":[],"configDoc":"Configures the password.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"password","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.auth-mechanism","additionalKeys":[],"configDoc":"Configures the authentication mechanism to use if a credential was supplied. The default is unspecified, in which case the client will pick the most secure mechanism available based on the sever version. For the GSSAPI and MONGODB-X509 mechanisms, no password is accepted, only the username. Supported values: null or `GSSAPI++|++PLAIN++|++MONGODB-X509++|++SCRAM_SHA_1++|++SCRAM_SHA_256++|++MONGODB_AWS`","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"auth-mechanism","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.auth-source","additionalKeys":[],"configDoc":"Configures the source of the authentication credentials. This is typically the database where the credentials have been created. The value defaults to the database specified in the path portion of the connection string or in the 'database' configuration property. If the database is specified in neither place, the default value is `admin`. This option is only respected when using the MONGO-CR mechanism (the default).","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"auth-source","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"`Map`","key":".credentials.auth-mechanism-properties","additionalKeys":[],"configDoc":"Allows passing authentication mechanism properties.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"auth-mechanism-properties","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.credentials-provider","additionalKeys":[],"configDoc":"The credentials provider name","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"credentials-provider","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.credentials-provider-name","additionalKeys":[],"configDoc":"The credentials provider bean name.\n\nThis is a bean name (as in `@Named`) of a bean that implements `CredentialsProvider`. It is used to select the credentials provider bean when multiple exist. This is unnecessary when there is only one credentials provider available.\n\nFor Vault, the credentials provider bean name is `vault-credentials-provider`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"credentials-provider-name","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}],"anchorPrefix":null}},{"configDocKey":{"type":"string","key":".health.database","additionalKeys":[],"configDoc":"The database used during the readiness health checks","withinAMap":false,"defaultValue":"admin","javaDocSiteLink":"","docMapKey":"health-database","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}] \ No newline at end of file +[{"configDocKey":{"type":"string","key":".connection-string","additionalKeys":[],"configDoc":"Configures the connection string. The format is: `mongodb://++[++username:password@++]++host1++[++:port1++][++,host2++[++:port2++]++,...++[++,hostN++[++:portN++]]][++/++[++database.collection++][++?options++]]++`\n\n`mongodb://` is a required prefix to identify that this is a string in the standard connection format.\n\n`username:password@` are optional. If given, the driver will attempt to log in to a database after connecting to a database server. For some authentication mechanisms, only the username is specified and the password is not, in which case the \":\" after the username is left off as well.\n\n`host1` is the only required part of the connection string. It identifies a server address to connect to.\n\n`:portX` is optional and defaults to :27017 if not provided.\n\n`/database` is the name of the database to log in to and thus is only relevant if the `username:password@` syntax is used. If not specified the `admin` database will be used by default.\n\n`?options` are connection options. Note that if `database` is absent there is still a `/` required between the last host and the `?` introducing the options. Options are name=value pairs and the pairs are separated by \"&\".\n\nAn alternative format, using the `mongodb{plus}srv` protocol, is:\n\n```\nmongodb+srv://[username:password@]host[/[database][?options]]\n```\n\n\n\n - `mongodb{plus}srv://` is a required prefix for this format.\n - `username:password@` are optional. If given, the driver will attempt to login to a database after connecting to a database server. For some authentication mechanisms, only the username is specified and the password is not, in which case the \":\" after the username is left off as well\n - `host` is the only required part of the URI. It identifies a single host name for which SRV records are looked up from a Domain Name Server after prefixing the host name with `\"_mongodb._tcp\"`. The host/port for each SRV record becomes the seed list used to connect, as if each one were provided as host/port pair in a URI using the normal mongodb protocol.\n - `/database` is the name of the database to login to and thus is only relevant if the `username:password@` syntax is used. If not specified the \"admin\" database will be used by default.\n - `?options` are connection options. Note that if `database` is absent there is still a `/` required between the last host and the `?` introducing the options. Options are name=value pairs and the pairs are separated by \"&\". Additionally with the mongodb{plus}srv protocol, TXT records are looked up from a Domain Name Server for the given host, and the text value of each one is prepended to any options on the URI itself. Because the last specified value for any option wins, that means that options provided on the URI will override any that are provided via TXT records.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"connection-string","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".hosts","additionalKeys":[],"configDoc":"Configures the MongoDB server addressed (one if single mode). The addresses are passed as `host:port`.","withinAMap":false,"defaultValue":"127.0.0.1:27017","javaDocSiteLink":"","docMapKey":"hosts","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".database","additionalKeys":[],"configDoc":"Configure the database name.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"database","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".application-name","additionalKeys":[],"configDoc":"Configures the application name.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"application-name","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":".max-pool-size","additionalKeys":[],"configDoc":"Configures the maximum number of connections in the connection pool.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"max-pool-size","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":".min-pool-size","additionalKeys":[],"configDoc":"Configures the minimum number of connections in the connection pool.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"min-pool-size","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".max-connection-idle-time","additionalKeys":[],"configDoc":"Maximum idle time of a pooled connection. A connection that exceeds this limit will be closed.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"max-connection-idle-time","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".max-connection-life-time","additionalKeys":[],"configDoc":"Maximum lifetime of a pooled connection. A connection that exceeds this limit will be closed.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"max-connection-life-time","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".maintenance-frequency","additionalKeys":[],"configDoc":"Configures the time period between runs of the maintenance job.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"maintenance-frequency","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".maintenance-initial-delay","additionalKeys":[],"configDoc":"Configures period of time to wait before running the first maintenance job on the connection pool.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"maintenance-initial-delay","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".connect-timeout","additionalKeys":[],"configDoc":"How long a connection can take to be opened before timing out.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"connect-timeout","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".read-timeout","additionalKeys":[],"configDoc":"How long a socket read can take before timing out.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"read-timeout","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".tls-insecure","additionalKeys":[],"configDoc":"If connecting with TLS, this option enables insecure TLS connections.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"tls-insecure","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".tls","additionalKeys":[],"configDoc":"Whether to connect using TLS.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"tls","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".replica-set-name","additionalKeys":[],"configDoc":"Implies that the hosts given are a seed list, and the driver will attempt to find all members of the set.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"replica-set-name","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".server-selection-timeout","additionalKeys":[],"configDoc":"How long the driver will wait for server selection to succeed before throwing an exception.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"server-selection-timeout","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".local-threshold","additionalKeys":[],"configDoc":"When choosing among multiple MongoDB servers to send a request, the driver will only send that request to a server whose ping time is less than or equal to the server with the fastest ping time plus the local threshold.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"local-threshold","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".heartbeat-frequency","additionalKeys":[],"configDoc":"The frequency that the driver will attempt to determine the current state of each server in the cluster.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"heartbeat-frequency","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocSection":{"name":".write-concern","optional":false,"withinAMap":false,"sectionDetails":"== Write concern","sectionDetailsTitle":"Write concern","configPhase":"BUILD_TIME","topLevelGrouping":"","configGroupType":"io.quarkus.mongodb.runtime.WriteConcernConfig","showSection":true,"configDocItems":[{"configDocKey":{"type":"boolean","key":".write-concern.safe","additionalKeys":[],"configDoc":"Configures the safety. If set to `true`: the driver ensures that all writes are acknowledged by the MongoDB server, or else throws an exception. (see also `w` and `wtimeoutMS`). If set fo\n - `false`: the driver does not ensure that all writes are acknowledged by the MongoDB server.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"safe","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".write-concern.journal","additionalKeys":[],"configDoc":"Configures the journal writing aspect. If set to `true`: the driver waits for the server to group commit to the journal file on disk. If set to `false`: the driver does not wait for the server to group commit to the journal file on disk.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"journal","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".write-concern.w","additionalKeys":[],"configDoc":"When set, the driver adds `w: wValue` to all write commands. It requires `safe` to be `true`. The value is typically a number, but can also be the `majority` string.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"w","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".write-concern.retry-writes","additionalKeys":[],"configDoc":"If set to `true`, the driver will retry supported write operations if they fail due to a network error.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"retry-writes","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".write-concern.w-timeout","additionalKeys":[],"configDoc":"When set, the driver adds `wtimeout : ms` to all write commands. It requires `safe` to be `true`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"w-timeout","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}],"anchorPrefix":null}},{"configDocKey":{"type":"string","key":".read-concern","additionalKeys":[],"configDoc":"Configures the read concern. Supported values are: `local++|++majority++|++linearizable++|++snapshot++|++available`","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"read-concern","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".read-preference","additionalKeys":[],"configDoc":"Configures the read preference. Supported values are: `primary++|++primaryPreferred++|++secondary++|++secondaryPreferred++|++nearest`","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"read-preference","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocSection":{"name":".credentials","optional":false,"withinAMap":false,"sectionDetails":"== Credentials and authentication mechanism","sectionDetailsTitle":"Credentials and authentication mechanism","configPhase":"BUILD_TIME","topLevelGrouping":"","configGroupType":"io.quarkus.mongodb.runtime.CredentialConfig","showSection":true,"configDocItems":[{"configDocKey":{"type":"string","key":".credentials.username","additionalKeys":[],"configDoc":"Configures the username.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"username","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.password","additionalKeys":[],"configDoc":"Configures the password.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"password","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.auth-mechanism","additionalKeys":[],"configDoc":"Configures the authentication mechanism to use if a credential was supplied. The default is unspecified, in which case the client will pick the most secure mechanism available based on the sever version. For the GSSAPI and MONGODB-X509 mechanisms, no password is accepted, only the username. Supported values: null or `GSSAPI++|++PLAIN++|++MONGODB-X509++|++SCRAM_SHA_1++|++SCRAM_SHA_256++|++MONGODB_AWS`","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"auth-mechanism","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.auth-source","additionalKeys":[],"configDoc":"Configures the source of the authentication credentials. This is typically the database where the credentials have been created. The value defaults to the database specified in the path portion of the connection string or in the 'database' configuration property. If the database is specified in neither place, the default value is `admin`. This option is only respected when using the MONGO-CR mechanism (the default).","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"auth-source","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"`Map`","key":".credentials.auth-mechanism-properties","additionalKeys":[],"configDoc":"Allows passing authentication mechanism properties.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"auth-mechanism-properties","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.credentials-provider","additionalKeys":[],"configDoc":"The credentials provider name","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"credentials-provider","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.credentials-provider-name","additionalKeys":[],"configDoc":"The credentials provider bean name.\n\nThis is a bean name (as in `@Named`) of a bean that implements `CredentialsProvider`. It is used to select the credentials provider bean when multiple exist. This is unnecessary when there is only one credentials provider available.\n\nFor Vault, the credentials provider bean name is `vault-credentials-provider`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"credentials-provider-name","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}],"anchorPrefix":null}},{"configDocKey":{"type":"string","key":".health.database","additionalKeys":[],"configDoc":"The database used during the readiness health checks","withinAMap":false,"defaultValue":"admin","javaDocSiteLink":"","docMapKey":"health-database","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"org.bson.UuidRepresentation","key":".uuid-representation","additionalKeys":[],"configDoc":"Configures the UUID representation to use when encoding instances of `java.util.UUID` and when decoding BSON binary values with subtype of 3.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"uuid-representation","configPhase":"BUILD_TIME","acceptedValues":["`unspecified`","`standard`","`c-sharp-legacy`","`java-legacy`","`python-legacy`"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":true}}] \ No newline at end of file diff --git a/_generated-doc/main/config/all-configuration-groups-generated-doc/io.quarkus.oidc.OidcTenantConfig b/_generated-doc/main/config/all-configuration-groups-generated-doc/io.quarkus.oidc.OidcTenantConfig index 26098ee353..e24338f816 100644 --- a/_generated-doc/main/config/all-configuration-groups-generated-doc/io.quarkus.oidc.OidcTenantConfig +++ b/_generated-doc/main/config/all-configuration-groups-generated-doc/io.quarkus.oidc.OidcTenantConfig @@ -1 +1 @@ -[{"configDocKey":{"type":"string","key":".auth-server-url","additionalKeys":[],"configDoc":"The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. OIDC discovery endpoint will be called by default by appending a '.well-known/openid-configuration' path to this URL. Note if you work with Keycloak OIDC server, make sure the base URL is in the following format: `https://host:port/realms/++{++realm++}++` where `++{++realm++}++` has to be replaced by the name of the Keycloak realm.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"auth-server-url","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":".discovery-enabled","additionalKeys":[],"configDoc":"Enables OIDC discovery. If the discovery is disabled then the OIDC endpoint URLs must be configured individually.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"discovery-enabled","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".token-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC token endpoint which issues access and refresh tokens.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"token-path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".revoke-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC token revocation endpoint.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"revoke-path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".client-id","additionalKeys":[],"configDoc":"The client-id of the application. Each application has a client-id that is used to identify the application","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"client-id","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".connection-delay","additionalKeys":[],"configDoc":"The maximum amount of time connecting to the currently unavailable OIDC server will be attempted for. The number of times the connection request will be repeated is calculated by dividing the value of this property by 2. For example, setting it to `20S` will allow for requesting the connection up to 10 times with a 2 seconds delay between the retries. Note this property is only effective when the initial OIDC connection is created, for example, when requesting a well-known OIDC configuration. Use the 'connection-retry-count' property to support trying to re-establish an already available connection which may have been dropped.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"connection-delay","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"int","key":".connection-retry-count","additionalKeys":[],"configDoc":"The number of times an attempt to re-establish an already available connection will be repeated for. Note this property is different to the `connection-delay` property which is only effective during the initial OIDC connection creation. This property is used to try to recover the existing connection which may have been temporarily lost. For example, if a request to the OIDC token endpoint fails due to a connection exception then the request will be retried for a number of times configured by this property.","withinAMap":false,"defaultValue":"3","javaDocSiteLink":"","docMapKey":"connection-retry-count","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".connection-timeout","additionalKeys":[],"configDoc":"The amount of time after which the current OIDC connection request will time out.","withinAMap":false,"defaultValue":"10S","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"connection-timeout","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":".max-pool-size","additionalKeys":[],"configDoc":"The maximum size of the connection pool used by the WebClient","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"max-pool-size","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocSection":{"name":"","optional":false,"withinAMap":false,"sectionDetails":null,"sectionDetailsTitle":".credentials","configPhase":"BUILD_TIME","topLevelGrouping":"","configGroupType":"io.quarkus.oidc.common.runtime.OidcCommonConfig.Credentials","showSection":false,"configDocItems":[{"configDocKey":{"type":"string","key":".credentials.secret","additionalKeys":[],"configDoc":"Client secret which is used for a `client_secret_basic` authentication method. Note that a 'client-secret.value' can be used instead but both properties are mutually exclusive.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"secret","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.client-secret.value","additionalKeys":[],"configDoc":"The client secret value - it will be ignored if 'secret.key' is set","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"value","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.client-secret.provider.name","additionalKeys":[],"configDoc":"The CredentialsProvider name which should only be set if more than one CredentialsProvider is registered","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"name","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.client-secret.provider.key","additionalKeys":[],"configDoc":"The CredentialsProvider client secret key","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.common.runtime.OidcCommonConfig.Credentials.Secret.Method","key":".credentials.client-secret.method","additionalKeys":[],"configDoc":"Authentication method.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"method","configPhase":"BUILD_TIME","acceptedValues":["tooltip:basic[client_secret_basic (default): client id and secret are submitted with the HTTP Authorization Basic scheme]","tooltip:post[client_secret_post: client id and secret are submitted as the 'client_id' and 'client_secret' form parameters.]","tooltip:post-jwt[client_secret_jwt: client id and generated JWT secret are submitted as the 'client_id' and 'client_secret' form parameters.]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":true}},{"configDocKey":{"type":"string","key":".credentials.jwt.secret","additionalKeys":[],"configDoc":"If provided, indicates that JWT is signed using a secret key","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"secret","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.jwt.secret-provider.name","additionalKeys":[],"configDoc":"The CredentialsProvider name which should only be set if more than one CredentialsProvider is registered","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"name","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.jwt.secret-provider.key","additionalKeys":[],"configDoc":"The CredentialsProvider client secret key","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.jwt.key-file","additionalKeys":[],"configDoc":"If provided, indicates that JWT is signed using a private key in PEM or JWK format. You can use the `signature-algorithm` property to specify the key algorithm.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-file","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.jwt.key-store-file","additionalKeys":[],"configDoc":"If provided, indicates that JWT is signed using a private key from a key store","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-file","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.jwt.key-store-password","additionalKeys":[],"configDoc":"A parameter to specify the password of the key store file.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-password","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.jwt.key-id","additionalKeys":[],"configDoc":"The private key id/alias","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-id","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.jwt.key-password","additionalKeys":[],"configDoc":"The private key password","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-password","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.jwt.audience","additionalKeys":[],"configDoc":"JWT audience ('aud') claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"audience","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.jwt.token-key-id","additionalKeys":[],"configDoc":"Key identifier of the signing key added as a JWT 'kid' header","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"token-key-id","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.jwt.issuer","additionalKeys":[],"configDoc":"Issuer of the signing key added as a JWT 'iss' claim (default: client id)","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"issuer","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.jwt.subject","additionalKeys":[],"configDoc":"Subject of the signing key added as a JWT 'sub' claim (default: client id)","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"subject","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"`Map`","key":".credentials.jwt.claims","additionalKeys":[],"configDoc":"Additional claims.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"claims","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.jwt.signature-algorithm","additionalKeys":[],"configDoc":"Signature algorithm, also used for the `key-file` property. Supported values: RS256, RS384, RS512, PS256, PS384, PS512, ES256, ES384, ES512, HS256, HS384, HS512.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"signature-algorithm","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"int","key":".credentials.jwt.lifespan","additionalKeys":[],"configDoc":"JWT life-span in seconds. It will be added to the time it was issued at to calculate the expiration time.","withinAMap":false,"defaultValue":"10","javaDocSiteLink":"","docMapKey":"lifespan","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}],"anchorPrefix":null}},{"configDocSection":{"name":"","optional":false,"withinAMap":false,"sectionDetails":null,"sectionDetailsTitle":".proxy","configPhase":"BUILD_TIME","topLevelGrouping":"","configGroupType":"io.quarkus.oidc.common.runtime.OidcCommonConfig.Proxy","showSection":false,"configDocItems":[{"configDocKey":{"type":"string","key":".proxy.host","additionalKeys":[],"configDoc":"The host (name or IP address) of the Proxy. +\nNote: If OIDC adapter needs to use a Proxy to talk with OIDC server (Provider), then at least the \"host\" config item must be configured to enable the usage of a Proxy.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"host","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"int","key":".proxy.port","additionalKeys":[],"configDoc":"The port number of the Proxy. Default value is 80.","withinAMap":false,"defaultValue":"80","javaDocSiteLink":"","docMapKey":"port","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".proxy.username","additionalKeys":[],"configDoc":"The username, if Proxy needs authentication.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"username","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".proxy.password","additionalKeys":[],"configDoc":"The password, if Proxy needs authentication.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"password","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}],"anchorPrefix":null}},{"configDocSection":{"name":"","optional":false,"withinAMap":false,"sectionDetails":null,"sectionDetailsTitle":".tls","configPhase":"BUILD_TIME","topLevelGrouping":"","configGroupType":"io.quarkus.oidc.common.runtime.OidcCommonConfig.Tls","showSection":false,"configDocItems":[{"configDocKey":{"type":"io.quarkus.oidc.common.runtime.OidcCommonConfig.Tls.Verification","key":".tls.verification","additionalKeys":[],"configDoc":"Certificate validation and hostname verification, which can be one of the following values from enum `Verification`. Default is required.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"verification","configPhase":"BUILD_TIME","acceptedValues":["tooltip:required[Certificates are validated and hostname verification is enabled. This is the default value.]","tooltip:certificate-validation[Certificates are validated but hostname verification is disabled.]","tooltip:none[All certificated are trusted and hostname verification is disabled.]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":true}},{"configDocKey":{"type":"path","key":".tls.key-store-file","additionalKeys":[],"configDoc":"An optional key store which holds the certificate information instead of specifying separate files.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-file","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".tls.key-store-file-type","additionalKeys":[],"configDoc":"An optional parameter to specify type of the key store file. If not given, the type is automatically detected based on the file name.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-file-type","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".tls.key-store-provider","additionalKeys":[],"configDoc":"An optional parameter to specify a provider of the key store file. If not given, the provider is automatically detected based on the key store file type.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-provider","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".tls.key-store-password","additionalKeys":[],"configDoc":"A parameter to specify the password of the key store file. If not given, the default (\"password\") is used.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-password","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".tls.key-store-key-alias","additionalKeys":[],"configDoc":"An optional parameter to select a specific key in the key store. When SNI is disabled, if the key store contains multiple keys and no alias is specified, the behavior is undefined.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-key-alias","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".tls.key-store-key-password","additionalKeys":[],"configDoc":"An optional parameter to define the password for the key, in case it's different from `key-store-password`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-key-password","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"path","key":".tls.trust-store-file","additionalKeys":[],"configDoc":"An optional trust store which holds the certificate information of the certificates to trust","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-file","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".tls.trust-store-password","additionalKeys":[],"configDoc":"A parameter to specify the password of the trust store file.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-password","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".tls.trust-store-cert-alias","additionalKeys":[],"configDoc":"A parameter to specify the alias of the trust store certificate.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-cert-alias","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".tls.trust-store-file-type","additionalKeys":[],"configDoc":"An optional parameter to specify type of the trust store file. If not given, the type is automatically detected based on the file name.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-file-type","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".tls.trust-store-provider","additionalKeys":[],"configDoc":"An optional parameter to specify a provider of the trust store file. If not given, the provider is automatically detected based on the trust store file type.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-provider","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}],"anchorPrefix":null}},{"configDocKey":{"type":"string","key":".tenant-id","additionalKeys":[],"configDoc":"A unique tenant identifier. It must be set by `TenantConfigResolver` providers which resolve the tenant configuration dynamically and is optional in all other cases.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"tenant-id","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".tenant-enabled","additionalKeys":[],"configDoc":"If this tenant configuration is enabled. Note that the default tenant will be disabled if it is not configured but either `TenantConfigResolver` which will resolve tenant configurations is registered or named tenants are configured. You do not have to disable the default tenant in this case.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"tenant-enabled","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.ApplicationType","key":".application-type","additionalKeys":[],"configDoc":"The application type, which can be one of the following values from enum `ApplicationType`.","withinAMap":false,"defaultValue":"service","javaDocSiteLink":"","docMapKey":"application-type","configPhase":"BUILD_TIME","acceptedValues":["tooltip:web-app[A `WEB_APP` is a client that serves pages, usually a frontend application. For this type of client the Authorization Code Flow is defined as the preferred method for authenticating users.]","tooltip:service[A `SERVICE` is a client that has a set of protected HTTP resources, usually a backend application following the RESTful Architectural Design. For this type of client, the Bearer Authorization method is defined as the preferred method for authenticating and authorizing users.]","tooltip:hybrid[A combined `SERVICE` and `WEB_APP` client. For this type of client, the Bearer Authorization method will be used if the Authorization header is set and Authorization Code Flow - if not.]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":true}},{"configDocKey":{"type":"string","key":".authorization-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC authorization endpoint which authenticates the users. This property must be set for the 'web-app' applications if OIDC discovery is disabled. This property will be ignored if the discovery is enabled.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"authorization-path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".user-info-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC userinfo endpoint. This property must only be set for the 'web-app' applications if OIDC discovery is disabled and 'authentication.user-info-required' property is enabled. This property will be ignored if the discovery is enabled.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"user-info-path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".introspection-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC RFC7662 introspection endpoint which can introspect both opaque and JWT tokens. This property must be set if OIDC discovery is disabled and 1) the opaque bearer access tokens have to be verified or 2) JWT tokens have to be verified while the cached JWK verification set with no matching JWK is being refreshed. This property will be ignored if the discovery is enabled.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"introspection-path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".jwks-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC JWKS endpoint which returns a JSON Web Key Verification Set. This property should be set if OIDC discovery is disabled and the local JWT verification is required. This property will be ignored if the discovery is enabled.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"jwks-path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".end-session-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC end_session_endpoint. This property must be set if OIDC discovery is disabled and RP Initiated Logout support for the 'web-app' applications is required. This property will be ignored if the discovery is enabled.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"end-session-path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".public-key","additionalKeys":[],"configDoc":"Public key for the local JWT token verification. OIDC server connection will not be created when this property is set.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"public-key","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocSection":{"name":"","optional":false,"withinAMap":false,"sectionDetails":null,"sectionDetailsTitle":".introspection-credentials","configPhase":"BUILD_TIME","topLevelGrouping":"","configGroupType":"io.quarkus.oidc.OidcTenantConfig.IntrospectionCredentials","showSection":false,"configDocItems":[{"configDocKey":{"type":"string","key":".introspection-credentials.name","additionalKeys":[],"configDoc":"Name","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"name","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".introspection-credentials.secret","additionalKeys":[],"configDoc":"Secret","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"secret","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".introspection-credentials.include-client-id","additionalKeys":[],"configDoc":"Include OpenId Connect Client ID configured with 'quarkus.oidc.client-id'","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"include-client-id","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}],"anchorPrefix":null}},{"configDocSection":{"name":"","optional":false,"withinAMap":false,"sectionDetails":null,"sectionDetailsTitle":".roles","configPhase":"BUILD_TIME","topLevelGrouping":"","configGroupType":"io.quarkus.oidc.OidcTenantConfig.Roles","showSection":false,"configDocItems":[{"configDocKey":{"type":"string","key":".roles.role-claim-path","additionalKeys":[],"configDoc":"List of paths to claims containing an array of groups. Each path starts from the top level JWT JSON object and can contain multiple segments where each segment represents a JSON object name only, example: \"realm/groups\". Use double quotes with the namespace qualified claim names. This property can be used if a token has no 'groups' claim but has the groups set in one or more different claims.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"role-claim-path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".roles.role-claim-separator","additionalKeys":[],"configDoc":"Separator for splitting a string which may contain multiple group values. It will only be used if the \"role-claim-path\" property points to one or more custom claims whose values are strings. A single space will be used by default because the standard 'scope' claim may contain a space separated sequence.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"role-claim-separator","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.Roles.Source","key":".roles.source","additionalKeys":[],"configDoc":"Source of the principal roles.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"source","configPhase":"BUILD_TIME","acceptedValues":["tooltip:idtoken[ID Token - the default value for the 'web-app' applications.]","tooltip:accesstoken[Access Token - the default value for the 'service' applications; can also be used as the source of roles for the 'web-app' applications.]","tooltip:userinfo[User Info]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":true}}],"anchorPrefix":null}},{"configDocSection":{"name":"","optional":false,"withinAMap":false,"sectionDetails":null,"sectionDetailsTitle":".token","configPhase":"BUILD_TIME","topLevelGrouping":"","configGroupType":"io.quarkus.oidc.OidcTenantConfig.Token","showSection":false,"configDocItems":[{"configDocKey":{"type":"string","key":".token.issuer","additionalKeys":[],"configDoc":"Expected issuer 'iss' claim value. Note this property overrides the `issuer` property which may be set in OpenId Connect provider's well-known configuration. If the `iss` claim value varies depending on the host/IP address or tenant id of the provider then you may skip the issuer verification by setting this property to 'any' but it should be done only when other options (such as configuring the provider to use the fixed `iss` claim value) are not possible.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"issuer","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".token.audience","additionalKeys":[],"configDoc":"Expected audience 'aud' claim value which may be a string or an array of strings. Note the audience claim will be verified for ID tokens by default. ID token audience must be equal to the value of `quarkus.oidc.client-id` property. Use this property to override the expected value if your OpenID Connect provider sets a different audience claim value in ID tokens. Set it to `any` if your provider does not set ID token audience` claim. Audience verification for access tokens will only be done if this property is configured.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"audience","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".token.subject-required","additionalKeys":[],"configDoc":"Require that the token includes a `sub` (subject) claim which is a unique and never reassigned identifier for the current user. Note that if you enable this property and if UserInfo is also required then both the token and UserInfo `sub` claims must be present and match each other.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"subject-required","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"`Map`","key":".token.required-claims","additionalKeys":[],"configDoc":"A map of required claims and their expected values. For example, `quarkus.oidc.token.required-claims.org_id = org_xyz` would require tokens to have the `org_id` claim to be present and set to `org_xyz`. Strings are the only supported types. Use `SecurityIdentityAugmentor` to verify claims of other types or complex claims.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"claim-name","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".token.token-type","additionalKeys":[],"configDoc":"Expected token type","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"token-type","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":".token.lifespan-grace","additionalKeys":[],"configDoc":"Life span grace period in seconds. When checking token expiry, current time is allowed to be later than token expiration time by at most the configured number of seconds. When checking token issuance, current time is allowed to be sooner than token issue time by at most the configured number of seconds.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"lifespan-grace","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".token.age","additionalKeys":[],"configDoc":"Token age. It allows for the number of seconds to be specified that must not elapse since the `iat` (issued at) time. A small leeway to account for clock skew which can be configured with 'quarkus.oidc.token.lifespan-grace' to verify the token expiry time can also be used to verify the token age property. Note that setting this property does not relax the requirement that Bearer and Code Flow JWT tokens must have a valid ('exp') expiry claim value. The only exception where setting this property relaxes the requirement is when a logout token is sent with a back-channel logout request since the current OpenId Connect Back-Channel specification does not explicitly require the logout tokens to contain an 'exp' claim. However, even if the current logout token is allowed to have no 'exp' claim, the `exp` claim will be still verified if the logout token contains it.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"age","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".token.principal-claim","additionalKeys":[],"configDoc":"Name of the claim which contains a principal name. By default, the 'upn', 'preferred_username' and `sub` claims are checked.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"principal-claim","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".token.refresh-expired","additionalKeys":[],"configDoc":"Refresh expired authorization code flow ID or access tokens. If this property is enabled then a refresh token request will be performed if the authorization code ID or access token has expired and, if successful, the local session will be updated with the new set of tokens. Otherwise, the local session will be invalidated and the user redirected to the OpenID Provider to re-authenticate. In this case the user may not be challenged again if the OIDC provider session is still active. For this option be effective the `authentication.session-age-extension` property should also be set to a non-zero value since the refresh token is currently kept in the user session. This option is valid only when the application is of type `ApplicationType++#++WEB_APP`++}++. This property will be enabled if `quarkus.oidc.token.refresh-token-time-skew` is configured, you do not have to enable this property manually in this case.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"refresh-expired","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".token.refresh-token-time-skew","additionalKeys":[],"configDoc":"Refresh token time skew in seconds. If this property is enabled then the configured number of seconds is added to the current time when checking if the authorization code ID or access token should be refreshed. If the sum is greater than the authorization code ID or access token's expiration time then a refresh is going to happen.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"refresh-token-time-skew","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".token.forced-jwk-refresh-interval","additionalKeys":[],"configDoc":"Forced JWK set refresh interval in minutes.","withinAMap":false,"defaultValue":"10M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"forced-jwk-refresh-interval","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".token.header","additionalKeys":[],"configDoc":"Custom HTTP header that contains a bearer token. This option is valid only when the application is of type `ApplicationType++#++SERVICE`++}++.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"header","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.SignatureAlgorithm","key":".token.signature-algorithm","additionalKeys":[],"configDoc":"Required signature algorithm. OIDC providers support many signature algorithms but if necessary you can restrict Quarkus application to accept tokens signed only using an algorithm configured with this property.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"signature-algorithm","configPhase":"BUILD_TIME","acceptedValues":["`rs256`","`rs384`","`rs512`","`ps256`","`ps384`","`ps512`","`es256`","`es384`","`es512`","`eddsa`"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":true}},{"configDocKey":{"type":"string","key":".token.decryption-key-location","additionalKeys":[],"configDoc":"Decryption key location. JWT tokens can be inner-signed and encrypted by OpenId Connect providers. However, it is not always possible to remotely introspect such tokens because the providers may not control the private decryption keys. In such cases set this property to point to the file containing the decryption private key in PEM or JSON Web Key (JWK) format. Note that if a 'private_key_jwt' client authentication method is used then the private key which is used to sign client authentication JWT tokens will be used to try to decrypt an encrypted ID token if this property is not set.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"decryption-key-location","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".token.allow-jwt-introspection","additionalKeys":[],"configDoc":"Allow the remote introspection of JWT tokens when no matching JWK key is available. Note this property is set to 'true' by default for backward-compatibility reasons and will be set to `false` instead in one of the next releases. Also note this property will be ignored if JWK endpoint URI is not available and introspecting the tokens is the only verification option.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-jwt-introspection","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".token.require-jwt-introspection-only","additionalKeys":[],"configDoc":"Require that JWT tokens are only introspected remotely.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"require-jwt-introspection-only","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".token.allow-opaque-token-introspection","additionalKeys":[],"configDoc":"Allow the remote introspection of the opaque tokens. Set this property to 'false' if only JWT tokens are expected.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-opaque-token-introspection","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".token.customizer-name","additionalKeys":[],"configDoc":"Token customizer name. Allows to select a tenant specific token customizer as a named bean. Prefer using `TenantFeature` qualifier when registering custom `TokenCustomizer`. Use this property only to refer to `TokenCustomizer` implementations provided by this extension.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"customizer-name","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":".token.verify-access-token-with-user-info","additionalKeys":[],"configDoc":"Indirectly verify that the opaque (binary) access token is valid by using it to request UserInfo. Opaque access token is considered valid if the provider accepted this token and returned a valid UserInfo. You should only enable this option if the opaque access tokens have to be accepted but OpenId Connect provider does not have a token introspection endpoint. This property will have no effect when JWT tokens have to be verified.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"verify-access-token-with-user-info","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}],"anchorPrefix":null}},{"configDocSection":{"name":"","optional":false,"withinAMap":false,"sectionDetails":null,"sectionDetailsTitle":".logout","configPhase":"BUILD_TIME","topLevelGrouping":"","configGroupType":"io.quarkus.oidc.OidcTenantConfig.Logout","showSection":false,"configDocItems":[{"configDocKey":{"type":"string","key":".logout.path","additionalKeys":[],"configDoc":"The relative path of the logout endpoint at the application. If provided, the application is able to initiate the logout through this endpoint in conformance with the OpenID Connect RP-Initiated Logout specification.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".logout.post-logout-path","additionalKeys":[],"configDoc":"Relative path of the application endpoint where the user should be redirected to after logging out from the OpenID Connect Provider. This endpoint URI must be properly registered at the OpenID Connect Provider as a valid redirect URI.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"post-logout-path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".logout.post-logout-uri-param","additionalKeys":[],"configDoc":"Name of the post logout URI parameter which will be added as a query parameter to the logout redirect URI.","withinAMap":false,"defaultValue":"post_logout_redirect_uri","javaDocSiteLink":"","docMapKey":"post-logout-uri-param","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"`Map`","key":".logout.extra-params","additionalKeys":[],"configDoc":"Additional properties which will be added as the query parameters to the logout redirect URI.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"extra-params","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".logout.backchannel.path","additionalKeys":[],"configDoc":"The relative path of the Back-Channel Logout endpoint at the application.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"int","key":".logout.backchannel.token-cache-size","additionalKeys":[],"configDoc":"Maximum number of logout tokens that can be cached before they are matched against ID tokens stored in session cookies.","withinAMap":false,"defaultValue":"10","javaDocSiteLink":"","docMapKey":"token-cache-size","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".logout.backchannel.token-cache-time-to-live","additionalKeys":[],"configDoc":"Number of minutes a logout token can be cached for.","withinAMap":false,"defaultValue":"10M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"token-cache-time-to-live","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".logout.backchannel.clean-up-timer-interval","additionalKeys":[],"configDoc":"Token cache timer interval. If this property is set then a timer will check and remove the stale entries periodically.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"clean-up-timer-interval","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".logout.backchannel.logout-token-key","additionalKeys":[],"configDoc":"Logout token claim whose value will be used as a key for caching the tokens. Only `sub` (subject) and `sid` (session id) claims can be used as keys. Set it to `sid` only if ID tokens issued by the OIDC provider have no `sub` but have `sid` claim.","withinAMap":false,"defaultValue":"sub","javaDocSiteLink":"","docMapKey":"logout-token-key","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".logout.frontchannel.path","additionalKeys":[],"configDoc":"The relative path of the Front-Channel Logout endpoint at the application.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}],"anchorPrefix":null}},{"configDocSection":{"name":"","optional":false,"withinAMap":false,"sectionDetails":null,"sectionDetailsTitle":".authentication","configPhase":"BUILD_TIME","topLevelGrouping":"","configGroupType":"io.quarkus.oidc.OidcTenantConfig.Authentication","showSection":false,"configDocItems":[{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.Authentication.ResponseMode","key":".authentication.response-mode","additionalKeys":[],"configDoc":"Authorization code flow response mode","withinAMap":false,"defaultValue":"query","javaDocSiteLink":"","docMapKey":"response-mode","configPhase":"BUILD_TIME","acceptedValues":["tooltip:query[Authorization response parameters are encoded in the query string added to the redirect_uri]","tooltip:form-post[Authorization response parameters are encoded as HTML form values that are auto-submitted in the browser and transmitted via the HTTP POST method using the application/x-www-form-urlencoded content type]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":true}},{"configDocKey":{"type":"string","key":".authentication.redirect-path","additionalKeys":[],"configDoc":"Relative path for calculating a \"redirect_uri\" query parameter. It has to start from a forward slash and will be appended to the request URI's host and port. For example, if the current request URI is 'https://localhost:8080/service' then a 'redirect_uri' parameter will be set to 'https://localhost:8080/' if this property is set to '/' and be the same as the request URI if this property has not been configured. Note the original request URI will be restored after the user has authenticated if 'restorePathAfterRedirect' is set to 'true'.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"redirect-path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".authentication.restore-path-after-redirect","additionalKeys":[],"configDoc":"If this property is set to 'true' then the original request URI which was used before the authentication will be restored after the user has been redirected back to the application. Note if `redirectPath` property is not set, the original request URI will be restored even if this property is disabled.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"restore-path-after-redirect","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".authentication.remove-redirect-parameters","additionalKeys":[],"configDoc":"Remove the query parameters such as 'code' and 'state' set by the OIDC server on the redirect URI after the user has authenticated by redirecting a user to the same URI but without the query parameters.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"remove-redirect-parameters","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".authentication.error-path","additionalKeys":[],"configDoc":"Relative path to the public endpoint which will process the error response from the OIDC authorization endpoint. If the user authentication has failed then the OIDC provider will return an 'error' and an optional 'error_description' parameters, instead of the expected authorization 'code'. If this property is set then the user will be redirected to the endpoint which can return a user-friendly error description page. It has to start from a forward slash and will be appended to the request URI's host and port. For example, if it is set as '/error' and the current request URI is 'https://localhost:8080/callback?error=invalid_scope' then a redirect will be made to 'https://localhost:8080/error?error=invalid_scope'. If this property is not set then HTTP 401 status will be returned in case of the user authentication failure.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"error-path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".authentication.verify-access-token","additionalKeys":[],"configDoc":"Both ID and access tokens are fetched from the OIDC provider as part of the authorization code flow. ID token is always verified on every user request as the primary token which is used to represent the principal and extract the roles. Access token is not verified by default since it is meant to be propagated to the downstream services. The verification of the access token should be enabled if it is injected as a JWT token. Access tokens obtained as part of the code flow will always be verified if `quarkus.oidc.roles.source` property is set to `accesstoken` which means the authorization decision will be based on the roles extracted from the access token. Bearer access tokens are always verified.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"verify-access-token","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":".authentication.force-redirect-https-scheme","additionalKeys":[],"configDoc":"Force 'https' as the 'redirect_uri' parameter scheme when running behind an SSL terminating reverse proxy. This property, if enabled, will also affect the logout `post_logout_redirect_uri` and the local redirect requests.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"force-redirect-https-scheme","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".authentication.scopes","additionalKeys":[],"configDoc":"List of scopes","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"scopes","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".authentication.nonce-required","additionalKeys":[],"configDoc":"Require that ID token includes a `nonce` claim which must match `nonce` authentication request query parameter. Enabling this property can help mitigate replay attacks. Do not enable this property if your OpenId Connect provider does not support setting `nonce` in ID token or if you work with OAuth2 provider such as `GitHub` which does not issue ID tokens.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"nonce-required","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":".authentication.add-openid-scope","additionalKeys":[],"configDoc":"Add the 'openid' scope automatically to the list of scopes. This is required for OpenId Connect providers but will not work for OAuth2 providers such as Twitter OAuth2 which does not accept that scope and throws an error.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"add-openid-scope","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"`Map`","key":".authentication.extra-params","additionalKeys":[],"configDoc":"Additional properties which will be added as the query parameters to the authentication redirect URI.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"extra-params","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".authentication.forward-params","additionalKeys":[],"configDoc":"Request URL query parameters which, if present, will be added to the authentication redirect URI.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"forward-params","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".authentication.cookie-force-secure","additionalKeys":[],"configDoc":"If enabled the state, session and post logout cookies will have their 'secure' parameter set to 'true' when HTTP is used. It may be necessary when running behind an SSL terminating reverse proxy. The cookies will always be secure if HTTPS is used even if this property is set to false.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"cookie-force-secure","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".authentication.cookie-suffix","additionalKeys":[],"configDoc":"Cookie name suffix. For example, a session cookie name for the default OIDC tenant is 'q_session' but can be changed to 'q_session_test' if this property is set to 'test'.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"cookie-suffix","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".authentication.cookie-path","additionalKeys":[],"configDoc":"Cookie path parameter value which, if set, will be used to set a path parameter for the session, state and post logout cookies. The `cookie-path-header` property, if set, will be checked first.","withinAMap":false,"defaultValue":"/","javaDocSiteLink":"","docMapKey":"cookie-path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".authentication.cookie-path-header","additionalKeys":[],"configDoc":"Cookie path header parameter value which, if set, identifies the incoming HTTP header whose value will be used to set a path parameter for the session, state and post logout cookies. If the header is missing then the `cookie-path` property will be checked.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"cookie-path-header","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".authentication.cookie-domain","additionalKeys":[],"configDoc":"Cookie domain parameter value which, if set, will be used for the session, state and post logout cookies.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"cookie-domain","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.Authentication.CookieSameSite","key":".authentication.cookie-same-site","additionalKeys":[],"configDoc":"SameSite attribute for the session cookie.","withinAMap":false,"defaultValue":"lax","javaDocSiteLink":"","docMapKey":"cookie-same-site","configPhase":"BUILD_TIME","acceptedValues":["`strict`","`lax`","`none`"],"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":true}},{"configDocKey":{"type":"boolean","key":".authentication.allow-multiple-code-flows","additionalKeys":[],"configDoc":"If a state cookie is present then a `state` query parameter must also be present and both the state cookie name suffix and state cookie value have to match the value of the `state` query parameter when the redirect path matches the current path. However, if multiple authentications are attempted from the same browser, for example, from the different browser tabs, then the currently available state cookie may represent the authentication flow initiated from another tab and not related to the current request. Disable this property if you would like to avoid supporting multiple authorization code flows running in the same browser.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-multiple-code-flows","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".authentication.fail-on-missing-state-param","additionalKeys":[],"configDoc":"Fail with the HTTP 401 error if the state cookie is present but no state query parameter is present.\n\nWhen either multiple authentications are disabled or the redirect URL matches the original request URL, the stale state cookie might remain in the browser cache from the earlier failed redirect to an OpenId Connect provider and be visible during the current request. For example, if Single-page application (SPA) uses XHR to handle redirects to the provider which does not support CORS for its authorization endpoint, the browser will block it and the state cookie created by Quarkus will remain in the browser cache. Quarkus will report an authentication failure when it will detect such an old state cookie but find no matching state query parameter.\n\nReporting HTTP 401 error is usually the right thing to do in such cases, it will minimize a risk of the browser redirect loop but also can identify problems in the way SPA or Quarkus application manage redirects. For example, enabling `java-script-auto-redirect` or having the provider redirect to URL configured with `redirect-path` may be needed to avoid such errors.\n\nHowever, setting this property to `false` may help if the above options are not suitable. It will cause a new authentication redirect to OpenId Connect provider. Please be aware doing so may increase the risk of browser redirect loops.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"fail-on-missing-state-param","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":".authentication.user-info-required","additionalKeys":[],"configDoc":"If this property is set to 'true' then an OIDC UserInfo endpoint will be called. This property will be enabled if `quarkus.oidc.roles.source` is `userinfo` or `quarkus.oidc.token.verify-access-token-with-user-info` is `true` or `quarkus.oidc.authentication.id-token-required` is set to `false`, you do not have to enable this property manually in these cases.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"user-info-required","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".authentication.session-age-extension","additionalKeys":[],"configDoc":"Session age extension in minutes. The user session age property is set to the value of the ID token life-span by default and the user will be redirected to the OIDC provider to re-authenticate once the session has expired. If this property is set to a non-zero value then the expired ID token can be refreshed before the session has expired. This property will be ignored if the `token.refresh-expired` property has not been enabled.","withinAMap":false,"defaultValue":"5M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"session-age-extension","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".authentication.java-script-auto-redirect","additionalKeys":[],"configDoc":"If this property is set to 'true' then a normal 302 redirect response will be returned if the request was initiated via JavaScript API such as XMLHttpRequest or Fetch and the current user needs to be (re)authenticated which may not be desirable for Single-page applications (SPA) since it automatically following the redirect may not work given that OIDC authorization endpoints typically do not support CORS.\n\nIf this property is set to 'false' then a status code of '499' will be returned to allow SPA to handle the redirect manually if a request header identifying current request as a JavaScript request is found. 'X-Requested-With' request header with its value set to either `JavaScript` or `XMLHttpRequest` is expected by default if this property is enabled. You can register a custom `JavaScriptRequestChecker` to do a custom JavaScript request check instead.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"java-script-auto-redirect","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":".authentication.id-token-required","additionalKeys":[],"configDoc":"Requires that ID token is available when the authorization code flow completes. Disable this property only when you need to use the authorization code flow with OAuth2 providers which do not return ID token - an internal IdToken will be generated in such cases.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"id-token-required","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".authentication.internal-id-token-lifespan","additionalKeys":[],"configDoc":"Internal ID token lifespan. This property is only checked when an internal IdToken is generated when Oauth2 providers do not return IdToken.","withinAMap":false,"defaultValue":"5M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"internal-id-token-lifespan","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":".authentication.pkce-required","additionalKeys":[],"configDoc":"Requires that a Proof Key for Code Exchange (PKCE) is used.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"pkce-required","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".authentication.state-secret","additionalKeys":[],"configDoc":"Secret which will be used to encrypt Proof Key for Code Exchange (PKCE) code verifier and/or nonce in the code flow state. This secret should be at least 32 characters long.\n\nIf this secret is not set, the client secret configured with either `quarkus.oidc.credentials.secret` or `quarkus.oidc.credentials.client-secret.value` will be checked. Finally, `quarkus.oidc.credentials.jwt.secret` which can be used for `client_jwt_secret` authentication will be checked. Client secret will not be used as a state encryption secret if it is less than 32 characters long.\n\nThe secret will be auto-generated if it remains uninitialized after checking all of these properties.\n\nError will be reported if the secret length is less than 16 characters.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"state-secret","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}],"anchorPrefix":null}},{"configDocSection":{"name":"","optional":false,"withinAMap":false,"sectionDetails":null,"sectionDetailsTitle":".code-grant","configPhase":"BUILD_TIME","topLevelGrouping":"","configGroupType":"io.quarkus.oidc.OidcTenantConfig.CodeGrant","showSection":false,"configDocItems":[{"configDocKey":{"type":"`Map`","key":".code-grant.extra-params","additionalKeys":[],"configDoc":"Additional parameters, in addition to the required `code` and `redirect-uri` parameters, which have to be included to complete the authorization code grant request.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"extra-params","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"`Map`","key":".code-grant.headers","additionalKeys":[],"configDoc":"Custom HTTP headers which have to be sent to complete the authorization code grant request.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"headers","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}],"anchorPrefix":null}},{"configDocSection":{"name":"","optional":false,"withinAMap":false,"sectionDetails":null,"sectionDetailsTitle":".token-state-manager","configPhase":"BUILD_TIME","topLevelGrouping":"","configGroupType":"io.quarkus.oidc.OidcTenantConfig.TokenStateManager","showSection":false,"configDocItems":[{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.TokenStateManager.Strategy","key":".token-state-manager.strategy","additionalKeys":[],"configDoc":"Default TokenStateManager strategy.","withinAMap":false,"defaultValue":"keep-all-tokens","javaDocSiteLink":"","docMapKey":"strategy","configPhase":"BUILD_TIME","acceptedValues":["tooltip:keep-all-tokens[Keep ID, access and refresh tokens.]","tooltip:id-token[Keep ID token only]","tooltip:id-refresh-tokens[Keep ID and refresh tokens only]"],"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":true}},{"configDocKey":{"type":"boolean","key":".token-state-manager.split-tokens","additionalKeys":[],"configDoc":"Default TokenStateManager keeps all tokens (ID, access and refresh) returned in the authorization code grant response in a single session cookie by default. Enable this property to minimize a session cookie size","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"split-tokens","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".token-state-manager.encryption-required","additionalKeys":[],"configDoc":"Mandates that the session cookie that stores the tokens is encrypted.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"encryption-required","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".token-state-manager.encryption-secret","additionalKeys":[],"configDoc":"Secret which will be used to encrypt the session cookie storing the tokens when `encryption-required` property is enabled.\n\nIf this secret is not set, the client secret configured with either `quarkus.oidc.credentials.secret` or `quarkus.oidc.credentials.client-secret.value` will be checked. Finally, `quarkus.oidc.credentials.jwt.secret` which can be used for `client_jwt_secret` authentication will be checked. The secret will be auto-generated if it remains uninitialized after checking all of these properties.\n\nThe length of the secret which will be used to encrypt the tokens should be at least 32 characters long. Warning will be logged if the secret length is less than 16 characters.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"encryption-secret","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}],"anchorPrefix":null}},{"configDocKey":{"type":"boolean","key":".allow-token-introspection-cache","additionalKeys":[],"configDoc":"Allow caching the token introspection data. Note enabling this property does not enable the cache itself but only permits to cache the token introspection for a given tenant. If the default token cache can be used then please see `OidcConfig.TokenCache` how to enable it.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-token-introspection-cache","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".allow-user-info-cache","additionalKeys":[],"configDoc":"Allow caching the user info data. Note enabling this property does not enable the cache itself but only permits to cache the user info data for a given tenant. If the default token cache can be used then please see `OidcConfig.TokenCache` how to enable it.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-user-info-cache","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".cache-user-info-in-idtoken","additionalKeys":[],"configDoc":"Allow inlining UserInfo in IdToken instead of caching it in the token cache. This property is only checked when an internal IdToken is generated when Oauth2 providers do not return IdToken. Inlining UserInfo in the generated IdToken allows to store it in the session cookie and avoids introducing a cached state.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"cache-user-info-in-idtoken","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.Provider","key":".provider","additionalKeys":[],"configDoc":"Well known OpenId Connect provider identifier","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"provider","configPhase":"BUILD_TIME","acceptedValues":["`apple`","`facebook`","`github`","`google`","`microsoft`","`spotify`","`twitch`","`twitter`","`x`"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":true}}] \ No newline at end of file +[{"configDocKey":{"type":"string","key":".auth-server-url","additionalKeys":[],"configDoc":"The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. OIDC discovery endpoint will be called by default by appending a '.well-known/openid-configuration' path to this URL. Note if you work with Keycloak OIDC server, make sure the base URL is in the following format: `https://host:port/realms/++{++realm++}++` where `++{++realm++}++` has to be replaced by the name of the Keycloak realm.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"auth-server-url","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":".discovery-enabled","additionalKeys":[],"configDoc":"Enables OIDC discovery. If the discovery is disabled then the OIDC endpoint URLs must be configured individually.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"discovery-enabled","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".token-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC token endpoint which issues access and refresh tokens.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"token-path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".revoke-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC token revocation endpoint.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"revoke-path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".client-id","additionalKeys":[],"configDoc":"The client-id of the application. Each application has a client-id that is used to identify the application","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"client-id","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".connection-delay","additionalKeys":[],"configDoc":"The maximum amount of time connecting to the currently unavailable OIDC server will be attempted for. The number of times the connection request will be repeated is calculated by dividing the value of this property by 2. For example, setting it to `20S` will allow for requesting the connection up to 10 times with a 2 seconds delay between the retries. Note this property is only effective when the initial OIDC connection is created, for example, when requesting a well-known OIDC configuration. Use the 'connection-retry-count' property to support trying to re-establish an already available connection which may have been dropped.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"connection-delay","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"int","key":".connection-retry-count","additionalKeys":[],"configDoc":"The number of times an attempt to re-establish an already available connection will be repeated for. Note this property is different to the `connection-delay` property which is only effective during the initial OIDC connection creation. This property is used to try to recover the existing connection which may have been temporarily lost. For example, if a request to the OIDC token endpoint fails due to a connection exception then the request will be retried for a number of times configured by this property.","withinAMap":false,"defaultValue":"3","javaDocSiteLink":"","docMapKey":"connection-retry-count","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".connection-timeout","additionalKeys":[],"configDoc":"The amount of time after which the current OIDC connection request will time out.","withinAMap":false,"defaultValue":"10S","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"connection-timeout","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":".max-pool-size","additionalKeys":[],"configDoc":"The maximum size of the connection pool used by the WebClient","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"max-pool-size","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocSection":{"name":"","optional":false,"withinAMap":false,"sectionDetails":null,"sectionDetailsTitle":".credentials","configPhase":"BUILD_TIME","topLevelGrouping":"","configGroupType":"io.quarkus.oidc.common.runtime.OidcCommonConfig.Credentials","showSection":false,"configDocItems":[{"configDocKey":{"type":"string","key":".credentials.secret","additionalKeys":[],"configDoc":"Client secret which is used for a `client_secret_basic` authentication method. Note that a 'client-secret.value' can be used instead but both properties are mutually exclusive.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"secret","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.client-secret.value","additionalKeys":[],"configDoc":"The client secret value - it will be ignored if 'secret.key' is set","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"value","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.client-secret.provider.name","additionalKeys":[],"configDoc":"The CredentialsProvider name which should only be set if more than one CredentialsProvider is registered","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"name","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.client-secret.provider.key","additionalKeys":[],"configDoc":"The CredentialsProvider client secret key","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.common.runtime.OidcCommonConfig.Credentials.Secret.Method","key":".credentials.client-secret.method","additionalKeys":[],"configDoc":"Authentication method.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"method","configPhase":"BUILD_TIME","acceptedValues":["tooltip:basic[client_secret_basic (default): client id and secret are submitted with the HTTP Authorization Basic scheme]","tooltip:post[client_secret_post: client id and secret are submitted as the 'client_id' and 'client_secret' form parameters.]","tooltip:post-jwt[client_secret_jwt: client id and generated JWT secret are submitted as the 'client_id' and 'client_secret' form parameters.]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":true}},{"configDocKey":{"type":"string","key":".credentials.jwt.secret","additionalKeys":[],"configDoc":"If provided, indicates that JWT is signed using a secret key","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"secret","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.jwt.secret-provider.name","additionalKeys":[],"configDoc":"The CredentialsProvider name which should only be set if more than one CredentialsProvider is registered","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"name","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.jwt.secret-provider.key","additionalKeys":[],"configDoc":"The CredentialsProvider client secret key","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.jwt.key-file","additionalKeys":[],"configDoc":"If provided, indicates that JWT is signed using a private key in PEM or JWK format. You can use the `signature-algorithm` property to specify the key algorithm.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-file","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.jwt.key-store-file","additionalKeys":[],"configDoc":"If provided, indicates that JWT is signed using a private key from a key store","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-file","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.jwt.key-store-password","additionalKeys":[],"configDoc":"A parameter to specify the password of the key store file.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-password","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.jwt.key-id","additionalKeys":[],"configDoc":"The private key id/alias","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-id","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.jwt.key-password","additionalKeys":[],"configDoc":"The private key password","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-password","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.jwt.audience","additionalKeys":[],"configDoc":"JWT audience ('aud') claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"audience","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.jwt.token-key-id","additionalKeys":[],"configDoc":"Key identifier of the signing key added as a JWT 'kid' header","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"token-key-id","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.jwt.issuer","additionalKeys":[],"configDoc":"Issuer of the signing key added as a JWT 'iss' claim (default: client id)","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"issuer","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.jwt.subject","additionalKeys":[],"configDoc":"Subject of the signing key added as a JWT 'sub' claim (default: client id)","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"subject","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"`Map`","key":".credentials.jwt.claims","additionalKeys":[],"configDoc":"Additional claims.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"claims","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".credentials.jwt.signature-algorithm","additionalKeys":[],"configDoc":"Signature algorithm, also used for the `key-file` property. Supported values: RS256, RS384, RS512, PS256, PS384, PS512, ES256, ES384, ES512, HS256, HS384, HS512.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"signature-algorithm","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"int","key":".credentials.jwt.lifespan","additionalKeys":[],"configDoc":"JWT life-span in seconds. It will be added to the time it was issued at to calculate the expiration time.","withinAMap":false,"defaultValue":"10","javaDocSiteLink":"","docMapKey":"lifespan","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}],"anchorPrefix":null}},{"configDocSection":{"name":"","optional":false,"withinAMap":false,"sectionDetails":null,"sectionDetailsTitle":".proxy","configPhase":"BUILD_TIME","topLevelGrouping":"","configGroupType":"io.quarkus.oidc.common.runtime.OidcCommonConfig.Proxy","showSection":false,"configDocItems":[{"configDocKey":{"type":"string","key":".proxy.host","additionalKeys":[],"configDoc":"The host (name or IP address) of the Proxy. +\nNote: If OIDC adapter needs to use a Proxy to talk with OIDC server (Provider), then at least the \"host\" config item must be configured to enable the usage of a Proxy.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"host","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"int","key":".proxy.port","additionalKeys":[],"configDoc":"The port number of the Proxy. Default value is 80.","withinAMap":false,"defaultValue":"80","javaDocSiteLink":"","docMapKey":"port","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".proxy.username","additionalKeys":[],"configDoc":"The username, if Proxy needs authentication.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"username","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".proxy.password","additionalKeys":[],"configDoc":"The password, if Proxy needs authentication.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"password","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}],"anchorPrefix":null}},{"configDocSection":{"name":"","optional":false,"withinAMap":false,"sectionDetails":null,"sectionDetailsTitle":".tls","configPhase":"BUILD_TIME","topLevelGrouping":"","configGroupType":"io.quarkus.oidc.common.runtime.OidcCommonConfig.Tls","showSection":false,"configDocItems":[{"configDocKey":{"type":"io.quarkus.oidc.common.runtime.OidcCommonConfig.Tls.Verification","key":".tls.verification","additionalKeys":[],"configDoc":"Certificate validation and hostname verification, which can be one of the following values from enum `Verification`. Default is required.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"verification","configPhase":"BUILD_TIME","acceptedValues":["tooltip:required[Certificates are validated and hostname verification is enabled. This is the default value.]","tooltip:certificate-validation[Certificates are validated but hostname verification is disabled.]","tooltip:none[All certificated are trusted and hostname verification is disabled.]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":true}},{"configDocKey":{"type":"path","key":".tls.key-store-file","additionalKeys":[],"configDoc":"An optional key store which holds the certificate information instead of specifying separate files.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-file","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".tls.key-store-file-type","additionalKeys":[],"configDoc":"An optional parameter to specify type of the key store file. If not given, the type is automatically detected based on the file name.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-file-type","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".tls.key-store-provider","additionalKeys":[],"configDoc":"An optional parameter to specify a provider of the key store file. If not given, the provider is automatically detected based on the key store file type.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-provider","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".tls.key-store-password","additionalKeys":[],"configDoc":"A parameter to specify the password of the key store file. If not given, the default (\"password\") is used.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-password","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".tls.key-store-key-alias","additionalKeys":[],"configDoc":"An optional parameter to select a specific key in the key store. When SNI is disabled, if the key store contains multiple keys and no alias is specified, the behavior is undefined.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-key-alias","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".tls.key-store-key-password","additionalKeys":[],"configDoc":"An optional parameter to define the password for the key, in case it's different from `key-store-password`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-key-password","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"path","key":".tls.trust-store-file","additionalKeys":[],"configDoc":"An optional trust store which holds the certificate information of the certificates to trust","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-file","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".tls.trust-store-password","additionalKeys":[],"configDoc":"A parameter to specify the password of the trust store file.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-password","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".tls.trust-store-cert-alias","additionalKeys":[],"configDoc":"A parameter to specify the alias of the trust store certificate.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-cert-alias","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".tls.trust-store-file-type","additionalKeys":[],"configDoc":"An optional parameter to specify type of the trust store file. If not given, the type is automatically detected based on the file name.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-file-type","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".tls.trust-store-provider","additionalKeys":[],"configDoc":"An optional parameter to specify a provider of the trust store file. If not given, the provider is automatically detected based on the trust store file type.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-provider","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}],"anchorPrefix":null}},{"configDocKey":{"type":"string","key":".tenant-id","additionalKeys":[],"configDoc":"A unique tenant identifier. It must be set by `TenantConfigResolver` providers which resolve the tenant configuration dynamically and is optional in all other cases.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"tenant-id","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".tenant-enabled","additionalKeys":[],"configDoc":"If this tenant configuration is enabled. Note that the default tenant will be disabled if it is not configured but either `TenantConfigResolver` which will resolve tenant configurations is registered or named tenants are configured. You do not have to disable the default tenant in this case.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"tenant-enabled","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.ApplicationType","key":".application-type","additionalKeys":[],"configDoc":"The application type, which can be one of the following values from enum `ApplicationType`.","withinAMap":false,"defaultValue":"service","javaDocSiteLink":"","docMapKey":"application-type","configPhase":"BUILD_TIME","acceptedValues":["tooltip:web-app[A `WEB_APP` is a client that serves pages, usually a frontend application. For this type of client the Authorization Code Flow is defined as the preferred method for authenticating users.]","tooltip:service[A `SERVICE` is a client that has a set of protected HTTP resources, usually a backend application following the RESTful Architectural Design. For this type of client, the Bearer Authorization method is defined as the preferred method for authenticating and authorizing users.]","tooltip:hybrid[A combined `SERVICE` and `WEB_APP` client. For this type of client, the Bearer Authorization method will be used if the Authorization header is set and Authorization Code Flow - if not.]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":true}},{"configDocKey":{"type":"string","key":".authorization-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC authorization endpoint which authenticates the users. This property must be set for the 'web-app' applications if OIDC discovery is disabled. This property will be ignored if the discovery is enabled.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"authorization-path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".user-info-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC userinfo endpoint. This property must only be set for the 'web-app' applications if OIDC discovery is disabled and 'authentication.user-info-required' property is enabled. This property will be ignored if the discovery is enabled.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"user-info-path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".introspection-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC RFC7662 introspection endpoint which can introspect both opaque and JWT tokens. This property must be set if OIDC discovery is disabled and 1) the opaque bearer access tokens have to be verified or 2) JWT tokens have to be verified while the cached JWK verification set with no matching JWK is being refreshed. This property will be ignored if the discovery is enabled.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"introspection-path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".jwks-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC JWKS endpoint which returns a JSON Web Key Verification Set. This property should be set if OIDC discovery is disabled and the local JWT verification is required. This property will be ignored if the discovery is enabled.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"jwks-path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".end-session-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC end_session_endpoint. This property must be set if OIDC discovery is disabled and RP Initiated Logout support for the 'web-app' applications is required. This property will be ignored if the discovery is enabled.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"end-session-path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".public-key","additionalKeys":[],"configDoc":"Public key for the local JWT token verification. OIDC server connection will not be created when this property is set.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"public-key","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocSection":{"name":"","optional":false,"withinAMap":false,"sectionDetails":null,"sectionDetailsTitle":".introspection-credentials","configPhase":"BUILD_TIME","topLevelGrouping":"","configGroupType":"io.quarkus.oidc.OidcTenantConfig.IntrospectionCredentials","showSection":false,"configDocItems":[{"configDocKey":{"type":"string","key":".introspection-credentials.name","additionalKeys":[],"configDoc":"Name","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"name","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".introspection-credentials.secret","additionalKeys":[],"configDoc":"Secret","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"secret","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".introspection-credentials.include-client-id","additionalKeys":[],"configDoc":"Include OpenId Connect Client ID configured with 'quarkus.oidc.client-id'","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"include-client-id","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}],"anchorPrefix":null}},{"configDocSection":{"name":"","optional":false,"withinAMap":false,"sectionDetails":null,"sectionDetailsTitle":".roles","configPhase":"BUILD_TIME","topLevelGrouping":"","configGroupType":"io.quarkus.oidc.OidcTenantConfig.Roles","showSection":false,"configDocItems":[{"configDocKey":{"type":"string","key":".roles.role-claim-path","additionalKeys":[],"configDoc":"List of paths to claims containing an array of groups. Each path starts from the top level JWT JSON object and can contain multiple segments where each segment represents a JSON object name only, example: \"realm/groups\". Use double quotes with the namespace qualified claim names. This property can be used if a token has no 'groups' claim but has the groups set in one or more different claims.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"role-claim-path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".roles.role-claim-separator","additionalKeys":[],"configDoc":"Separator for splitting a string which may contain multiple group values. It will only be used if the \"role-claim-path\" property points to one or more custom claims whose values are strings. A single space will be used by default because the standard 'scope' claim may contain a space separated sequence.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"role-claim-separator","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.Roles.Source","key":".roles.source","additionalKeys":[],"configDoc":"Source of the principal roles.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"source","configPhase":"BUILD_TIME","acceptedValues":["tooltip:idtoken[ID Token - the default value for the 'web-app' applications.]","tooltip:accesstoken[Access Token - the default value for the 'service' applications; can also be used as the source of roles for the 'web-app' applications.]","tooltip:userinfo[User Info]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":true}}],"anchorPrefix":null}},{"configDocSection":{"name":"","optional":false,"withinAMap":false,"sectionDetails":null,"sectionDetailsTitle":".token","configPhase":"BUILD_TIME","topLevelGrouping":"","configGroupType":"io.quarkus.oidc.OidcTenantConfig.Token","showSection":false,"configDocItems":[{"configDocKey":{"type":"string","key":".token.issuer","additionalKeys":[],"configDoc":"Expected issuer 'iss' claim value. Note this property overrides the `issuer` property which may be set in OpenId Connect provider's well-known configuration. If the `iss` claim value varies depending on the host/IP address or tenant id of the provider then you may skip the issuer verification by setting this property to 'any' but it should be done only when other options (such as configuring the provider to use the fixed `iss` claim value) are not possible.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"issuer","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".token.audience","additionalKeys":[],"configDoc":"Expected audience 'aud' claim value which may be a string or an array of strings. Note the audience claim will be verified for ID tokens by default. ID token audience must be equal to the value of `quarkus.oidc.client-id` property. Use this property to override the expected value if your OpenID Connect provider sets a different audience claim value in ID tokens. Set it to `any` if your provider does not set ID token audience` claim. Audience verification for access tokens will only be done if this property is configured.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"audience","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".token.subject-required","additionalKeys":[],"configDoc":"Require that the token includes a `sub` (subject) claim which is a unique and never reassigned identifier for the current user. Note that if you enable this property and if UserInfo is also required then both the token and UserInfo `sub` claims must be present and match each other.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"subject-required","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"`Map`","key":".token.required-claims","additionalKeys":[],"configDoc":"A map of required claims and their expected values. For example, `quarkus.oidc.token.required-claims.org_id = org_xyz` would require tokens to have the `org_id` claim to be present and set to `org_xyz`. Strings are the only supported types. Use `SecurityIdentityAugmentor` to verify claims of other types or complex claims.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"claim-name","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".token.token-type","additionalKeys":[],"configDoc":"Expected token type","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"token-type","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":".token.lifespan-grace","additionalKeys":[],"configDoc":"Life span grace period in seconds. When checking token expiry, current time is allowed to be later than token expiration time by at most the configured number of seconds. When checking token issuance, current time is allowed to be sooner than token issue time by at most the configured number of seconds.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"lifespan-grace","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".token.age","additionalKeys":[],"configDoc":"Token age. It allows for the number of seconds to be specified that must not elapse since the `iat` (issued at) time. A small leeway to account for clock skew which can be configured with 'quarkus.oidc.token.lifespan-grace' to verify the token expiry time can also be used to verify the token age property. Note that setting this property does not relax the requirement that Bearer and Code Flow JWT tokens must have a valid ('exp') expiry claim value. The only exception where setting this property relaxes the requirement is when a logout token is sent with a back-channel logout request since the current OpenId Connect Back-Channel specification does not explicitly require the logout tokens to contain an 'exp' claim. However, even if the current logout token is allowed to have no 'exp' claim, the `exp` claim will be still verified if the logout token contains it.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"age","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".token.principal-claim","additionalKeys":[],"configDoc":"Name of the claim which contains a principal name. By default, the 'upn', 'preferred_username' and `sub` claims are checked.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"principal-claim","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".token.refresh-expired","additionalKeys":[],"configDoc":"Refresh expired authorization code flow ID or access tokens. If this property is enabled then a refresh token request will be performed if the authorization code ID or access token has expired and, if successful, the local session will be updated with the new set of tokens. Otherwise, the local session will be invalidated and the user redirected to the OpenID Provider to re-authenticate. In this case the user may not be challenged again if the OIDC provider session is still active. For this option be effective the `authentication.session-age-extension` property should also be set to a non-zero value since the refresh token is currently kept in the user session. This option is valid only when the application is of type `ApplicationType++#++WEB_APP`++}++. This property will be enabled if `quarkus.oidc.token.refresh-token-time-skew` is configured, you do not have to enable this property manually in this case.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"refresh-expired","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".token.refresh-token-time-skew","additionalKeys":[],"configDoc":"Refresh token time skew in seconds. If this property is enabled then the configured number of seconds is added to the current time when checking if the authorization code ID or access token should be refreshed. If the sum is greater than the authorization code ID or access token's expiration time then a refresh is going to happen.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"refresh-token-time-skew","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".token.forced-jwk-refresh-interval","additionalKeys":[],"configDoc":"Forced JWK set refresh interval in minutes.","withinAMap":false,"defaultValue":"10M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"forced-jwk-refresh-interval","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".token.header","additionalKeys":[],"configDoc":"Custom HTTP header that contains a bearer token. This option is valid only when the application is of type `ApplicationType++#++SERVICE`++}++.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"header","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.SignatureAlgorithm","key":".token.signature-algorithm","additionalKeys":[],"configDoc":"Required signature algorithm. OIDC providers support many signature algorithms but if necessary you can restrict Quarkus application to accept tokens signed only using an algorithm configured with this property.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"signature-algorithm","configPhase":"BUILD_TIME","acceptedValues":["`rs256`","`rs384`","`rs512`","`ps256`","`ps384`","`ps512`","`es256`","`es384`","`es512`","`eddsa`"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":true}},{"configDocKey":{"type":"string","key":".token.decryption-key-location","additionalKeys":[],"configDoc":"Decryption key location. JWT tokens can be inner-signed and encrypted by OpenId Connect providers. However, it is not always possible to remotely introspect such tokens because the providers may not control the private decryption keys. In such cases set this property to point to the file containing the decryption private key in PEM or JSON Web Key (JWK) format. Note that if a 'private_key_jwt' client authentication method is used then the private key which is used to sign client authentication JWT tokens will be used to try to decrypt an encrypted ID token if this property is not set.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"decryption-key-location","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".token.allow-jwt-introspection","additionalKeys":[],"configDoc":"Allow the remote introspection of JWT tokens when no matching JWK key is available. Note this property is set to 'true' by default for backward-compatibility reasons and will be set to `false` instead in one of the next releases. Also note this property will be ignored if JWK endpoint URI is not available and introspecting the tokens is the only verification option.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-jwt-introspection","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".token.require-jwt-introspection-only","additionalKeys":[],"configDoc":"Require that JWT tokens are only introspected remotely.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"require-jwt-introspection-only","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".token.allow-opaque-token-introspection","additionalKeys":[],"configDoc":"Allow the remote introspection of the opaque tokens. Set this property to 'false' if only JWT tokens are expected.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-opaque-token-introspection","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".token.customizer-name","additionalKeys":[],"configDoc":"Token customizer name. Allows to select a tenant specific token customizer as a named bean. Prefer using `TenantFeature` qualifier when registering custom `TokenCustomizer`. Use this property only to refer to `TokenCustomizer` implementations provided by this extension.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"customizer-name","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":".token.verify-access-token-with-user-info","additionalKeys":[],"configDoc":"Indirectly verify that the opaque (binary) access token is valid by using it to request UserInfo. Opaque access token is considered valid if the provider accepted this token and returned a valid UserInfo. You should only enable this option if the opaque access tokens have to be accepted but OpenId Connect provider does not have a token introspection endpoint. This property will have no effect when JWT tokens have to be verified.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"verify-access-token-with-user-info","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}],"anchorPrefix":null}},{"configDocSection":{"name":"","optional":false,"withinAMap":false,"sectionDetails":null,"sectionDetailsTitle":".logout","configPhase":"BUILD_TIME","topLevelGrouping":"","configGroupType":"io.quarkus.oidc.OidcTenantConfig.Logout","showSection":false,"configDocItems":[{"configDocKey":{"type":"string","key":".logout.path","additionalKeys":[],"configDoc":"The relative path of the logout endpoint at the application. If provided, the application is able to initiate the logout through this endpoint in conformance with the OpenID Connect RP-Initiated Logout specification.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".logout.post-logout-path","additionalKeys":[],"configDoc":"Relative path of the application endpoint where the user should be redirected to after logging out from the OpenID Connect Provider. This endpoint URI must be properly registered at the OpenID Connect Provider as a valid redirect URI.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"post-logout-path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".logout.post-logout-uri-param","additionalKeys":[],"configDoc":"Name of the post logout URI parameter which will be added as a query parameter to the logout redirect URI.","withinAMap":false,"defaultValue":"post_logout_redirect_uri","javaDocSiteLink":"","docMapKey":"post-logout-uri-param","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"`Map`","key":".logout.extra-params","additionalKeys":[],"configDoc":"Additional properties which will be added as the query parameters to the logout redirect URI.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"extra-params","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".logout.backchannel.path","additionalKeys":[],"configDoc":"The relative path of the Back-Channel Logout endpoint at the application.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"int","key":".logout.backchannel.token-cache-size","additionalKeys":[],"configDoc":"Maximum number of logout tokens that can be cached before they are matched against ID tokens stored in session cookies.","withinAMap":false,"defaultValue":"10","javaDocSiteLink":"","docMapKey":"token-cache-size","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".logout.backchannel.token-cache-time-to-live","additionalKeys":[],"configDoc":"Number of minutes a logout token can be cached for.","withinAMap":false,"defaultValue":"10M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"token-cache-time-to-live","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".logout.backchannel.clean-up-timer-interval","additionalKeys":[],"configDoc":"Token cache timer interval. If this property is set then a timer will check and remove the stale entries periodically.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"clean-up-timer-interval","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".logout.backchannel.logout-token-key","additionalKeys":[],"configDoc":"Logout token claim whose value will be used as a key for caching the tokens. Only `sub` (subject) and `sid` (session id) claims can be used as keys. Set it to `sid` only if ID tokens issued by the OIDC provider have no `sub` but have `sid` claim.","withinAMap":false,"defaultValue":"sub","javaDocSiteLink":"","docMapKey":"logout-token-key","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".logout.frontchannel.path","additionalKeys":[],"configDoc":"The relative path of the Front-Channel Logout endpoint at the application.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}],"anchorPrefix":null}},{"configDocSection":{"name":"","optional":false,"withinAMap":false,"sectionDetails":null,"sectionDetailsTitle":".authentication","configPhase":"BUILD_TIME","topLevelGrouping":"","configGroupType":"io.quarkus.oidc.OidcTenantConfig.Authentication","showSection":false,"configDocItems":[{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.Authentication.ResponseMode","key":".authentication.response-mode","additionalKeys":[],"configDoc":"Authorization code flow response mode","withinAMap":false,"defaultValue":"query","javaDocSiteLink":"","docMapKey":"response-mode","configPhase":"BUILD_TIME","acceptedValues":["tooltip:query[Authorization response parameters are encoded in the query string added to the redirect_uri]","tooltip:form-post[Authorization response parameters are encoded as HTML form values that are auto-submitted in the browser and transmitted via the HTTP POST method using the application/x-www-form-urlencoded content type]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":true}},{"configDocKey":{"type":"string","key":".authentication.redirect-path","additionalKeys":[],"configDoc":"Relative path for calculating a \"redirect_uri\" query parameter. It has to start from a forward slash and will be appended to the request URI's host and port. For example, if the current request URI is 'https://localhost:8080/service' then a 'redirect_uri' parameter will be set to 'https://localhost:8080/' if this property is set to '/' and be the same as the request URI if this property has not been configured. Note the original request URI will be restored after the user has authenticated if 'restorePathAfterRedirect' is set to 'true'.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"redirect-path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".authentication.restore-path-after-redirect","additionalKeys":[],"configDoc":"If this property is set to 'true' then the original request URI which was used before the authentication will be restored after the user has been redirected back to the application. Note if `redirectPath` property is not set, the original request URI will be restored even if this property is disabled.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"restore-path-after-redirect","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".authentication.remove-redirect-parameters","additionalKeys":[],"configDoc":"Remove the query parameters such as 'code' and 'state' set by the OIDC server on the redirect URI after the user has authenticated by redirecting a user to the same URI but without the query parameters.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"remove-redirect-parameters","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".authentication.error-path","additionalKeys":[],"configDoc":"Relative path to the public endpoint which will process the error response from the OIDC authorization endpoint. If the user authentication has failed then the OIDC provider will return an 'error' and an optional 'error_description' parameters, instead of the expected authorization 'code'. If this property is set then the user will be redirected to the endpoint which can return a user-friendly error description page. It has to start from a forward slash and will be appended to the request URI's host and port. For example, if it is set as '/error' and the current request URI is 'https://localhost:8080/callback?error=invalid_scope' then a redirect will be made to 'https://localhost:8080/error?error=invalid_scope'. If this property is not set then HTTP 401 status will be returned in case of the user authentication failure.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"error-path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".authentication.verify-access-token","additionalKeys":[],"configDoc":"Both ID and access tokens are fetched from the OIDC provider as part of the authorization code flow. ID token is always verified on every user request as the primary token which is used to represent the principal and extract the roles. Access token is not verified by default since it is meant to be propagated to the downstream services. The verification of the access token should be enabled if it is injected as a JWT token. Access tokens obtained as part of the code flow will always be verified if `quarkus.oidc.roles.source` property is set to `accesstoken` which means the authorization decision will be based on the roles extracted from the access token. Bearer access tokens are always verified.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"verify-access-token","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":".authentication.force-redirect-https-scheme","additionalKeys":[],"configDoc":"Force 'https' as the 'redirect_uri' parameter scheme when running behind an SSL terminating reverse proxy. This property, if enabled, will also affect the logout `post_logout_redirect_uri` and the local redirect requests.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"force-redirect-https-scheme","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".authentication.scopes","additionalKeys":[],"configDoc":"List of scopes","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"scopes","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".authentication.nonce-required","additionalKeys":[],"configDoc":"Require that ID token includes a `nonce` claim which must match `nonce` authentication request query parameter. Enabling this property can help mitigate replay attacks. Do not enable this property if your OpenId Connect provider does not support setting `nonce` in ID token or if you work with OAuth2 provider such as `GitHub` which does not issue ID tokens.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"nonce-required","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":".authentication.add-openid-scope","additionalKeys":[],"configDoc":"Add the 'openid' scope automatically to the list of scopes. This is required for OpenId Connect providers but will not work for OAuth2 providers such as Twitter OAuth2 which does not accept that scope and throws an error.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"add-openid-scope","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"`Map`","key":".authentication.extra-params","additionalKeys":[],"configDoc":"Additional properties which will be added as the query parameters to the authentication redirect URI.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"extra-params","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".authentication.forward-params","additionalKeys":[],"configDoc":"Request URL query parameters which, if present, will be added to the authentication redirect URI.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"forward-params","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".authentication.cookie-force-secure","additionalKeys":[],"configDoc":"If enabled the state, session and post logout cookies will have their 'secure' parameter set to 'true' when HTTP is used. It may be necessary when running behind an SSL terminating reverse proxy. The cookies will always be secure if HTTPS is used even if this property is set to false.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"cookie-force-secure","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".authentication.cookie-suffix","additionalKeys":[],"configDoc":"Cookie name suffix. For example, a session cookie name for the default OIDC tenant is 'q_session' but can be changed to 'q_session_test' if this property is set to 'test'.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"cookie-suffix","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".authentication.cookie-path","additionalKeys":[],"configDoc":"Cookie path parameter value which, if set, will be used to set a path parameter for the session, state and post logout cookies. The `cookie-path-header` property, if set, will be checked first.","withinAMap":false,"defaultValue":"/","javaDocSiteLink":"","docMapKey":"cookie-path","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".authentication.cookie-path-header","additionalKeys":[],"configDoc":"Cookie path header parameter value which, if set, identifies the incoming HTTP header whose value will be used to set a path parameter for the session, state and post logout cookies. If the header is missing then the `cookie-path` property will be checked.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"cookie-path-header","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".authentication.cookie-domain","additionalKeys":[],"configDoc":"Cookie domain parameter value which, if set, will be used for the session, state and post logout cookies.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"cookie-domain","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.Authentication.CookieSameSite","key":".authentication.cookie-same-site","additionalKeys":[],"configDoc":"SameSite attribute for the session cookie.","withinAMap":false,"defaultValue":"lax","javaDocSiteLink":"","docMapKey":"cookie-same-site","configPhase":"BUILD_TIME","acceptedValues":["`strict`","`lax`","`none`"],"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":true}},{"configDocKey":{"type":"boolean","key":".authentication.allow-multiple-code-flows","additionalKeys":[],"configDoc":"If a state cookie is present then a `state` query parameter must also be present and both the state cookie name suffix and state cookie value have to match the value of the `state` query parameter when the redirect path matches the current path. However, if multiple authentications are attempted from the same browser, for example, from the different browser tabs, then the currently available state cookie may represent the authentication flow initiated from another tab and not related to the current request. Disable this property if you would like to avoid supporting multiple authorization code flows running in the same browser.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-multiple-code-flows","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".authentication.fail-on-missing-state-param","additionalKeys":[],"configDoc":"Fail with the HTTP 401 error if the state cookie is present but no state query parameter is present.\n\nWhen either multiple authentications are disabled or the redirect URL matches the original request URL, the stale state cookie might remain in the browser cache from the earlier failed redirect to an OpenId Connect provider and be visible during the current request. For example, if Single-page application (SPA) uses XHR to handle redirects to the provider which does not support CORS for its authorization endpoint, the browser will block it and the state cookie created by Quarkus will remain in the browser cache. Quarkus will report an authentication failure when it will detect such an old state cookie but find no matching state query parameter.\n\nReporting HTTP 401 error is usually the right thing to do in such cases, it will minimize a risk of the browser redirect loop but also can identify problems in the way SPA or Quarkus application manage redirects. For example, enabling `java-script-auto-redirect` or having the provider redirect to URL configured with `redirect-path` may be needed to avoid such errors.\n\nHowever, setting this property to `false` may help if the above options are not suitable. It will cause a new authentication redirect to OpenId Connect provider. Please be aware doing so may increase the risk of browser redirect loops.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"fail-on-missing-state-param","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":".authentication.user-info-required","additionalKeys":[],"configDoc":"If this property is set to 'true' then an OIDC UserInfo endpoint will be called. This property will be enabled if `quarkus.oidc.roles.source` is `userinfo` or `quarkus.oidc.token.verify-access-token-with-user-info` is `true` or `quarkus.oidc.authentication.id-token-required` is set to `false`, you do not have to enable this property manually in these cases.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"user-info-required","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".authentication.session-age-extension","additionalKeys":[],"configDoc":"Session age extension in minutes. The user session age property is set to the value of the ID token life-span by default and the user will be redirected to the OIDC provider to re-authenticate once the session has expired. If this property is set to a non-zero value then the expired ID token can be refreshed before the session has expired. This property will be ignored if the `token.refresh-expired` property has not been enabled.","withinAMap":false,"defaultValue":"5M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"session-age-extension","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".authentication.java-script-auto-redirect","additionalKeys":[],"configDoc":"If this property is set to 'true' then a normal 302 redirect response will be returned if the request was initiated via JavaScript API such as XMLHttpRequest or Fetch and the current user needs to be (re)authenticated which may not be desirable for Single-page applications (SPA) since it automatically following the redirect may not work given that OIDC authorization endpoints typically do not support CORS.\n\nIf this property is set to 'false' then a status code of '499' will be returned to allow SPA to handle the redirect manually if a request header identifying current request as a JavaScript request is found. 'X-Requested-With' request header with its value set to either `JavaScript` or `XMLHttpRequest` is expected by default if this property is enabled. You can register a custom `JavaScriptRequestChecker` to do a custom JavaScript request check instead.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"java-script-auto-redirect","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":".authentication.id-token-required","additionalKeys":[],"configDoc":"Requires that ID token is available when the authorization code flow completes. Disable this property only when you need to use the authorization code flow with OAuth2 providers which do not return ID token - an internal IdToken will be generated in such cases.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"id-token-required","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".authentication.internal-id-token-lifespan","additionalKeys":[],"configDoc":"Internal ID token lifespan. This property is only checked when an internal IdToken is generated when Oauth2 providers do not return IdToken.","withinAMap":false,"defaultValue":"5M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"internal-id-token-lifespan","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":".authentication.pkce-required","additionalKeys":[],"configDoc":"Requires that a Proof Key for Code Exchange (PKCE) is used.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"pkce-required","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".authentication.state-secret","additionalKeys":[],"configDoc":"Secret which will be used to encrypt Proof Key for Code Exchange (PKCE) code verifier and/or nonce in the code flow state. This secret should be at least 32 characters long.\n\nIf this secret is not set, the client secret configured with either `quarkus.oidc.credentials.secret` or `quarkus.oidc.credentials.client-secret.value` will be checked. Finally, `quarkus.oidc.credentials.jwt.secret` which can be used for `client_jwt_secret` authentication will be checked. Client secret will not be used as a state encryption secret if it is less than 32 characters long.\n\nThe secret will be auto-generated if it remains uninitialized after checking all of these properties.\n\nError will be reported if the secret length is less than 16 characters.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"state-secret","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}],"anchorPrefix":null}},{"configDocSection":{"name":"","optional":false,"withinAMap":false,"sectionDetails":null,"sectionDetailsTitle":".code-grant","configPhase":"BUILD_TIME","topLevelGrouping":"","configGroupType":"io.quarkus.oidc.OidcTenantConfig.CodeGrant","showSection":false,"configDocItems":[{"configDocKey":{"type":"`Map`","key":".code-grant.extra-params","additionalKeys":[],"configDoc":"Additional parameters, in addition to the required `code` and `redirect-uri` parameters, which have to be included to complete the authorization code grant request.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"extra-params","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"`Map`","key":".code-grant.headers","additionalKeys":[],"configDoc":"Custom HTTP headers which have to be sent to complete the authorization code grant request.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"headers","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}],"anchorPrefix":null}},{"configDocSection":{"name":"","optional":false,"withinAMap":false,"sectionDetails":null,"sectionDetailsTitle":".token-state-manager","configPhase":"BUILD_TIME","topLevelGrouping":"","configGroupType":"io.quarkus.oidc.OidcTenantConfig.TokenStateManager","showSection":false,"configDocItems":[{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.TokenStateManager.Strategy","key":".token-state-manager.strategy","additionalKeys":[],"configDoc":"Default TokenStateManager strategy.","withinAMap":false,"defaultValue":"keep-all-tokens","javaDocSiteLink":"","docMapKey":"strategy","configPhase":"BUILD_TIME","acceptedValues":["tooltip:keep-all-tokens[Keep ID, access and refresh tokens.]","tooltip:id-token[Keep ID token only]","tooltip:id-refresh-tokens[Keep ID and refresh tokens only]"],"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":true}},{"configDocKey":{"type":"boolean","key":".token-state-manager.split-tokens","additionalKeys":[],"configDoc":"Default TokenStateManager keeps all tokens (ID, access and refresh) returned in the authorization code grant response in a single session cookie by default. Enable this property to minimize a session cookie size","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"split-tokens","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".token-state-manager.encryption-required","additionalKeys":[],"configDoc":"Mandates that the session cookie that stores the tokens is encrypted.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"encryption-required","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".token-state-manager.encryption-secret","additionalKeys":[],"configDoc":"Secret which will be used to encrypt the session cookie storing the tokens when `encryption-required` property is enabled.\n\nIf this secret is not set, the client secret configured with either `quarkus.oidc.credentials.secret` or `quarkus.oidc.credentials.client-secret.value` will be checked. Finally, `quarkus.oidc.credentials.jwt.secret` which can be used for `client_jwt_secret` authentication will be checked. The secret will be auto-generated if it remains uninitialized after checking all of these properties.\n\nThe length of the secret which will be used to encrypt the tokens should be at least 32 characters long. Warning will be logged if the secret length is less than 16 characters.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"encryption-secret","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}],"anchorPrefix":null}},{"configDocKey":{"type":"boolean","key":".allow-token-introspection-cache","additionalKeys":[],"configDoc":"Allow caching the token introspection data. Note enabling this property does not enable the cache itself but only permits to cache the token introspection for a given tenant. If the default token cache can be used then please see `OidcConfig.TokenCache` how to enable it.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-token-introspection-cache","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".allow-user-info-cache","additionalKeys":[],"configDoc":"Allow caching the user info data. Note enabling this property does not enable the cache itself but only permits to cache the user info data for a given tenant. If the default token cache can be used then please see `OidcConfig.TokenCache` how to enable it.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-user-info-cache","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".cache-user-info-in-idtoken","additionalKeys":[],"configDoc":"Allow inlining UserInfo in IdToken instead of caching it in the token cache. This property is only checked when an internal IdToken is generated when Oauth2 providers do not return IdToken. Inlining UserInfo in the generated IdToken allows to store it in the session cookie and avoids introducing a cached state.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"cache-user-info-in-idtoken","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.Provider","key":".provider","additionalKeys":[],"configDoc":"Well known OpenId Connect provider identifier","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"provider","configPhase":"BUILD_TIME","acceptedValues":["`apple`","`facebook`","`github`","`google`","`mastodon`","`microsoft`","`spotify`","`twitch`","`twitter`","`x`"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":true}}] \ No newline at end of file diff --git a/_generated-doc/main/config/all-configuration-groups-generated-doc/io.quarkus.smallrye.reactivemessaging.amqp.deployment.AmqpDevServicesBuildTimeConfig b/_generated-doc/main/config/all-configuration-groups-generated-doc/io.quarkus.smallrye.reactivemessaging.amqp.deployment.AmqpDevServicesBuildTimeConfig index 5c992a06df..a8e7592398 100644 --- a/_generated-doc/main/config/all-configuration-groups-generated-doc/io.quarkus.smallrye.reactivemessaging.amqp.deployment.AmqpDevServicesBuildTimeConfig +++ b/_generated-doc/main/config/all-configuration-groups-generated-doc/io.quarkus.smallrye.reactivemessaging.amqp.deployment.AmqpDevServicesBuildTimeConfig @@ -1 +1 @@ -[{"configDocKey":{"type":"java.lang.Boolean","key":".enabled","additionalKeys":[],"configDoc":"If Dev Services for AMQP has been explicitly enabled or disabled. Dev Services are generally enabled by default, unless there is an existing configuration present. For AMQP, Dev Services starts a broker unless `amqp-host` or `amqp-port` are set or if all the Reactive Messaging AMQP channel are configured with `host` or `port`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"enabled","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":".port","additionalKeys":[],"configDoc":"Optional fixed port the dev service will listen to.\n\nIf not defined, the port will be chosen randomly.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"port","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".image-name","additionalKeys":[],"configDoc":"The image to use. Note that only ActiveMQ Artemis images are supported. Specifically, the image repository must end with `artemiscloud/activemq-artemis-broker`. Check the link:https://quay.io/repository/artemiscloud/activemq-artemis-broker[activemq-artemis-broker on Quay page] to find the available versions.","withinAMap":false,"defaultValue":"quay.io/artemiscloud/activemq-artemis-broker:1.0.18","javaDocSiteLink":"","docMapKey":"image-name","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".extra-args","additionalKeys":[],"configDoc":"The value of the `AMQ_EXTRA_ARGS` environment variable to pass to the container.","withinAMap":false,"defaultValue":"--no-autotune --mapped --no-fsync --relax-jolokia --http-host 0.0.0.0","javaDocSiteLink":"","docMapKey":"extra-args","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".shared","additionalKeys":[],"configDoc":"Indicates if the AMQP broker managed by Quarkus Dev Services is shared. When shared, Quarkus looks for running containers using label-based service discovery. If a matching container is found, it is used, and so a second one is not started. Otherwise, Dev Services for AMQP starts a new container.\n\nThe discovery uses the `quarkus-dev-service-amqp` label. The value is configured using the `service-name` property.\n\nContainer sharing is only used in dev mode.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"shared","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".service-name","additionalKeys":[],"configDoc":"The value of the `quarkus-dev-service-aqmp` label attached to the started container. This property is used when `shared` is set to `true`. In this case, before starting a container, Dev Services for AMQP looks for a container with the `quarkus-dev-service-amqp` label set to the configured value. If found, it will use this container instead of starting a new one. Otherwise, it starts a new container with the `quarkus-dev-service-amqp` label set to the specified value.\n\nThis property is used when you need multiple shared AMQP brokers.","withinAMap":false,"defaultValue":"amqp","javaDocSiteLink":"","docMapKey":"service-name","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"`Map`","key":".container-env","additionalKeys":[],"configDoc":"Environment variables that are passed to the container.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"container-env","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}] \ No newline at end of file +[{"configDocKey":{"type":"java.lang.Boolean","key":".enabled","additionalKeys":[],"configDoc":"If Dev Services for AMQP has been explicitly enabled or disabled. Dev Services are generally enabled by default, unless there is an existing configuration present. For AMQP, Dev Services starts a broker unless `amqp-host` or `amqp-port` are set or if all the Reactive Messaging AMQP channel are configured with `host` or `port`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"enabled","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":".port","additionalKeys":[],"configDoc":"Optional fixed port the dev service will listen to.\n\nIf not defined, the port will be chosen randomly.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"port","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".image-name","additionalKeys":[],"configDoc":"The image to use. Note that only ActiveMQ Artemis images are supported. Specifically, the image repository must end with `artemiscloud/activemq-artemis-broker`.\n\nCheck the link:https://quay.io/repository/artemiscloud/activemq-artemis-broker[activemq-artemis-broker on Quay page] to find the available versions.","withinAMap":false,"defaultValue":"quay.io/artemiscloud/activemq-artemis-broker:1.0.22","javaDocSiteLink":"","docMapKey":"image-name","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".extra-args","additionalKeys":[],"configDoc":"The value of the `AMQ_EXTRA_ARGS` environment variable to pass to the container. For ActiveMQ Artemis Broker <= 1.0.21, set this property to `--no-autotune --mapped --no-fsync --relax-jolokia --http-host 0.0.0.0`","withinAMap":false,"defaultValue":"--no-autotune --mapped --no-fsync --relax-jolokia","javaDocSiteLink":"","docMapKey":"extra-args","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"boolean","key":".shared","additionalKeys":[],"configDoc":"Indicates if the AMQP broker managed by Quarkus Dev Services is shared. When shared, Quarkus looks for running containers using label-based service discovery. If a matching container is found, it is used, and so a second one is not started. Otherwise, Dev Services for AMQP starts a new container.\n\nThe discovery uses the `quarkus-dev-service-amqp` label. The value is configured using the `service-name` property.\n\nContainer sharing is only used in dev mode.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"shared","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"string","key":".service-name","additionalKeys":[],"configDoc":"The value of the `quarkus-dev-service-aqmp` label attached to the started container. This property is used when `shared` is set to `true`. In this case, before starting a container, Dev Services for AMQP looks for a container with the `quarkus-dev-service-amqp` label set to the configured value. If found, it will use this container instead of starting a new one. Otherwise, it starts a new container with the `quarkus-dev-service-amqp` label set to the specified value.\n\nThis property is used when you need multiple shared AMQP brokers.","withinAMap":false,"defaultValue":"amqp","javaDocSiteLink":"","docMapKey":"service-name","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"`Map`","key":".container-env","additionalKeys":[],"configDoc":"Environment variables that are passed to the container.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"container-env","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}] \ No newline at end of file diff --git a/_generated-doc/main/config/all-configuration-groups-generated-doc/io.quarkus.vertx.http.runtime.TrafficShapingConfig b/_generated-doc/main/config/all-configuration-groups-generated-doc/io.quarkus.vertx.http.runtime.TrafficShapingConfig new file mode 100644 index 0000000000..e788f82309 --- /dev/null +++ b/_generated-doc/main/config/all-configuration-groups-generated-doc/io.quarkus.vertx.http.runtime.TrafficShapingConfig @@ -0,0 +1 @@ +[{"configDocKey":{"type":"boolean","key":".enabled","additionalKeys":[],"configDoc":"Enables the traffic shaping.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"enabled","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"io.quarkus.runtime.configuration.MemorySize","key":".inbound-global-bandwidth","additionalKeys":[],"configDoc":"Set bandwidth limit in bytes per second for inbound connections. If not set, no limits are applied.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"inbound-global-bandwidth","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"io.quarkus.runtime.configuration.MemorySize","key":".outbound-global-bandwidth","additionalKeys":[],"configDoc":"Set bandwidth limit in bytes per second for outbound connections. If not set, no limits are applied.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"outbound-global-bandwidth","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".max-delay","additionalKeys":[],"configDoc":"Set the maximum delay to wait in case of traffic excess. Default is 15s. Must be less than the HTTP timeout.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"max-delay","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":".check-interval","additionalKeys":[],"configDoc":"Set the delay between two computations of performances for channels. If set to 0, no stats are computed. Despite 0 is accepted (no accounting), it is recommended to set a positive value for the check interval, even if it is high since the precision of the traffic shaping depends on the period where the traffic is computed. In this case, a suggested value is something close to 5 or 10 minutes.\n\nIf not default, it defaults to 1s.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"check-interval","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}},{"configDocKey":{"type":"io.quarkus.runtime.configuration.MemorySize","key":".peak-outbound-global-bandwidth","additionalKeys":[],"configDoc":"Set the maximum global write size in bytes per second allowed in the buffer globally for all channels before write are suspended. The default value is 400 MB.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"peak-outbound-global-bandwidth","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"","enum":false}}] \ No newline at end of file diff --git a/_generated-doc/main/config/all-configuration-roots-generated-doc/io.quarkus.mongodb.runtime.MongodbConfig b/_generated-doc/main/config/all-configuration-roots-generated-doc/io.quarkus.mongodb.runtime.MongodbConfig index 8248a754d7..a248182ef1 100644 --- a/_generated-doc/main/config/all-configuration-roots-generated-doc/io.quarkus.mongodb.runtime.MongodbConfig +++ b/_generated-doc/main/config/all-configuration-roots-generated-doc/io.quarkus.mongodb.runtime.MongodbConfig @@ -1 +1 @@ -[{"configDocKey":{"type":"string","key":"quarkus.mongodb.connection-string","additionalKeys":[],"configDoc":"Configures the connection string. The format is: `mongodb://++[++username:password@++]++host1++[++:port1++][++,host2++[++:port2++]++,...++[++,hostN++[++:portN++]]][++/++[++database.collection++][++?options++]]++`\n\n`mongodb://` is a required prefix to identify that this is a string in the standard connection format.\n\n`username:password@` are optional. If given, the driver will attempt to log in to a database after connecting to a database server. For some authentication mechanisms, only the username is specified and the password is not, in which case the \":\" after the username is left off as well.\n\n`host1` is the only required part of the connection string. It identifies a server address to connect to.\n\n`:portX` is optional and defaults to :27017 if not provided.\n\n`/database` is the name of the database to log in to and thus is only relevant if the `username:password@` syntax is used. If not specified the `admin` database will be used by default.\n\n`?options` are connection options. Note that if `database` is absent there is still a `/` required between the last host and the `?` introducing the options. Options are name=value pairs and the pairs are separated by \"&\".\n\nAn alternative format, using the `mongodb{plus}srv` protocol, is:\n\n```\nmongodb+srv://[username:password@]host[/[database][?options]]\n```\n\n\n\n - `mongodb{plus}srv://` is a required prefix for this format.\n - `username:password@` are optional. If given, the driver will attempt to login to a database after connecting to a database server. For some authentication mechanisms, only the username is specified and the password is not, in which case the \":\" after the username is left off as well\n - `host` is the only required part of the URI. It identifies a single host name for which SRV records are looked up from a Domain Name Server after prefixing the host name with `\"_mongodb._tcp\"`. The host/port for each SRV record becomes the seed list used to connect, as if each one were provided as host/port pair in a URI using the normal mongodb protocol.\n - `/database` is the name of the database to login to and thus is only relevant if the `username:password@` syntax is used. If not specified the \"admin\" database will be used by default.\n - `?options` are connection options. Note that if `database` is absent there is still a `/` required between the last host and the `?` introducing the options. Options are name=value pairs and the pairs are separated by \"&\". Additionally with the mongodb{plus}srv protocol, TXT records are looked up from a Domain Name Server for the given host, and the text value of each one is prepended to any options on the URI itself. Because the last specified value for any option wins, that means that options provided on the URI will override any that are provided via TXT records.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"connection-string","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.hosts","additionalKeys":[],"configDoc":"Configures the MongoDB server addressed (one if single mode). The addresses are passed as `host:port`.","withinAMap":false,"defaultValue":"127.0.0.1:27017","javaDocSiteLink":"","docMapKey":"hosts","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.database","additionalKeys":[],"configDoc":"Configure the database name.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"database","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.application-name","additionalKeys":[],"configDoc":"Configures the application name.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"application-name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.mongodb.max-pool-size","additionalKeys":[],"configDoc":"Configures the maximum number of connections in the connection pool.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"max-pool-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.mongodb.min-pool-size","additionalKeys":[],"configDoc":"Configures the minimum number of connections in the connection pool.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"min-pool-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.max-connection-idle-time","additionalKeys":[],"configDoc":"Maximum idle time of a pooled connection. A connection that exceeds this limit will be closed.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"max-connection-idle-time","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.max-connection-life-time","additionalKeys":[],"configDoc":"Maximum lifetime of a pooled connection. A connection that exceeds this limit will be closed.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"max-connection-life-time","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.maintenance-frequency","additionalKeys":[],"configDoc":"Configures the time period between runs of the maintenance job.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"maintenance-frequency","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.maintenance-initial-delay","additionalKeys":[],"configDoc":"Configures period of time to wait before running the first maintenance job on the connection pool.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"maintenance-initial-delay","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.connect-timeout","additionalKeys":[],"configDoc":"How long a connection can take to be opened before timing out.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"connect-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.read-timeout","additionalKeys":[],"configDoc":"How long a socket read can take before timing out.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"read-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.mongodb.tls-insecure","additionalKeys":[],"configDoc":"If connecting with TLS, this option enables insecure TLS connections.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"tls-insecure","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.mongodb.tls","additionalKeys":[],"configDoc":"Whether to connect using TLS.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"tls","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.replica-set-name","additionalKeys":[],"configDoc":"Implies that the hosts given are a seed list, and the driver will attempt to find all members of the set.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"replica-set-name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.server-selection-timeout","additionalKeys":[],"configDoc":"How long the driver will wait for server selection to succeed before throwing an exception.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"server-selection-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.local-threshold","additionalKeys":[],"configDoc":"When choosing among multiple MongoDB servers to send a request, the driver will only send that request to a server whose ping time is less than or equal to the server with the fastest ping time plus the local threshold.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"local-threshold","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.heartbeat-frequency","additionalKeys":[],"configDoc":"The frequency that the driver will attempt to determine the current state of each server in the cluster.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"heartbeat-frequency","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocSection":{"name":"quarkus.mongodb.write-concern","optional":false,"withinAMap":false,"sectionDetails":"== Write concern","sectionDetailsTitle":"Write concern","configPhase":"RUN_TIME","topLevelGrouping":"quarkus.mongodb","configGroupType":"io.quarkus.mongodb.runtime.WriteConcernConfig","showSection":true,"configDocItems":[{"configDocKey":{"type":"boolean","key":"quarkus.mongodb.write-concern.safe","additionalKeys":[],"configDoc":"Configures the safety. If set to `true`: the driver ensures that all writes are acknowledged by the MongoDB server, or else throws an exception. (see also `w` and `wtimeoutMS`). If set fo\n - `false`: the driver does not ensure that all writes are acknowledged by the MongoDB server.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"safe","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.mongodb.write-concern.journal","additionalKeys":[],"configDoc":"Configures the journal writing aspect. If set to `true`: the driver waits for the server to group commit to the journal file on disk. If set to `false`: the driver does not wait for the server to group commit to the journal file on disk.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"journal","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.write-concern.w","additionalKeys":[],"configDoc":"When set, the driver adds `w: wValue` to all write commands. It requires `safe` to be `true`. The value is typically a number, but can also be the `majority` string.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"w","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.mongodb.write-concern.retry-writes","additionalKeys":[],"configDoc":"If set to `true`, the driver will retry supported write operations if they fail due to a network error.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"retry-writes","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.write-concern.w-timeout","additionalKeys":[],"configDoc":"When set, the driver adds `wtimeout : ms` to all write commands. It requires `safe` to be `true`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"w-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.mongodb.\"mongo-client-configs\".write-concern.safe","additionalKeys":[],"configDoc":"Configures the safety. If set to `true`: the driver ensures that all writes are acknowledged by the MongoDB server, or else throws an exception. (see also `w` and `wtimeoutMS`). If set fo\n - `false`: the driver does not ensure that all writes are acknowledged by the MongoDB server.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"safe","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.mongodb.\"mongo-client-configs\".write-concern.journal","additionalKeys":[],"configDoc":"Configures the journal writing aspect. If set to `true`: the driver waits for the server to group commit to the journal file on disk. If set to `false`: the driver does not wait for the server to group commit to the journal file on disk.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"journal","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".write-concern.w","additionalKeys":[],"configDoc":"When set, the driver adds `w: wValue` to all write commands. It requires `safe` to be `true`. The value is typically a number, but can also be the `majority` string.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"w","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.mongodb.\"mongo-client-configs\".write-concern.retry-writes","additionalKeys":[],"configDoc":"If set to `true`, the driver will retry supported write operations if they fail due to a network error.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"retry-writes","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.\"mongo-client-configs\".write-concern.w-timeout","additionalKeys":[],"configDoc":"When set, the driver adds `wtimeout : ms` to all write commands. It requires `safe` to be `true`.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"w-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}}],"anchorPrefix":null}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.read-concern","additionalKeys":[],"configDoc":"Configures the read concern. Supported values are: `local++|++majority++|++linearizable++|++snapshot++|++available`","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"read-concern","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.read-preference","additionalKeys":[],"configDoc":"Configures the read preference. Supported values are: `primary++|++primaryPreferred++|++secondary++|++secondaryPreferred++|++nearest`","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"read-preference","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocSection":{"name":"quarkus.mongodb.credentials","optional":false,"withinAMap":false,"sectionDetails":"== Credentials and authentication mechanism","sectionDetailsTitle":"Credentials and authentication mechanism","configPhase":"RUN_TIME","topLevelGrouping":"quarkus.mongodb","configGroupType":"io.quarkus.mongodb.runtime.CredentialConfig","showSection":true,"configDocItems":[{"configDocKey":{"type":"string","key":"quarkus.mongodb.credentials.username","additionalKeys":[],"configDoc":"Configures the username.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"username","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.credentials.password","additionalKeys":[],"configDoc":"Configures the password.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.credentials.auth-mechanism","additionalKeys":[],"configDoc":"Configures the authentication mechanism to use if a credential was supplied. The default is unspecified, in which case the client will pick the most secure mechanism available based on the sever version. For the GSSAPI and MONGODB-X509 mechanisms, no password is accepted, only the username. Supported values: null or `GSSAPI++|++PLAIN++|++MONGODB-X509++|++SCRAM_SHA_1++|++SCRAM_SHA_256++|++MONGODB_AWS`","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"auth-mechanism","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.credentials.auth-source","additionalKeys":[],"configDoc":"Configures the source of the authentication credentials. This is typically the database where the credentials have been created. The value defaults to the database specified in the path portion of the connection string or in the 'database' configuration property. If the database is specified in neither place, the default value is `admin`. This option is only respected when using the MONGO-CR mechanism (the default).","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"auth-source","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.mongodb.credentials.auth-mechanism-properties","additionalKeys":[],"configDoc":"Allows passing authentication mechanism properties.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"auth-mechanism-properties","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.credentials.credentials-provider","additionalKeys":[],"configDoc":"The credentials provider name","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"credentials-provider","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.credentials.credentials-provider-name","additionalKeys":[],"configDoc":"The credentials provider bean name.\n\nThis is a bean name (as in `@Named`) of a bean that implements `CredentialsProvider`. It is used to select the credentials provider bean when multiple exist. This is unnecessary when there is only one credentials provider available.\n\nFor Vault, the credentials provider bean name is `vault-credentials-provider`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"credentials-provider-name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".credentials.username","additionalKeys":[],"configDoc":"Configures the username.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"username","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".credentials.password","additionalKeys":[],"configDoc":"Configures the password.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".credentials.auth-mechanism","additionalKeys":[],"configDoc":"Configures the authentication mechanism to use if a credential was supplied. The default is unspecified, in which case the client will pick the most secure mechanism available based on the sever version. For the GSSAPI and MONGODB-X509 mechanisms, no password is accepted, only the username. Supported values: null or `GSSAPI++|++PLAIN++|++MONGODB-X509++|++SCRAM_SHA_1++|++SCRAM_SHA_256++|++MONGODB_AWS`","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"auth-mechanism","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".credentials.auth-source","additionalKeys":[],"configDoc":"Configures the source of the authentication credentials. This is typically the database where the credentials have been created. The value defaults to the database specified in the path portion of the connection string or in the 'database' configuration property. If the database is specified in neither place, the default value is `admin`. This option is only respected when using the MONGO-CR mechanism (the default).","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"auth-source","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.mongodb.\"mongo-client-configs\".credentials.auth-mechanism-properties","additionalKeys":[],"configDoc":"Allows passing authentication mechanism properties.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"auth-mechanism-properties","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".credentials.credentials-provider","additionalKeys":[],"configDoc":"The credentials provider name","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"credentials-provider","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".credentials.credentials-provider-name","additionalKeys":[],"configDoc":"The credentials provider bean name.\n\nThis is a bean name (as in `@Named`) of a bean that implements `CredentialsProvider`. It is used to select the credentials provider bean when multiple exist. This is unnecessary when there is only one credentials provider available.\n\nFor Vault, the credentials provider bean name is `vault-credentials-provider`.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"credentials-provider-name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}}],"anchorPrefix":null}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.health.database","additionalKeys":[],"configDoc":"The database used during the readiness health checks","withinAMap":false,"defaultValue":"admin","javaDocSiteLink":"","docMapKey":"health-database","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".connection-string","additionalKeys":[],"configDoc":"Configures the connection string. The format is: `mongodb://++[++username:password@++]++host1++[++:port1++][++,host2++[++:port2++]++,...++[++,hostN++[++:portN++]]][++/++[++database.collection++][++?options++]]++`\n\n`mongodb://` is a required prefix to identify that this is a string in the standard connection format.\n\n`username:password@` are optional. If given, the driver will attempt to log in to a database after connecting to a database server. For some authentication mechanisms, only the username is specified and the password is not, in which case the \":\" after the username is left off as well.\n\n`host1` is the only required part of the connection string. It identifies a server address to connect to.\n\n`:portX` is optional and defaults to :27017 if not provided.\n\n`/database` is the name of the database to log in to and thus is only relevant if the `username:password@` syntax is used. If not specified the `admin` database will be used by default.\n\n`?options` are connection options. Note that if `database` is absent there is still a `/` required between the last host and the `?` introducing the options. Options are name=value pairs and the pairs are separated by \"&\".\n\nAn alternative format, using the `mongodb{plus}srv` protocol, is:\n\n```\nmongodb+srv://[username:password@]host[/[database][?options]]\n```\n\n\n\n - `mongodb{plus}srv://` is a required prefix for this format.\n - `username:password@` are optional. If given, the driver will attempt to login to a database after connecting to a database server. For some authentication mechanisms, only the username is specified and the password is not, in which case the \":\" after the username is left off as well\n - `host` is the only required part of the URI. It identifies a single host name for which SRV records are looked up from a Domain Name Server after prefixing the host name with `\"_mongodb._tcp\"`. The host/port for each SRV record becomes the seed list used to connect, as if each one were provided as host/port pair in a URI using the normal mongodb protocol.\n - `/database` is the name of the database to login to and thus is only relevant if the `username:password@` syntax is used. If not specified the \"admin\" database will be used by default.\n - `?options` are connection options. Note that if `database` is absent there is still a `/` required between the last host and the `?` introducing the options. Options are name=value pairs and the pairs are separated by \"&\". Additionally with the mongodb{plus}srv protocol, TXT records are looked up from a Domain Name Server for the given host, and the text value of each one is prepended to any options on the URI itself. Because the last specified value for any option wins, that means that options provided on the URI will override any that are provided via TXT records.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"connection-string","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".hosts","additionalKeys":[],"configDoc":"Configures the MongoDB server addressed (one if single mode). The addresses are passed as `host:port`.","withinAMap":true,"defaultValue":"127.0.0.1:27017","javaDocSiteLink":"","docMapKey":"hosts","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".database","additionalKeys":[],"configDoc":"Configure the database name.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"database","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".application-name","additionalKeys":[],"configDoc":"Configures the application name.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"application-name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.mongodb.\"mongo-client-configs\".max-pool-size","additionalKeys":[],"configDoc":"Configures the maximum number of connections in the connection pool.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"max-pool-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.mongodb.\"mongo-client-configs\".min-pool-size","additionalKeys":[],"configDoc":"Configures the minimum number of connections in the connection pool.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"min-pool-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.\"mongo-client-configs\".max-connection-idle-time","additionalKeys":[],"configDoc":"Maximum idle time of a pooled connection. A connection that exceeds this limit will be closed.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"max-connection-idle-time","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.\"mongo-client-configs\".max-connection-life-time","additionalKeys":[],"configDoc":"Maximum lifetime of a pooled connection. A connection that exceeds this limit will be closed.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"max-connection-life-time","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.\"mongo-client-configs\".maintenance-frequency","additionalKeys":[],"configDoc":"Configures the time period between runs of the maintenance job.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"maintenance-frequency","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.\"mongo-client-configs\".maintenance-initial-delay","additionalKeys":[],"configDoc":"Configures period of time to wait before running the first maintenance job on the connection pool.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"maintenance-initial-delay","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.\"mongo-client-configs\".connect-timeout","additionalKeys":[],"configDoc":"How long a connection can take to be opened before timing out.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"connect-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.\"mongo-client-configs\".read-timeout","additionalKeys":[],"configDoc":"How long a socket read can take before timing out.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"read-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.mongodb.\"mongo-client-configs\".tls-insecure","additionalKeys":[],"configDoc":"If connecting with TLS, this option enables insecure TLS connections.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"tls-insecure","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.mongodb.\"mongo-client-configs\".tls","additionalKeys":[],"configDoc":"Whether to connect using TLS.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"tls","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".replica-set-name","additionalKeys":[],"configDoc":"Implies that the hosts given are a seed list, and the driver will attempt to find all members of the set.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"replica-set-name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.\"mongo-client-configs\".server-selection-timeout","additionalKeys":[],"configDoc":"How long the driver will wait for server selection to succeed before throwing an exception.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"server-selection-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.\"mongo-client-configs\".local-threshold","additionalKeys":[],"configDoc":"When choosing among multiple MongoDB servers to send a request, the driver will only send that request to a server whose ping time is less than or equal to the server with the fastest ping time plus the local threshold.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"local-threshold","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.\"mongo-client-configs\".heartbeat-frequency","additionalKeys":[],"configDoc":"The frequency that the driver will attempt to determine the current state of each server in the cluster.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"heartbeat-frequency","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".read-concern","additionalKeys":[],"configDoc":"Configures the read concern. Supported values are: `local++|++majority++|++linearizable++|++snapshot++|++available`","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"read-concern","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".read-preference","additionalKeys":[],"configDoc":"Configures the read preference. Supported values are: `primary++|++primaryPreferred++|++secondary++|++secondaryPreferred++|++nearest`","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"read-preference","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".health.database","additionalKeys":[],"configDoc":"The database used during the readiness health checks","withinAMap":true,"defaultValue":"admin","javaDocSiteLink":"","docMapKey":"health-database","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.dns.server-host","additionalKeys":[],"configDoc":"This property configures the DNS server. If the server is not set, it tries to read the first `nameserver` from `/etc /resolv.conf` (if the file exists), otherwise fallback to the default.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"dns-server","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.mongodb.dns.server-port","additionalKeys":[],"configDoc":"This property configures the DNS server port.","withinAMap":false,"defaultValue":"53","javaDocSiteLink":"","docMapKey":"dns-server-port","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.dns.lookup-timeout","additionalKeys":[],"configDoc":"If `native.dns.use-vertx-dns-resolver` is set to `true`, this property configures the DNS lookup timeout duration.","withinAMap":false,"defaultValue":"5S","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"dns-lookup-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.mongodb.dns.log-activity","additionalKeys":[],"configDoc":"This property enables the logging ot the DNS lookup. It can be useful to understand why the lookup fails.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"dns-lookup-log-activity","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.mongodb","enum":false}}] \ No newline at end of file +[{"configDocKey":{"type":"string","key":"quarkus.mongodb.connection-string","additionalKeys":[],"configDoc":"Configures the connection string. The format is: `mongodb://++[++username:password@++]++host1++[++:port1++][++,host2++[++:port2++]++,...++[++,hostN++[++:portN++]]][++/++[++database.collection++][++?options++]]++`\n\n`mongodb://` is a required prefix to identify that this is a string in the standard connection format.\n\n`username:password@` are optional. If given, the driver will attempt to log in to a database after connecting to a database server. For some authentication mechanisms, only the username is specified and the password is not, in which case the \":\" after the username is left off as well.\n\n`host1` is the only required part of the connection string. It identifies a server address to connect to.\n\n`:portX` is optional and defaults to :27017 if not provided.\n\n`/database` is the name of the database to log in to and thus is only relevant if the `username:password@` syntax is used. If not specified the `admin` database will be used by default.\n\n`?options` are connection options. Note that if `database` is absent there is still a `/` required between the last host and the `?` introducing the options. Options are name=value pairs and the pairs are separated by \"&\".\n\nAn alternative format, using the `mongodb{plus}srv` protocol, is:\n\n```\nmongodb+srv://[username:password@]host[/[database][?options]]\n```\n\n\n\n - `mongodb{plus}srv://` is a required prefix for this format.\n - `username:password@` are optional. If given, the driver will attempt to login to a database after connecting to a database server. For some authentication mechanisms, only the username is specified and the password is not, in which case the \":\" after the username is left off as well\n - `host` is the only required part of the URI. It identifies a single host name for which SRV records are looked up from a Domain Name Server after prefixing the host name with `\"_mongodb._tcp\"`. The host/port for each SRV record becomes the seed list used to connect, as if each one were provided as host/port pair in a URI using the normal mongodb protocol.\n - `/database` is the name of the database to login to and thus is only relevant if the `username:password@` syntax is used. If not specified the \"admin\" database will be used by default.\n - `?options` are connection options. Note that if `database` is absent there is still a `/` required between the last host and the `?` introducing the options. Options are name=value pairs and the pairs are separated by \"&\". Additionally with the mongodb{plus}srv protocol, TXT records are looked up from a Domain Name Server for the given host, and the text value of each one is prepended to any options on the URI itself. Because the last specified value for any option wins, that means that options provided on the URI will override any that are provided via TXT records.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"connection-string","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.hosts","additionalKeys":[],"configDoc":"Configures the MongoDB server addressed (one if single mode). The addresses are passed as `host:port`.","withinAMap":false,"defaultValue":"127.0.0.1:27017","javaDocSiteLink":"","docMapKey":"hosts","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.database","additionalKeys":[],"configDoc":"Configure the database name.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"database","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.application-name","additionalKeys":[],"configDoc":"Configures the application name.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"application-name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.mongodb.max-pool-size","additionalKeys":[],"configDoc":"Configures the maximum number of connections in the connection pool.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"max-pool-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.mongodb.min-pool-size","additionalKeys":[],"configDoc":"Configures the minimum number of connections in the connection pool.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"min-pool-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.max-connection-idle-time","additionalKeys":[],"configDoc":"Maximum idle time of a pooled connection. A connection that exceeds this limit will be closed.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"max-connection-idle-time","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.max-connection-life-time","additionalKeys":[],"configDoc":"Maximum lifetime of a pooled connection. A connection that exceeds this limit will be closed.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"max-connection-life-time","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.maintenance-frequency","additionalKeys":[],"configDoc":"Configures the time period between runs of the maintenance job.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"maintenance-frequency","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.maintenance-initial-delay","additionalKeys":[],"configDoc":"Configures period of time to wait before running the first maintenance job on the connection pool.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"maintenance-initial-delay","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.connect-timeout","additionalKeys":[],"configDoc":"How long a connection can take to be opened before timing out.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"connect-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.read-timeout","additionalKeys":[],"configDoc":"How long a socket read can take before timing out.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"read-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.mongodb.tls-insecure","additionalKeys":[],"configDoc":"If connecting with TLS, this option enables insecure TLS connections.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"tls-insecure","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.mongodb.tls","additionalKeys":[],"configDoc":"Whether to connect using TLS.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"tls","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.replica-set-name","additionalKeys":[],"configDoc":"Implies that the hosts given are a seed list, and the driver will attempt to find all members of the set.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"replica-set-name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.server-selection-timeout","additionalKeys":[],"configDoc":"How long the driver will wait for server selection to succeed before throwing an exception.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"server-selection-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.local-threshold","additionalKeys":[],"configDoc":"When choosing among multiple MongoDB servers to send a request, the driver will only send that request to a server whose ping time is less than or equal to the server with the fastest ping time plus the local threshold.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"local-threshold","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.heartbeat-frequency","additionalKeys":[],"configDoc":"The frequency that the driver will attempt to determine the current state of each server in the cluster.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"heartbeat-frequency","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocSection":{"name":"quarkus.mongodb.write-concern","optional":false,"withinAMap":false,"sectionDetails":"== Write concern","sectionDetailsTitle":"Write concern","configPhase":"RUN_TIME","topLevelGrouping":"quarkus.mongodb","configGroupType":"io.quarkus.mongodb.runtime.WriteConcernConfig","showSection":true,"configDocItems":[{"configDocKey":{"type":"boolean","key":"quarkus.mongodb.write-concern.safe","additionalKeys":[],"configDoc":"Configures the safety. If set to `true`: the driver ensures that all writes are acknowledged by the MongoDB server, or else throws an exception. (see also `w` and `wtimeoutMS`). If set fo\n - `false`: the driver does not ensure that all writes are acknowledged by the MongoDB server.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"safe","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.mongodb.write-concern.journal","additionalKeys":[],"configDoc":"Configures the journal writing aspect. If set to `true`: the driver waits for the server to group commit to the journal file on disk. If set to `false`: the driver does not wait for the server to group commit to the journal file on disk.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"journal","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.write-concern.w","additionalKeys":[],"configDoc":"When set, the driver adds `w: wValue` to all write commands. It requires `safe` to be `true`. The value is typically a number, but can also be the `majority` string.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"w","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.mongodb.write-concern.retry-writes","additionalKeys":[],"configDoc":"If set to `true`, the driver will retry supported write operations if they fail due to a network error.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"retry-writes","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.write-concern.w-timeout","additionalKeys":[],"configDoc":"When set, the driver adds `wtimeout : ms` to all write commands. It requires `safe` to be `true`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"w-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.mongodb.\"mongo-client-configs\".write-concern.safe","additionalKeys":[],"configDoc":"Configures the safety. If set to `true`: the driver ensures that all writes are acknowledged by the MongoDB server, or else throws an exception. (see also `w` and `wtimeoutMS`). If set fo\n - `false`: the driver does not ensure that all writes are acknowledged by the MongoDB server.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"safe","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.mongodb.\"mongo-client-configs\".write-concern.journal","additionalKeys":[],"configDoc":"Configures the journal writing aspect. If set to `true`: the driver waits for the server to group commit to the journal file on disk. If set to `false`: the driver does not wait for the server to group commit to the journal file on disk.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"journal","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".write-concern.w","additionalKeys":[],"configDoc":"When set, the driver adds `w: wValue` to all write commands. It requires `safe` to be `true`. The value is typically a number, but can also be the `majority` string.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"w","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.mongodb.\"mongo-client-configs\".write-concern.retry-writes","additionalKeys":[],"configDoc":"If set to `true`, the driver will retry supported write operations if they fail due to a network error.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"retry-writes","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.\"mongo-client-configs\".write-concern.w-timeout","additionalKeys":[],"configDoc":"When set, the driver adds `wtimeout : ms` to all write commands. It requires `safe` to be `true`.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"w-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}}],"anchorPrefix":null}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.read-concern","additionalKeys":[],"configDoc":"Configures the read concern. Supported values are: `local++|++majority++|++linearizable++|++snapshot++|++available`","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"read-concern","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.read-preference","additionalKeys":[],"configDoc":"Configures the read preference. Supported values are: `primary++|++primaryPreferred++|++secondary++|++secondaryPreferred++|++nearest`","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"read-preference","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocSection":{"name":"quarkus.mongodb.credentials","optional":false,"withinAMap":false,"sectionDetails":"== Credentials and authentication mechanism","sectionDetailsTitle":"Credentials and authentication mechanism","configPhase":"RUN_TIME","topLevelGrouping":"quarkus.mongodb","configGroupType":"io.quarkus.mongodb.runtime.CredentialConfig","showSection":true,"configDocItems":[{"configDocKey":{"type":"string","key":"quarkus.mongodb.credentials.username","additionalKeys":[],"configDoc":"Configures the username.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"username","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.credentials.password","additionalKeys":[],"configDoc":"Configures the password.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.credentials.auth-mechanism","additionalKeys":[],"configDoc":"Configures the authentication mechanism to use if a credential was supplied. The default is unspecified, in which case the client will pick the most secure mechanism available based on the sever version. For the GSSAPI and MONGODB-X509 mechanisms, no password is accepted, only the username. Supported values: null or `GSSAPI++|++PLAIN++|++MONGODB-X509++|++SCRAM_SHA_1++|++SCRAM_SHA_256++|++MONGODB_AWS`","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"auth-mechanism","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.credentials.auth-source","additionalKeys":[],"configDoc":"Configures the source of the authentication credentials. This is typically the database where the credentials have been created. The value defaults to the database specified in the path portion of the connection string or in the 'database' configuration property. If the database is specified in neither place, the default value is `admin`. This option is only respected when using the MONGO-CR mechanism (the default).","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"auth-source","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.mongodb.credentials.auth-mechanism-properties","additionalKeys":[],"configDoc":"Allows passing authentication mechanism properties.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"auth-mechanism-properties","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.credentials.credentials-provider","additionalKeys":[],"configDoc":"The credentials provider name","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"credentials-provider","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.credentials.credentials-provider-name","additionalKeys":[],"configDoc":"The credentials provider bean name.\n\nThis is a bean name (as in `@Named`) of a bean that implements `CredentialsProvider`. It is used to select the credentials provider bean when multiple exist. This is unnecessary when there is only one credentials provider available.\n\nFor Vault, the credentials provider bean name is `vault-credentials-provider`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"credentials-provider-name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".credentials.username","additionalKeys":[],"configDoc":"Configures the username.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"username","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".credentials.password","additionalKeys":[],"configDoc":"Configures the password.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".credentials.auth-mechanism","additionalKeys":[],"configDoc":"Configures the authentication mechanism to use if a credential was supplied. The default is unspecified, in which case the client will pick the most secure mechanism available based on the sever version. For the GSSAPI and MONGODB-X509 mechanisms, no password is accepted, only the username. Supported values: null or `GSSAPI++|++PLAIN++|++MONGODB-X509++|++SCRAM_SHA_1++|++SCRAM_SHA_256++|++MONGODB_AWS`","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"auth-mechanism","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".credentials.auth-source","additionalKeys":[],"configDoc":"Configures the source of the authentication credentials. This is typically the database where the credentials have been created. The value defaults to the database specified in the path portion of the connection string or in the 'database' configuration property. If the database is specified in neither place, the default value is `admin`. This option is only respected when using the MONGO-CR mechanism (the default).","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"auth-source","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.mongodb.\"mongo-client-configs\".credentials.auth-mechanism-properties","additionalKeys":[],"configDoc":"Allows passing authentication mechanism properties.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"auth-mechanism-properties","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".credentials.credentials-provider","additionalKeys":[],"configDoc":"The credentials provider name","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"credentials-provider","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".credentials.credentials-provider-name","additionalKeys":[],"configDoc":"The credentials provider bean name.\n\nThis is a bean name (as in `@Named`) of a bean that implements `CredentialsProvider`. It is used to select the credentials provider bean when multiple exist. This is unnecessary when there is only one credentials provider available.\n\nFor Vault, the credentials provider bean name is `vault-credentials-provider`.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"credentials-provider-name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}}],"anchorPrefix":null}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.health.database","additionalKeys":[],"configDoc":"The database used during the readiness health checks","withinAMap":false,"defaultValue":"admin","javaDocSiteLink":"","docMapKey":"health-database","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"org.bson.UuidRepresentation","key":"quarkus.mongodb.uuid-representation","additionalKeys":[],"configDoc":"Configures the UUID representation to use when encoding instances of `java.util.UUID` and when decoding BSON binary values with subtype of 3.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"uuid-representation","configPhase":"RUN_TIME","acceptedValues":["`unspecified`","`standard`","`c-sharp-legacy`","`java-legacy`","`python-legacy`"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":true}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".connection-string","additionalKeys":[],"configDoc":"Configures the connection string. The format is: `mongodb://++[++username:password@++]++host1++[++:port1++][++,host2++[++:port2++]++,...++[++,hostN++[++:portN++]]][++/++[++database.collection++][++?options++]]++`\n\n`mongodb://` is a required prefix to identify that this is a string in the standard connection format.\n\n`username:password@` are optional. If given, the driver will attempt to log in to a database after connecting to a database server. For some authentication mechanisms, only the username is specified and the password is not, in which case the \":\" after the username is left off as well.\n\n`host1` is the only required part of the connection string. It identifies a server address to connect to.\n\n`:portX` is optional and defaults to :27017 if not provided.\n\n`/database` is the name of the database to log in to and thus is only relevant if the `username:password@` syntax is used. If not specified the `admin` database will be used by default.\n\n`?options` are connection options. Note that if `database` is absent there is still a `/` required between the last host and the `?` introducing the options. Options are name=value pairs and the pairs are separated by \"&\".\n\nAn alternative format, using the `mongodb{plus}srv` protocol, is:\n\n```\nmongodb+srv://[username:password@]host[/[database][?options]]\n```\n\n\n\n - `mongodb{plus}srv://` is a required prefix for this format.\n - `username:password@` are optional. If given, the driver will attempt to login to a database after connecting to a database server. For some authentication mechanisms, only the username is specified and the password is not, in which case the \":\" after the username is left off as well\n - `host` is the only required part of the URI. It identifies a single host name for which SRV records are looked up from a Domain Name Server after prefixing the host name with `\"_mongodb._tcp\"`. The host/port for each SRV record becomes the seed list used to connect, as if each one were provided as host/port pair in a URI using the normal mongodb protocol.\n - `/database` is the name of the database to login to and thus is only relevant if the `username:password@` syntax is used. If not specified the \"admin\" database will be used by default.\n - `?options` are connection options. Note that if `database` is absent there is still a `/` required between the last host and the `?` introducing the options. Options are name=value pairs and the pairs are separated by \"&\". Additionally with the mongodb{plus}srv protocol, TXT records are looked up from a Domain Name Server for the given host, and the text value of each one is prepended to any options on the URI itself. Because the last specified value for any option wins, that means that options provided on the URI will override any that are provided via TXT records.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"connection-string","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".hosts","additionalKeys":[],"configDoc":"Configures the MongoDB server addressed (one if single mode). The addresses are passed as `host:port`.","withinAMap":true,"defaultValue":"127.0.0.1:27017","javaDocSiteLink":"","docMapKey":"hosts","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".database","additionalKeys":[],"configDoc":"Configure the database name.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"database","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".application-name","additionalKeys":[],"configDoc":"Configures the application name.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"application-name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.mongodb.\"mongo-client-configs\".max-pool-size","additionalKeys":[],"configDoc":"Configures the maximum number of connections in the connection pool.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"max-pool-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.mongodb.\"mongo-client-configs\".min-pool-size","additionalKeys":[],"configDoc":"Configures the minimum number of connections in the connection pool.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"min-pool-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.\"mongo-client-configs\".max-connection-idle-time","additionalKeys":[],"configDoc":"Maximum idle time of a pooled connection. A connection that exceeds this limit will be closed.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"max-connection-idle-time","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.\"mongo-client-configs\".max-connection-life-time","additionalKeys":[],"configDoc":"Maximum lifetime of a pooled connection. A connection that exceeds this limit will be closed.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"max-connection-life-time","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.\"mongo-client-configs\".maintenance-frequency","additionalKeys":[],"configDoc":"Configures the time period between runs of the maintenance job.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"maintenance-frequency","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.\"mongo-client-configs\".maintenance-initial-delay","additionalKeys":[],"configDoc":"Configures period of time to wait before running the first maintenance job on the connection pool.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"maintenance-initial-delay","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.\"mongo-client-configs\".connect-timeout","additionalKeys":[],"configDoc":"How long a connection can take to be opened before timing out.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"connect-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.\"mongo-client-configs\".read-timeout","additionalKeys":[],"configDoc":"How long a socket read can take before timing out.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"read-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.mongodb.\"mongo-client-configs\".tls-insecure","additionalKeys":[],"configDoc":"If connecting with TLS, this option enables insecure TLS connections.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"tls-insecure","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.mongodb.\"mongo-client-configs\".tls","additionalKeys":[],"configDoc":"Whether to connect using TLS.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"tls","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".replica-set-name","additionalKeys":[],"configDoc":"Implies that the hosts given are a seed list, and the driver will attempt to find all members of the set.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"replica-set-name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.\"mongo-client-configs\".server-selection-timeout","additionalKeys":[],"configDoc":"How long the driver will wait for server selection to succeed before throwing an exception.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"server-selection-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.\"mongo-client-configs\".local-threshold","additionalKeys":[],"configDoc":"When choosing among multiple MongoDB servers to send a request, the driver will only send that request to a server whose ping time is less than or equal to the server with the fastest ping time plus the local threshold.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"local-threshold","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.\"mongo-client-configs\".heartbeat-frequency","additionalKeys":[],"configDoc":"The frequency that the driver will attempt to determine the current state of each server in the cluster.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"heartbeat-frequency","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".read-concern","additionalKeys":[],"configDoc":"Configures the read concern. Supported values are: `local++|++majority++|++linearizable++|++snapshot++|++available`","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"read-concern","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".read-preference","additionalKeys":[],"configDoc":"Configures the read preference. Supported values are: `primary++|++primaryPreferred++|++secondary++|++secondaryPreferred++|++nearest`","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"read-preference","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.\"mongo-client-configs\".health.database","additionalKeys":[],"configDoc":"The database used during the readiness health checks","withinAMap":true,"defaultValue":"admin","javaDocSiteLink":"","docMapKey":"health-database","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"org.bson.UuidRepresentation","key":"quarkus.mongodb.\"mongo-client-configs\".uuid-representation","additionalKeys":[],"configDoc":"Configures the UUID representation to use when encoding instances of `java.util.UUID` and when decoding BSON binary values with subtype of 3.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"uuid-representation","configPhase":"RUN_TIME","acceptedValues":["`unspecified`","`standard`","`c-sharp-legacy`","`java-legacy`","`python-legacy`"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.mongodb","enum":true}},{"configDocKey":{"type":"string","key":"quarkus.mongodb.dns.server-host","additionalKeys":[],"configDoc":"This property configures the DNS server. If the server is not set, it tries to read the first `nameserver` from `/etc /resolv.conf` (if the file exists), otherwise fallback to the default.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"dns-server","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.mongodb.dns.server-port","additionalKeys":[],"configDoc":"This property configures the DNS server port.","withinAMap":false,"defaultValue":"53","javaDocSiteLink":"","docMapKey":"dns-server-port","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.mongodb.dns.lookup-timeout","additionalKeys":[],"configDoc":"If `native.dns.use-vertx-dns-resolver` is set to `true`, this property configures the DNS lookup timeout duration.","withinAMap":false,"defaultValue":"5S","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"dns-lookup-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.mongodb","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.mongodb.dns.log-activity","additionalKeys":[],"configDoc":"This property enables the logging ot the DNS lookup. It can be useful to understand why the lookup fails.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"dns-lookup-log-activity","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.mongodb","enum":false}}] \ No newline at end of file diff --git a/_generated-doc/main/config/all-configuration-roots-generated-doc/io.quarkus.oidc.runtime.OidcConfig b/_generated-doc/main/config/all-configuration-roots-generated-doc/io.quarkus.oidc.runtime.OidcConfig index 7b5d88fecc..e5f81f7b12 100644 --- a/_generated-doc/main/config/all-configuration-roots-generated-doc/io.quarkus.oidc.runtime.OidcConfig +++ b/_generated-doc/main/config/all-configuration-roots-generated-doc/io.quarkus.oidc.runtime.OidcConfig @@ -1 +1 @@ -[{"configDocKey":{"type":"string","key":"quarkus.oidc.auth-server-url","additionalKeys":[],"configDoc":"The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. OIDC discovery endpoint will be called by default by appending a '.well-known/openid-configuration' path to this URL. Note if you work with Keycloak OIDC server, make sure the base URL is in the following format: `https://host:port/realms/++{++realm++}++` where `++{++realm++}++` has to be replaced by the name of the Keycloak realm.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"auth-server-url","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.discovery-enabled","additionalKeys":[],"configDoc":"Enables OIDC discovery. If the discovery is disabled then the OIDC endpoint URLs must be configured individually.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"discovery-enabled","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.token-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC token endpoint which issues access and refresh tokens.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"token-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.revoke-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC token revocation endpoint.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"revoke-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.client-id","additionalKeys":[],"configDoc":"The client-id of the application. Each application has a client-id that is used to identify the application","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"client-id","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.connection-delay","additionalKeys":[],"configDoc":"The maximum amount of time connecting to the currently unavailable OIDC server will be attempted for. The number of times the connection request will be repeated is calculated by dividing the value of this property by 2. For example, setting it to `20S` will allow for requesting the connection up to 10 times with a 2 seconds delay between the retries. Note this property is only effective when the initial OIDC connection is created, for example, when requesting a well-known OIDC configuration. Use the 'connection-retry-count' property to support trying to re-establish an already available connection which may have been dropped.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"connection-delay","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.oidc.connection-retry-count","additionalKeys":[],"configDoc":"The number of times an attempt to re-establish an already available connection will be repeated for. Note this property is different to the `connection-delay` property which is only effective during the initial OIDC connection creation. This property is used to try to recover the existing connection which may have been temporarily lost. For example, if a request to the OIDC token endpoint fails due to a connection exception then the request will be retried for a number of times configured by this property.","withinAMap":false,"defaultValue":"3","javaDocSiteLink":"","docMapKey":"connection-retry-count","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.connection-timeout","additionalKeys":[],"configDoc":"The amount of time after which the current OIDC connection request will time out.","withinAMap":false,"defaultValue":"10S","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"connection-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.oidc.max-pool-size","additionalKeys":[],"configDoc":"The maximum size of the connection pool used by the WebClient","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"max-pool-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.secret","additionalKeys":[],"configDoc":"Client secret which is used for a `client_secret_basic` authentication method. Note that a 'client-secret.value' can be used instead but both properties are mutually exclusive.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"secret","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.client-secret.value","additionalKeys":[],"configDoc":"The client secret value - it will be ignored if 'secret.key' is set","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"value","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.client-secret.provider.name","additionalKeys":[],"configDoc":"The CredentialsProvider name which should only be set if more than one CredentialsProvider is registered","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.client-secret.provider.key","additionalKeys":[],"configDoc":"The CredentialsProvider client secret key","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.common.runtime.OidcCommonConfig.Credentials.Secret.Method","key":"quarkus.oidc.credentials.client-secret.method","additionalKeys":[],"configDoc":"Authentication method.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"method","configPhase":"RUN_TIME","acceptedValues":["tooltip:basic[client_secret_basic (default): client id and secret are submitted with the HTTP Authorization Basic scheme]","tooltip:post[client_secret_post: client id and secret are submitted as the 'client_id' and 'client_secret' form parameters.]","tooltip:post-jwt[client_secret_jwt: client id and generated JWT secret are submitted as the 'client_id' and 'client_secret' form parameters.]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.secret","additionalKeys":[],"configDoc":"If provided, indicates that JWT is signed using a secret key","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"secret","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.secret-provider.name","additionalKeys":[],"configDoc":"The CredentialsProvider name which should only be set if more than one CredentialsProvider is registered","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.secret-provider.key","additionalKeys":[],"configDoc":"The CredentialsProvider client secret key","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.key-file","additionalKeys":[],"configDoc":"If provided, indicates that JWT is signed using a private key in PEM or JWK format. You can use the `signature-algorithm` property to specify the key algorithm.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-file","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.key-store-file","additionalKeys":[],"configDoc":"If provided, indicates that JWT is signed using a private key from a key store","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-file","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.key-store-password","additionalKeys":[],"configDoc":"A parameter to specify the password of the key store file.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.key-id","additionalKeys":[],"configDoc":"The private key id/alias","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-id","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.key-password","additionalKeys":[],"configDoc":"The private key password","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.audience","additionalKeys":[],"configDoc":"JWT audience ('aud') claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"audience","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.token-key-id","additionalKeys":[],"configDoc":"Key identifier of the signing key added as a JWT 'kid' header","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"token-key-id","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.issuer","additionalKeys":[],"configDoc":"Issuer of the signing key added as a JWT 'iss' claim (default: client id)","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"issuer","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.subject","additionalKeys":[],"configDoc":"Subject of the signing key added as a JWT 'sub' claim (default: client id)","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"subject","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.oidc.credentials.jwt.claims","additionalKeys":[],"configDoc":"Additional claims.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"claims","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.signature-algorithm","additionalKeys":[],"configDoc":"Signature algorithm, also used for the `key-file` property. Supported values: RS256, RS384, RS512, PS256, PS384, PS512, ES256, ES384, ES512, HS256, HS384, HS512.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"signature-algorithm","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.oidc.credentials.jwt.lifespan","additionalKeys":[],"configDoc":"JWT life-span in seconds. It will be added to the time it was issued at to calculate the expiration time.","withinAMap":false,"defaultValue":"10","javaDocSiteLink":"","docMapKey":"lifespan","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.proxy.host","additionalKeys":[],"configDoc":"The host (name or IP address) of the Proxy. +\nNote: If OIDC adapter needs to use a Proxy to talk with OIDC server (Provider), then at least the \"host\" config item must be configured to enable the usage of a Proxy.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"host","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.oidc.proxy.port","additionalKeys":[],"configDoc":"The port number of the Proxy. Default value is 80.","withinAMap":false,"defaultValue":"80","javaDocSiteLink":"","docMapKey":"port","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.proxy.username","additionalKeys":[],"configDoc":"The username, if Proxy needs authentication.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"username","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.proxy.password","additionalKeys":[],"configDoc":"The password, if Proxy needs authentication.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.common.runtime.OidcCommonConfig.Tls.Verification","key":"quarkus.oidc.tls.verification","additionalKeys":[],"configDoc":"Certificate validation and hostname verification, which can be one of the following values from enum `Verification`. Default is required.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"verification","configPhase":"RUN_TIME","acceptedValues":["tooltip:required[Certificates are validated and hostname verification is enabled. This is the default value.]","tooltip:certificate-validation[Certificates are validated but hostname verification is disabled.]","tooltip:none[All certificated are trusted and hostname verification is disabled.]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"path","key":"quarkus.oidc.tls.key-store-file","additionalKeys":[],"configDoc":"An optional key store which holds the certificate information instead of specifying separate files.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-file","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.tls.key-store-file-type","additionalKeys":[],"configDoc":"An optional parameter to specify type of the key store file. If not given, the type is automatically detected based on the file name.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-file-type","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.tls.key-store-provider","additionalKeys":[],"configDoc":"An optional parameter to specify a provider of the key store file. If not given, the provider is automatically detected based on the key store file type.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-provider","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.tls.key-store-password","additionalKeys":[],"configDoc":"A parameter to specify the password of the key store file. If not given, the default (\"password\") is used.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.tls.key-store-key-alias","additionalKeys":[],"configDoc":"An optional parameter to select a specific key in the key store. When SNI is disabled, if the key store contains multiple keys and no alias is specified, the behavior is undefined.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-key-alias","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.tls.key-store-key-password","additionalKeys":[],"configDoc":"An optional parameter to define the password for the key, in case it's different from `key-store-password`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-key-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"path","key":"quarkus.oidc.tls.trust-store-file","additionalKeys":[],"configDoc":"An optional trust store which holds the certificate information of the certificates to trust","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-file","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.tls.trust-store-password","additionalKeys":[],"configDoc":"A parameter to specify the password of the trust store file.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.tls.trust-store-cert-alias","additionalKeys":[],"configDoc":"A parameter to specify the alias of the trust store certificate.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-cert-alias","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.tls.trust-store-file-type","additionalKeys":[],"configDoc":"An optional parameter to specify type of the trust store file. If not given, the type is automatically detected based on the file name.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-file-type","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.tls.trust-store-provider","additionalKeys":[],"configDoc":"An optional parameter to specify a provider of the trust store file. If not given, the provider is automatically detected based on the trust store file type.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-provider","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.tenant-id","additionalKeys":[],"configDoc":"A unique tenant identifier. It must be set by `TenantConfigResolver` providers which resolve the tenant configuration dynamically and is optional in all other cases.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"tenant-id","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.tenant-enabled","additionalKeys":[],"configDoc":"If this tenant configuration is enabled. Note that the default tenant will be disabled if it is not configured but either `TenantConfigResolver` which will resolve tenant configurations is registered or named tenants are configured. You do not have to disable the default tenant in this case.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"tenant-enabled","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.ApplicationType","key":"quarkus.oidc.application-type","additionalKeys":[],"configDoc":"The application type, which can be one of the following values from enum `ApplicationType`.","withinAMap":false,"defaultValue":"service","javaDocSiteLink":"","docMapKey":"application-type","configPhase":"RUN_TIME","acceptedValues":["tooltip:web-app[A `WEB_APP` is a client that serves pages, usually a frontend application. For this type of client the Authorization Code Flow is defined as the preferred method for authenticating users.]","tooltip:service[A `SERVICE` is a client that has a set of protected HTTP resources, usually a backend application following the RESTful Architectural Design. For this type of client, the Bearer Authorization method is defined as the preferred method for authenticating and authorizing users.]","tooltip:hybrid[A combined `SERVICE` and `WEB_APP` client. For this type of client, the Bearer Authorization method will be used if the Authorization header is set and Authorization Code Flow - if not.]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"string","key":"quarkus.oidc.authorization-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC authorization endpoint which authenticates the users. This property must be set for the 'web-app' applications if OIDC discovery is disabled. This property will be ignored if the discovery is enabled.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"authorization-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.user-info-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC userinfo endpoint. This property must only be set for the 'web-app' applications if OIDC discovery is disabled and 'authentication.user-info-required' property is enabled. This property will be ignored if the discovery is enabled.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"user-info-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.introspection-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC RFC7662 introspection endpoint which can introspect both opaque and JWT tokens. This property must be set if OIDC discovery is disabled and 1) the opaque bearer access tokens have to be verified or 2) JWT tokens have to be verified while the cached JWK verification set with no matching JWK is being refreshed. This property will be ignored if the discovery is enabled.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"introspection-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.jwks-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC JWKS endpoint which returns a JSON Web Key Verification Set. This property should be set if OIDC discovery is disabled and the local JWT verification is required. This property will be ignored if the discovery is enabled.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"jwks-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.end-session-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC end_session_endpoint. This property must be set if OIDC discovery is disabled and RP Initiated Logout support for the 'web-app' applications is required. This property will be ignored if the discovery is enabled.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"end-session-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.public-key","additionalKeys":[],"configDoc":"Public key for the local JWT token verification. OIDC server connection will not be created when this property is set.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"public-key","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.introspection-credentials.name","additionalKeys":[],"configDoc":"Name","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.introspection-credentials.secret","additionalKeys":[],"configDoc":"Secret","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"secret","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.introspection-credentials.include-client-id","additionalKeys":[],"configDoc":"Include OpenId Connect Client ID configured with 'quarkus.oidc.client-id'","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"include-client-id","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.roles.role-claim-path","additionalKeys":[],"configDoc":"List of paths to claims containing an array of groups. Each path starts from the top level JWT JSON object and can contain multiple segments where each segment represents a JSON object name only, example: \"realm/groups\". Use double quotes with the namespace qualified claim names. This property can be used if a token has no 'groups' claim but has the groups set in one or more different claims.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"role-claim-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.roles.role-claim-separator","additionalKeys":[],"configDoc":"Separator for splitting a string which may contain multiple group values. It will only be used if the \"role-claim-path\" property points to one or more custom claims whose values are strings. A single space will be used by default because the standard 'scope' claim may contain a space separated sequence.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"role-claim-separator","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.Roles.Source","key":"quarkus.oidc.roles.source","additionalKeys":[],"configDoc":"Source of the principal roles.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"source","configPhase":"RUN_TIME","acceptedValues":["tooltip:idtoken[ID Token - the default value for the 'web-app' applications.]","tooltip:accesstoken[Access Token - the default value for the 'service' applications; can also be used as the source of roles for the 'web-app' applications.]","tooltip:userinfo[User Info]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"string","key":"quarkus.oidc.token.issuer","additionalKeys":[],"configDoc":"Expected issuer 'iss' claim value. Note this property overrides the `issuer` property which may be set in OpenId Connect provider's well-known configuration. If the `iss` claim value varies depending on the host/IP address or tenant id of the provider then you may skip the issuer verification by setting this property to 'any' but it should be done only when other options (such as configuring the provider to use the fixed `iss` claim value) are not possible.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"issuer","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.token.audience","additionalKeys":[],"configDoc":"Expected audience 'aud' claim value which may be a string or an array of strings. Note the audience claim will be verified for ID tokens by default. ID token audience must be equal to the value of `quarkus.oidc.client-id` property. Use this property to override the expected value if your OpenID Connect provider sets a different audience claim value in ID tokens. Set it to `any` if your provider does not set ID token audience` claim. Audience verification for access tokens will only be done if this property is configured.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"audience","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.token.subject-required","additionalKeys":[],"configDoc":"Require that the token includes a `sub` (subject) claim which is a unique and never reassigned identifier for the current user. Note that if you enable this property and if UserInfo is also required then both the token and UserInfo `sub` claims must be present and match each other.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"subject-required","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.oidc.token.required-claims","additionalKeys":[],"configDoc":"A map of required claims and their expected values. For example, `quarkus.oidc.token.required-claims.org_id = org_xyz` would require tokens to have the `org_id` claim to be present and set to `org_xyz`. Strings are the only supported types. Use `SecurityIdentityAugmentor` to verify claims of other types or complex claims.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"claim-name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.token.token-type","additionalKeys":[],"configDoc":"Expected token type","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"token-type","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.oidc.token.lifespan-grace","additionalKeys":[],"configDoc":"Life span grace period in seconds. When checking token expiry, current time is allowed to be later than token expiration time by at most the configured number of seconds. When checking token issuance, current time is allowed to be sooner than token issue time by at most the configured number of seconds.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"lifespan-grace","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.token.age","additionalKeys":[],"configDoc":"Token age. It allows for the number of seconds to be specified that must not elapse since the `iat` (issued at) time. A small leeway to account for clock skew which can be configured with 'quarkus.oidc.token.lifespan-grace' to verify the token expiry time can also be used to verify the token age property. Note that setting this property does not relax the requirement that Bearer and Code Flow JWT tokens must have a valid ('exp') expiry claim value. The only exception where setting this property relaxes the requirement is when a logout token is sent with a back-channel logout request since the current OpenId Connect Back-Channel specification does not explicitly require the logout tokens to contain an 'exp' claim. However, even if the current logout token is allowed to have no 'exp' claim, the `exp` claim will be still verified if the logout token contains it.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"age","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.token.principal-claim","additionalKeys":[],"configDoc":"Name of the claim which contains a principal name. By default, the 'upn', 'preferred_username' and `sub` claims are checked.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"principal-claim","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.token.refresh-expired","additionalKeys":[],"configDoc":"Refresh expired authorization code flow ID or access tokens. If this property is enabled then a refresh token request will be performed if the authorization code ID or access token has expired and, if successful, the local session will be updated with the new set of tokens. Otherwise, the local session will be invalidated and the user redirected to the OpenID Provider to re-authenticate. In this case the user may not be challenged again if the OIDC provider session is still active. For this option be effective the `authentication.session-age-extension` property should also be set to a non-zero value since the refresh token is currently kept in the user session. This option is valid only when the application is of type `ApplicationType++#++WEB_APP`++}++. This property will be enabled if `quarkus.oidc.token.refresh-token-time-skew` is configured, you do not have to enable this property manually in this case.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"refresh-expired","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.token.refresh-token-time-skew","additionalKeys":[],"configDoc":"Refresh token time skew in seconds. If this property is enabled then the configured number of seconds is added to the current time when checking if the authorization code ID or access token should be refreshed. If the sum is greater than the authorization code ID or access token's expiration time then a refresh is going to happen.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"refresh-token-time-skew","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.token.forced-jwk-refresh-interval","additionalKeys":[],"configDoc":"Forced JWK set refresh interval in minutes.","withinAMap":false,"defaultValue":"10M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"forced-jwk-refresh-interval","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.token.header","additionalKeys":[],"configDoc":"Custom HTTP header that contains a bearer token. This option is valid only when the application is of type `ApplicationType++#++SERVICE`++}++.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"header","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.SignatureAlgorithm","key":"quarkus.oidc.token.signature-algorithm","additionalKeys":[],"configDoc":"Required signature algorithm. OIDC providers support many signature algorithms but if necessary you can restrict Quarkus application to accept tokens signed only using an algorithm configured with this property.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"signature-algorithm","configPhase":"RUN_TIME","acceptedValues":["`rs256`","`rs384`","`rs512`","`ps256`","`ps384`","`ps512`","`es256`","`es384`","`es512`","`eddsa`"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"string","key":"quarkus.oidc.token.decryption-key-location","additionalKeys":[],"configDoc":"Decryption key location. JWT tokens can be inner-signed and encrypted by OpenId Connect providers. However, it is not always possible to remotely introspect such tokens because the providers may not control the private decryption keys. In such cases set this property to point to the file containing the decryption private key in PEM or JSON Web Key (JWK) format. Note that if a 'private_key_jwt' client authentication method is used then the private key which is used to sign client authentication JWT tokens will be used to try to decrypt an encrypted ID token if this property is not set.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"decryption-key-location","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.token.allow-jwt-introspection","additionalKeys":[],"configDoc":"Allow the remote introspection of JWT tokens when no matching JWK key is available. Note this property is set to 'true' by default for backward-compatibility reasons and will be set to `false` instead in one of the next releases. Also note this property will be ignored if JWK endpoint URI is not available and introspecting the tokens is the only verification option.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-jwt-introspection","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.token.require-jwt-introspection-only","additionalKeys":[],"configDoc":"Require that JWT tokens are only introspected remotely.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"require-jwt-introspection-only","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.token.allow-opaque-token-introspection","additionalKeys":[],"configDoc":"Allow the remote introspection of the opaque tokens. Set this property to 'false' if only JWT tokens are expected.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-opaque-token-introspection","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.token.customizer-name","additionalKeys":[],"configDoc":"Token customizer name. Allows to select a tenant specific token customizer as a named bean. Prefer using `TenantFeature` qualifier when registering custom `TokenCustomizer`. Use this property only to refer to `TokenCustomizer` implementations provided by this extension.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"customizer-name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.token.verify-access-token-with-user-info","additionalKeys":[],"configDoc":"Indirectly verify that the opaque (binary) access token is valid by using it to request UserInfo. Opaque access token is considered valid if the provider accepted this token and returned a valid UserInfo. You should only enable this option if the opaque access tokens have to be accepted but OpenId Connect provider does not have a token introspection endpoint. This property will have no effect when JWT tokens have to be verified.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"verify-access-token-with-user-info","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.logout.path","additionalKeys":[],"configDoc":"The relative path of the logout endpoint at the application. If provided, the application is able to initiate the logout through this endpoint in conformance with the OpenID Connect RP-Initiated Logout specification.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.logout.post-logout-path","additionalKeys":[],"configDoc":"Relative path of the application endpoint where the user should be redirected to after logging out from the OpenID Connect Provider. This endpoint URI must be properly registered at the OpenID Connect Provider as a valid redirect URI.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"post-logout-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.logout.post-logout-uri-param","additionalKeys":[],"configDoc":"Name of the post logout URI parameter which will be added as a query parameter to the logout redirect URI.","withinAMap":false,"defaultValue":"post_logout_redirect_uri","javaDocSiteLink":"","docMapKey":"post-logout-uri-param","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.oidc.logout.extra-params","additionalKeys":[],"configDoc":"Additional properties which will be added as the query parameters to the logout redirect URI.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"extra-params","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.logout.backchannel.path","additionalKeys":[],"configDoc":"The relative path of the Back-Channel Logout endpoint at the application.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.oidc.logout.backchannel.token-cache-size","additionalKeys":[],"configDoc":"Maximum number of logout tokens that can be cached before they are matched against ID tokens stored in session cookies.","withinAMap":false,"defaultValue":"10","javaDocSiteLink":"","docMapKey":"token-cache-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.logout.backchannel.token-cache-time-to-live","additionalKeys":[],"configDoc":"Number of minutes a logout token can be cached for.","withinAMap":false,"defaultValue":"10M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"token-cache-time-to-live","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.logout.backchannel.clean-up-timer-interval","additionalKeys":[],"configDoc":"Token cache timer interval. If this property is set then a timer will check and remove the stale entries periodically.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"clean-up-timer-interval","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.logout.backchannel.logout-token-key","additionalKeys":[],"configDoc":"Logout token claim whose value will be used as a key for caching the tokens. Only `sub` (subject) and `sid` (session id) claims can be used as keys. Set it to `sid` only if ID tokens issued by the OIDC provider have no `sub` but have `sid` claim.","withinAMap":false,"defaultValue":"sub","javaDocSiteLink":"","docMapKey":"logout-token-key","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.logout.frontchannel.path","additionalKeys":[],"configDoc":"The relative path of the Front-Channel Logout endpoint at the application.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.Authentication.ResponseMode","key":"quarkus.oidc.authentication.response-mode","additionalKeys":[],"configDoc":"Authorization code flow response mode","withinAMap":false,"defaultValue":"query","javaDocSiteLink":"","docMapKey":"response-mode","configPhase":"RUN_TIME","acceptedValues":["tooltip:query[Authorization response parameters are encoded in the query string added to the redirect_uri]","tooltip:form-post[Authorization response parameters are encoded as HTML form values that are auto-submitted in the browser and transmitted via the HTTP POST method using the application/x-www-form-urlencoded content type]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"string","key":"quarkus.oidc.authentication.redirect-path","additionalKeys":[],"configDoc":"Relative path for calculating a \"redirect_uri\" query parameter. It has to start from a forward slash and will be appended to the request URI's host and port. For example, if the current request URI is 'https://localhost:8080/service' then a 'redirect_uri' parameter will be set to 'https://localhost:8080/' if this property is set to '/' and be the same as the request URI if this property has not been configured. Note the original request URI will be restored after the user has authenticated if 'restorePathAfterRedirect' is set to 'true'.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"redirect-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.authentication.restore-path-after-redirect","additionalKeys":[],"configDoc":"If this property is set to 'true' then the original request URI which was used before the authentication will be restored after the user has been redirected back to the application. Note if `redirectPath` property is not set, the original request URI will be restored even if this property is disabled.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"restore-path-after-redirect","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.authentication.remove-redirect-parameters","additionalKeys":[],"configDoc":"Remove the query parameters such as 'code' and 'state' set by the OIDC server on the redirect URI after the user has authenticated by redirecting a user to the same URI but without the query parameters.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"remove-redirect-parameters","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.authentication.error-path","additionalKeys":[],"configDoc":"Relative path to the public endpoint which will process the error response from the OIDC authorization endpoint. If the user authentication has failed then the OIDC provider will return an 'error' and an optional 'error_description' parameters, instead of the expected authorization 'code'. If this property is set then the user will be redirected to the endpoint which can return a user-friendly error description page. It has to start from a forward slash and will be appended to the request URI's host and port. For example, if it is set as '/error' and the current request URI is 'https://localhost:8080/callback?error=invalid_scope' then a redirect will be made to 'https://localhost:8080/error?error=invalid_scope'. If this property is not set then HTTP 401 status will be returned in case of the user authentication failure.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"error-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.authentication.verify-access-token","additionalKeys":[],"configDoc":"Both ID and access tokens are fetched from the OIDC provider as part of the authorization code flow. ID token is always verified on every user request as the primary token which is used to represent the principal and extract the roles. Access token is not verified by default since it is meant to be propagated to the downstream services. The verification of the access token should be enabled if it is injected as a JWT token. Access tokens obtained as part of the code flow will always be verified if `quarkus.oidc.roles.source` property is set to `accesstoken` which means the authorization decision will be based on the roles extracted from the access token. Bearer access tokens are always verified.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"verify-access-token","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.authentication.force-redirect-https-scheme","additionalKeys":[],"configDoc":"Force 'https' as the 'redirect_uri' parameter scheme when running behind an SSL terminating reverse proxy. This property, if enabled, will also affect the logout `post_logout_redirect_uri` and the local redirect requests.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"force-redirect-https-scheme","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.authentication.scopes","additionalKeys":[],"configDoc":"List of scopes","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"scopes","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.authentication.nonce-required","additionalKeys":[],"configDoc":"Require that ID token includes a `nonce` claim which must match `nonce` authentication request query parameter. Enabling this property can help mitigate replay attacks. Do not enable this property if your OpenId Connect provider does not support setting `nonce` in ID token or if you work with OAuth2 provider such as `GitHub` which does not issue ID tokens.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"nonce-required","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.authentication.add-openid-scope","additionalKeys":[],"configDoc":"Add the 'openid' scope automatically to the list of scopes. This is required for OpenId Connect providers but will not work for OAuth2 providers such as Twitter OAuth2 which does not accept that scope and throws an error.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"add-openid-scope","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.oidc.authentication.extra-params","additionalKeys":[],"configDoc":"Additional properties which will be added as the query parameters to the authentication redirect URI.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"extra-params","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.authentication.forward-params","additionalKeys":[],"configDoc":"Request URL query parameters which, if present, will be added to the authentication redirect URI.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"forward-params","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.authentication.cookie-force-secure","additionalKeys":[],"configDoc":"If enabled the state, session and post logout cookies will have their 'secure' parameter set to 'true' when HTTP is used. It may be necessary when running behind an SSL terminating reverse proxy. The cookies will always be secure if HTTPS is used even if this property is set to false.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"cookie-force-secure","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.authentication.cookie-suffix","additionalKeys":[],"configDoc":"Cookie name suffix. For example, a session cookie name for the default OIDC tenant is 'q_session' but can be changed to 'q_session_test' if this property is set to 'test'.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"cookie-suffix","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.authentication.cookie-path","additionalKeys":[],"configDoc":"Cookie path parameter value which, if set, will be used to set a path parameter for the session, state and post logout cookies. The `cookie-path-header` property, if set, will be checked first.","withinAMap":false,"defaultValue":"/","javaDocSiteLink":"","docMapKey":"cookie-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.authentication.cookie-path-header","additionalKeys":[],"configDoc":"Cookie path header parameter value which, if set, identifies the incoming HTTP header whose value will be used to set a path parameter for the session, state and post logout cookies. If the header is missing then the `cookie-path` property will be checked.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"cookie-path-header","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.authentication.cookie-domain","additionalKeys":[],"configDoc":"Cookie domain parameter value which, if set, will be used for the session, state and post logout cookies.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"cookie-domain","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.Authentication.CookieSameSite","key":"quarkus.oidc.authentication.cookie-same-site","additionalKeys":[],"configDoc":"SameSite attribute for the session cookie.","withinAMap":false,"defaultValue":"lax","javaDocSiteLink":"","docMapKey":"cookie-same-site","configPhase":"RUN_TIME","acceptedValues":["`strict`","`lax`","`none`"],"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.authentication.allow-multiple-code-flows","additionalKeys":[],"configDoc":"If a state cookie is present then a `state` query parameter must also be present and both the state cookie name suffix and state cookie value have to match the value of the `state` query parameter when the redirect path matches the current path. However, if multiple authentications are attempted from the same browser, for example, from the different browser tabs, then the currently available state cookie may represent the authentication flow initiated from another tab and not related to the current request. Disable this property if you would like to avoid supporting multiple authorization code flows running in the same browser.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-multiple-code-flows","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.authentication.fail-on-missing-state-param","additionalKeys":[],"configDoc":"Fail with the HTTP 401 error if the state cookie is present but no state query parameter is present.\n\nWhen either multiple authentications are disabled or the redirect URL matches the original request URL, the stale state cookie might remain in the browser cache from the earlier failed redirect to an OpenId Connect provider and be visible during the current request. For example, if Single-page application (SPA) uses XHR to handle redirects to the provider which does not support CORS for its authorization endpoint, the browser will block it and the state cookie created by Quarkus will remain in the browser cache. Quarkus will report an authentication failure when it will detect such an old state cookie but find no matching state query parameter.\n\nReporting HTTP 401 error is usually the right thing to do in such cases, it will minimize a risk of the browser redirect loop but also can identify problems in the way SPA or Quarkus application manage redirects. For example, enabling `java-script-auto-redirect` or having the provider redirect to URL configured with `redirect-path` may be needed to avoid such errors.\n\nHowever, setting this property to `false` may help if the above options are not suitable. It will cause a new authentication redirect to OpenId Connect provider. Please be aware doing so may increase the risk of browser redirect loops.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"fail-on-missing-state-param","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.authentication.user-info-required","additionalKeys":[],"configDoc":"If this property is set to 'true' then an OIDC UserInfo endpoint will be called. This property will be enabled if `quarkus.oidc.roles.source` is `userinfo` or `quarkus.oidc.token.verify-access-token-with-user-info` is `true` or `quarkus.oidc.authentication.id-token-required` is set to `false`, you do not have to enable this property manually in these cases.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"user-info-required","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.authentication.session-age-extension","additionalKeys":[],"configDoc":"Session age extension in minutes. The user session age property is set to the value of the ID token life-span by default and the user will be redirected to the OIDC provider to re-authenticate once the session has expired. If this property is set to a non-zero value then the expired ID token can be refreshed before the session has expired. This property will be ignored if the `token.refresh-expired` property has not been enabled.","withinAMap":false,"defaultValue":"5M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"session-age-extension","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.authentication.java-script-auto-redirect","additionalKeys":[],"configDoc":"If this property is set to 'true' then a normal 302 redirect response will be returned if the request was initiated via JavaScript API such as XMLHttpRequest or Fetch and the current user needs to be (re)authenticated which may not be desirable for Single-page applications (SPA) since it automatically following the redirect may not work given that OIDC authorization endpoints typically do not support CORS.\n\nIf this property is set to 'false' then a status code of '499' will be returned to allow SPA to handle the redirect manually if a request header identifying current request as a JavaScript request is found. 'X-Requested-With' request header with its value set to either `JavaScript` or `XMLHttpRequest` is expected by default if this property is enabled. You can register a custom `JavaScriptRequestChecker` to do a custom JavaScript request check instead.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"java-script-auto-redirect","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.authentication.id-token-required","additionalKeys":[],"configDoc":"Requires that ID token is available when the authorization code flow completes. Disable this property only when you need to use the authorization code flow with OAuth2 providers which do not return ID token - an internal IdToken will be generated in such cases.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"id-token-required","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.authentication.internal-id-token-lifespan","additionalKeys":[],"configDoc":"Internal ID token lifespan. This property is only checked when an internal IdToken is generated when Oauth2 providers do not return IdToken.","withinAMap":false,"defaultValue":"5M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"internal-id-token-lifespan","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.authentication.pkce-required","additionalKeys":[],"configDoc":"Requires that a Proof Key for Code Exchange (PKCE) is used.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"pkce-required","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.authentication.state-secret","additionalKeys":[],"configDoc":"Secret which will be used to encrypt Proof Key for Code Exchange (PKCE) code verifier and/or nonce in the code flow state. This secret should be at least 32 characters long.\n\nIf this secret is not set, the client secret configured with either `quarkus.oidc.credentials.secret` or `quarkus.oidc.credentials.client-secret.value` will be checked. Finally, `quarkus.oidc.credentials.jwt.secret` which can be used for `client_jwt_secret` authentication will be checked. Client secret will not be used as a state encryption secret if it is less than 32 characters long.\n\nThe secret will be auto-generated if it remains uninitialized after checking all of these properties.\n\nError will be reported if the secret length is less than 16 characters.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"state-secret","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.oidc.code-grant.extra-params","additionalKeys":[],"configDoc":"Additional parameters, in addition to the required `code` and `redirect-uri` parameters, which have to be included to complete the authorization code grant request.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"extra-params","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.oidc.code-grant.headers","additionalKeys":[],"configDoc":"Custom HTTP headers which have to be sent to complete the authorization code grant request.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"headers","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.TokenStateManager.Strategy","key":"quarkus.oidc.token-state-manager.strategy","additionalKeys":[],"configDoc":"Default TokenStateManager strategy.","withinAMap":false,"defaultValue":"keep-all-tokens","javaDocSiteLink":"","docMapKey":"strategy","configPhase":"RUN_TIME","acceptedValues":["tooltip:keep-all-tokens[Keep ID, access and refresh tokens.]","tooltip:id-token[Keep ID token only]","tooltip:id-refresh-tokens[Keep ID and refresh tokens only]"],"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.token-state-manager.split-tokens","additionalKeys":[],"configDoc":"Default TokenStateManager keeps all tokens (ID, access and refresh) returned in the authorization code grant response in a single session cookie by default. Enable this property to minimize a session cookie size","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"split-tokens","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.token-state-manager.encryption-required","additionalKeys":[],"configDoc":"Mandates that the session cookie that stores the tokens is encrypted.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"encryption-required","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.token-state-manager.encryption-secret","additionalKeys":[],"configDoc":"Secret which will be used to encrypt the session cookie storing the tokens when `encryption-required` property is enabled.\n\nIf this secret is not set, the client secret configured with either `quarkus.oidc.credentials.secret` or `quarkus.oidc.credentials.client-secret.value` will be checked. Finally, `quarkus.oidc.credentials.jwt.secret` which can be used for `client_jwt_secret` authentication will be checked. The secret will be auto-generated if it remains uninitialized after checking all of these properties.\n\nThe length of the secret which will be used to encrypt the tokens should be at least 32 characters long. Warning will be logged if the secret length is less than 16 characters.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"encryption-secret","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.allow-token-introspection-cache","additionalKeys":[],"configDoc":"Allow caching the token introspection data. Note enabling this property does not enable the cache itself but only permits to cache the token introspection for a given tenant. If the default token cache can be used then please see `OidcConfig.TokenCache` how to enable it.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-token-introspection-cache","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.allow-user-info-cache","additionalKeys":[],"configDoc":"Allow caching the user info data. Note enabling this property does not enable the cache itself but only permits to cache the user info data for a given tenant. If the default token cache can be used then please see `OidcConfig.TokenCache` how to enable it.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-user-info-cache","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.cache-user-info-in-idtoken","additionalKeys":[],"configDoc":"Allow inlining UserInfo in IdToken instead of caching it in the token cache. This property is only checked when an internal IdToken is generated when Oauth2 providers do not return IdToken. Inlining UserInfo in the generated IdToken allows to store it in the session cookie and avoids introducing a cached state.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"cache-user-info-in-idtoken","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.Provider","key":"quarkus.oidc.provider","additionalKeys":[],"configDoc":"Well known OpenId Connect provider identifier","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"provider","configPhase":"RUN_TIME","acceptedValues":["`apple`","`facebook`","`github`","`google`","`microsoft`","`spotify`","`twitch`","`twitter`","`x`"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocSection":{"name":"quarkus.oidc.named-tenants","optional":false,"withinAMap":false,"sectionDetails":"= Additional named tenants","sectionDetailsTitle":"Additional named tenants","configPhase":"RUN_TIME","topLevelGrouping":"quarkus.oidc","configGroupType":"io.quarkus.oidc.OidcTenantConfig","showSection":true,"configDocItems":[{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".auth-server-url","additionalKeys":[],"configDoc":"The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. OIDC discovery endpoint will be called by default by appending a '.well-known/openid-configuration' path to this URL. Note if you work with Keycloak OIDC server, make sure the base URL is in the following format: `https://host:port/realms/++{++realm++}++` where `++{++realm++}++` has to be replaced by the name of the Keycloak realm.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"auth-server-url","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.\"tenant\".discovery-enabled","additionalKeys":[],"configDoc":"Enables OIDC discovery. If the discovery is disabled then the OIDC endpoint URLs must be configured individually.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"discovery-enabled","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".token-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC token endpoint which issues access and refresh tokens.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"token-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".revoke-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC token revocation endpoint.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"revoke-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".client-id","additionalKeys":[],"configDoc":"The client-id of the application. Each application has a client-id that is used to identify the application","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"client-id","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.\"tenant\".connection-delay","additionalKeys":[],"configDoc":"The maximum amount of time connecting to the currently unavailable OIDC server will be attempted for. The number of times the connection request will be repeated is calculated by dividing the value of this property by 2. For example, setting it to `20S` will allow for requesting the connection up to 10 times with a 2 seconds delay between the retries. Note this property is only effective when the initial OIDC connection is created, for example, when requesting a well-known OIDC configuration. Use the 'connection-retry-count' property to support trying to re-establish an already available connection which may have been dropped.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"connection-delay","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.oidc.\"tenant\".connection-retry-count","additionalKeys":[],"configDoc":"The number of times an attempt to re-establish an already available connection will be repeated for. Note this property is different to the `connection-delay` property which is only effective during the initial OIDC connection creation. This property is used to try to recover the existing connection which may have been temporarily lost. For example, if a request to the OIDC token endpoint fails due to a connection exception then the request will be retried for a number of times configured by this property.","withinAMap":true,"defaultValue":"3","javaDocSiteLink":"","docMapKey":"connection-retry-count","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.\"tenant\".connection-timeout","additionalKeys":[],"configDoc":"The amount of time after which the current OIDC connection request will time out.","withinAMap":true,"defaultValue":"10S","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"connection-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.oidc.\"tenant\".max-pool-size","additionalKeys":[],"configDoc":"The maximum size of the connection pool used by the WebClient","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"max-pool-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.secret","additionalKeys":[],"configDoc":"Client secret which is used for a `client_secret_basic` authentication method. Note that a 'client-secret.value' can be used instead but both properties are mutually exclusive.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"secret","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.client-secret.value","additionalKeys":[],"configDoc":"The client secret value - it will be ignored if 'secret.key' is set","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"value","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.client-secret.provider.name","additionalKeys":[],"configDoc":"The CredentialsProvider name which should only be set if more than one CredentialsProvider is registered","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.client-secret.provider.key","additionalKeys":[],"configDoc":"The CredentialsProvider client secret key","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.common.runtime.OidcCommonConfig.Credentials.Secret.Method","key":"quarkus.oidc.\"tenant\".credentials.client-secret.method","additionalKeys":[],"configDoc":"Authentication method.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"method","configPhase":"RUN_TIME","acceptedValues":["tooltip:basic[client_secret_basic (default): client id and secret are submitted with the HTTP Authorization Basic scheme]","tooltip:post[client_secret_post: client id and secret are submitted as the 'client_id' and 'client_secret' form parameters.]","tooltip:post-jwt[client_secret_jwt: client id and generated JWT secret are submitted as the 'client_id' and 'client_secret' form parameters.]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.secret","additionalKeys":[],"configDoc":"If provided, indicates that JWT is signed using a secret key","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"secret","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.secret-provider.name","additionalKeys":[],"configDoc":"The CredentialsProvider name which should only be set if more than one CredentialsProvider is registered","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.secret-provider.key","additionalKeys":[],"configDoc":"The CredentialsProvider client secret key","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.key-file","additionalKeys":[],"configDoc":"If provided, indicates that JWT is signed using a private key in PEM or JWK format. You can use the `signature-algorithm` property to specify the key algorithm.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-file","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.key-store-file","additionalKeys":[],"configDoc":"If provided, indicates that JWT is signed using a private key from a key store","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-file","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.key-store-password","additionalKeys":[],"configDoc":"A parameter to specify the password of the key store file.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.key-id","additionalKeys":[],"configDoc":"The private key id/alias","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-id","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.key-password","additionalKeys":[],"configDoc":"The private key password","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.audience","additionalKeys":[],"configDoc":"JWT audience ('aud') claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"audience","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.token-key-id","additionalKeys":[],"configDoc":"Key identifier of the signing key added as a JWT 'kid' header","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"token-key-id","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.issuer","additionalKeys":[],"configDoc":"Issuer of the signing key added as a JWT 'iss' claim (default: client id)","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"issuer","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.subject","additionalKeys":[],"configDoc":"Subject of the signing key added as a JWT 'sub' claim (default: client id)","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"subject","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.oidc.\"tenant\".credentials.jwt.claims","additionalKeys":[],"configDoc":"Additional claims.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"claims","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.signature-algorithm","additionalKeys":[],"configDoc":"Signature algorithm, also used for the `key-file` property. Supported values: RS256, RS384, RS512, PS256, PS384, PS512, ES256, ES384, ES512, HS256, HS384, HS512.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"signature-algorithm","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.oidc.\"tenant\".credentials.jwt.lifespan","additionalKeys":[],"configDoc":"JWT life-span in seconds. It will be added to the time it was issued at to calculate the expiration time.","withinAMap":true,"defaultValue":"10","javaDocSiteLink":"","docMapKey":"lifespan","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".proxy.host","additionalKeys":[],"configDoc":"The host (name or IP address) of the Proxy. +\nNote: If OIDC adapter needs to use a Proxy to talk with OIDC server (Provider), then at least the \"host\" config item must be configured to enable the usage of a Proxy.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"host","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.oidc.\"tenant\".proxy.port","additionalKeys":[],"configDoc":"The port number of the Proxy. Default value is 80.","withinAMap":true,"defaultValue":"80","javaDocSiteLink":"","docMapKey":"port","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".proxy.username","additionalKeys":[],"configDoc":"The username, if Proxy needs authentication.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"username","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".proxy.password","additionalKeys":[],"configDoc":"The password, if Proxy needs authentication.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.common.runtime.OidcCommonConfig.Tls.Verification","key":"quarkus.oidc.\"tenant\".tls.verification","additionalKeys":[],"configDoc":"Certificate validation and hostname verification, which can be one of the following values from enum `Verification`. Default is required.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"verification","configPhase":"RUN_TIME","acceptedValues":["tooltip:required[Certificates are validated and hostname verification is enabled. This is the default value.]","tooltip:certificate-validation[Certificates are validated but hostname verification is disabled.]","tooltip:none[All certificated are trusted and hostname verification is disabled.]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"path","key":"quarkus.oidc.\"tenant\".tls.key-store-file","additionalKeys":[],"configDoc":"An optional key store which holds the certificate information instead of specifying separate files.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-file","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".tls.key-store-file-type","additionalKeys":[],"configDoc":"An optional parameter to specify type of the key store file. If not given, the type is automatically detected based on the file name.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-file-type","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".tls.key-store-provider","additionalKeys":[],"configDoc":"An optional parameter to specify a provider of the key store file. If not given, the provider is automatically detected based on the key store file type.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-provider","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".tls.key-store-password","additionalKeys":[],"configDoc":"A parameter to specify the password of the key store file. If not given, the default (\"password\") is used.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".tls.key-store-key-alias","additionalKeys":[],"configDoc":"An optional parameter to select a specific key in the key store. When SNI is disabled, if the key store contains multiple keys and no alias is specified, the behavior is undefined.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-key-alias","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".tls.key-store-key-password","additionalKeys":[],"configDoc":"An optional parameter to define the password for the key, in case it's different from `key-store-password`.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-key-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"path","key":"quarkus.oidc.\"tenant\".tls.trust-store-file","additionalKeys":[],"configDoc":"An optional trust store which holds the certificate information of the certificates to trust","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-file","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".tls.trust-store-password","additionalKeys":[],"configDoc":"A parameter to specify the password of the trust store file.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".tls.trust-store-cert-alias","additionalKeys":[],"configDoc":"A parameter to specify the alias of the trust store certificate.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-cert-alias","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".tls.trust-store-file-type","additionalKeys":[],"configDoc":"An optional parameter to specify type of the trust store file. If not given, the type is automatically detected based on the file name.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-file-type","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".tls.trust-store-provider","additionalKeys":[],"configDoc":"An optional parameter to specify a provider of the trust store file. If not given, the provider is automatically detected based on the trust store file type.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-provider","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".tenant-id","additionalKeys":[],"configDoc":"A unique tenant identifier. It must be set by `TenantConfigResolver` providers which resolve the tenant configuration dynamically and is optional in all other cases.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"tenant-id","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".tenant-enabled","additionalKeys":[],"configDoc":"If this tenant configuration is enabled. Note that the default tenant will be disabled if it is not configured but either `TenantConfigResolver` which will resolve tenant configurations is registered or named tenants are configured. You do not have to disable the default tenant in this case.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"tenant-enabled","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.ApplicationType","key":"quarkus.oidc.\"tenant\".application-type","additionalKeys":[],"configDoc":"The application type, which can be one of the following values from enum `ApplicationType`.","withinAMap":true,"defaultValue":"service","javaDocSiteLink":"","docMapKey":"application-type","configPhase":"RUN_TIME","acceptedValues":["tooltip:web-app[A `WEB_APP` is a client that serves pages, usually a frontend application. For this type of client the Authorization Code Flow is defined as the preferred method for authenticating users.]","tooltip:service[A `SERVICE` is a client that has a set of protected HTTP resources, usually a backend application following the RESTful Architectural Design. For this type of client, the Bearer Authorization method is defined as the preferred method for authenticating and authorizing users.]","tooltip:hybrid[A combined `SERVICE` and `WEB_APP` client. For this type of client, the Bearer Authorization method will be used if the Authorization header is set and Authorization Code Flow - if not.]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".authorization-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC authorization endpoint which authenticates the users. This property must be set for the 'web-app' applications if OIDC discovery is disabled. This property will be ignored if the discovery is enabled.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"authorization-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".user-info-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC userinfo endpoint. This property must only be set for the 'web-app' applications if OIDC discovery is disabled and 'authentication.user-info-required' property is enabled. This property will be ignored if the discovery is enabled.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"user-info-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".introspection-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC RFC7662 introspection endpoint which can introspect both opaque and JWT tokens. This property must be set if OIDC discovery is disabled and 1) the opaque bearer access tokens have to be verified or 2) JWT tokens have to be verified while the cached JWK verification set with no matching JWK is being refreshed. This property will be ignored if the discovery is enabled.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"introspection-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".jwks-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC JWKS endpoint which returns a JSON Web Key Verification Set. This property should be set if OIDC discovery is disabled and the local JWT verification is required. This property will be ignored if the discovery is enabled.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"jwks-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".end-session-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC end_session_endpoint. This property must be set if OIDC discovery is disabled and RP Initiated Logout support for the 'web-app' applications is required. This property will be ignored if the discovery is enabled.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"end-session-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".public-key","additionalKeys":[],"configDoc":"Public key for the local JWT token verification. OIDC server connection will not be created when this property is set.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"public-key","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".introspection-credentials.name","additionalKeys":[],"configDoc":"Name","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".introspection-credentials.secret","additionalKeys":[],"configDoc":"Secret","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"secret","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".introspection-credentials.include-client-id","additionalKeys":[],"configDoc":"Include OpenId Connect Client ID configured with 'quarkus.oidc.client-id'","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"include-client-id","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".roles.role-claim-path","additionalKeys":[],"configDoc":"List of paths to claims containing an array of groups. Each path starts from the top level JWT JSON object and can contain multiple segments where each segment represents a JSON object name only, example: \"realm/groups\". Use double quotes with the namespace qualified claim names. This property can be used if a token has no 'groups' claim but has the groups set in one or more different claims.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"role-claim-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".roles.role-claim-separator","additionalKeys":[],"configDoc":"Separator for splitting a string which may contain multiple group values. It will only be used if the \"role-claim-path\" property points to one or more custom claims whose values are strings. A single space will be used by default because the standard 'scope' claim may contain a space separated sequence.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"role-claim-separator","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.Roles.Source","key":"quarkus.oidc.\"tenant\".roles.source","additionalKeys":[],"configDoc":"Source of the principal roles.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"source","configPhase":"RUN_TIME","acceptedValues":["tooltip:idtoken[ID Token - the default value for the 'web-app' applications.]","tooltip:accesstoken[Access Token - the default value for the 'service' applications; can also be used as the source of roles for the 'web-app' applications.]","tooltip:userinfo[User Info]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".token.issuer","additionalKeys":[],"configDoc":"Expected issuer 'iss' claim value. Note this property overrides the `issuer` property which may be set in OpenId Connect provider's well-known configuration. If the `iss` claim value varies depending on the host/IP address or tenant id of the provider then you may skip the issuer verification by setting this property to 'any' but it should be done only when other options (such as configuring the provider to use the fixed `iss` claim value) are not possible.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"issuer","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".token.audience","additionalKeys":[],"configDoc":"Expected audience 'aud' claim value which may be a string or an array of strings. Note the audience claim will be verified for ID tokens by default. ID token audience must be equal to the value of `quarkus.oidc.client-id` property. Use this property to override the expected value if your OpenID Connect provider sets a different audience claim value in ID tokens. Set it to `any` if your provider does not set ID token audience` claim. Audience verification for access tokens will only be done if this property is configured.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"audience","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".token.subject-required","additionalKeys":[],"configDoc":"Require that the token includes a `sub` (subject) claim which is a unique and never reassigned identifier for the current user. Note that if you enable this property and if UserInfo is also required then both the token and UserInfo `sub` claims must be present and match each other.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"subject-required","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.oidc.\"tenant\".token.required-claims","additionalKeys":[],"configDoc":"A map of required claims and their expected values. For example, `quarkus.oidc.token.required-claims.org_id = org_xyz` would require tokens to have the `org_id` claim to be present and set to `org_xyz`. Strings are the only supported types. Use `SecurityIdentityAugmentor` to verify claims of other types or complex claims.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"claim-name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".token.token-type","additionalKeys":[],"configDoc":"Expected token type","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"token-type","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.oidc.\"tenant\".token.lifespan-grace","additionalKeys":[],"configDoc":"Life span grace period in seconds. When checking token expiry, current time is allowed to be later than token expiration time by at most the configured number of seconds. When checking token issuance, current time is allowed to be sooner than token issue time by at most the configured number of seconds.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"lifespan-grace","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.\"tenant\".token.age","additionalKeys":[],"configDoc":"Token age. It allows for the number of seconds to be specified that must not elapse since the `iat` (issued at) time. A small leeway to account for clock skew which can be configured with 'quarkus.oidc.token.lifespan-grace' to verify the token expiry time can also be used to verify the token age property. Note that setting this property does not relax the requirement that Bearer and Code Flow JWT tokens must have a valid ('exp') expiry claim value. The only exception where setting this property relaxes the requirement is when a logout token is sent with a back-channel logout request since the current OpenId Connect Back-Channel specification does not explicitly require the logout tokens to contain an 'exp' claim. However, even if the current logout token is allowed to have no 'exp' claim, the `exp` claim will be still verified if the logout token contains it.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"age","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".token.principal-claim","additionalKeys":[],"configDoc":"Name of the claim which contains a principal name. By default, the 'upn', 'preferred_username' and `sub` claims are checked.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"principal-claim","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".token.refresh-expired","additionalKeys":[],"configDoc":"Refresh expired authorization code flow ID or access tokens. If this property is enabled then a refresh token request will be performed if the authorization code ID or access token has expired and, if successful, the local session will be updated with the new set of tokens. Otherwise, the local session will be invalidated and the user redirected to the OpenID Provider to re-authenticate. In this case the user may not be challenged again if the OIDC provider session is still active. For this option be effective the `authentication.session-age-extension` property should also be set to a non-zero value since the refresh token is currently kept in the user session. This option is valid only when the application is of type `ApplicationType++#++WEB_APP`++}++. This property will be enabled if `quarkus.oidc.token.refresh-token-time-skew` is configured, you do not have to enable this property manually in this case.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"refresh-expired","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.\"tenant\".token.refresh-token-time-skew","additionalKeys":[],"configDoc":"Refresh token time skew in seconds. If this property is enabled then the configured number of seconds is added to the current time when checking if the authorization code ID or access token should be refreshed. If the sum is greater than the authorization code ID or access token's expiration time then a refresh is going to happen.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"refresh-token-time-skew","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.\"tenant\".token.forced-jwk-refresh-interval","additionalKeys":[],"configDoc":"Forced JWK set refresh interval in minutes.","withinAMap":true,"defaultValue":"10M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"forced-jwk-refresh-interval","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".token.header","additionalKeys":[],"configDoc":"Custom HTTP header that contains a bearer token. This option is valid only when the application is of type `ApplicationType++#++SERVICE`++}++.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"header","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.SignatureAlgorithm","key":"quarkus.oidc.\"tenant\".token.signature-algorithm","additionalKeys":[],"configDoc":"Required signature algorithm. OIDC providers support many signature algorithms but if necessary you can restrict Quarkus application to accept tokens signed only using an algorithm configured with this property.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"signature-algorithm","configPhase":"RUN_TIME","acceptedValues":["`rs256`","`rs384`","`rs512`","`ps256`","`ps384`","`ps512`","`es256`","`es384`","`es512`","`eddsa`"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".token.decryption-key-location","additionalKeys":[],"configDoc":"Decryption key location. JWT tokens can be inner-signed and encrypted by OpenId Connect providers. However, it is not always possible to remotely introspect such tokens because the providers may not control the private decryption keys. In such cases set this property to point to the file containing the decryption private key in PEM or JSON Web Key (JWK) format. Note that if a 'private_key_jwt' client authentication method is used then the private key which is used to sign client authentication JWT tokens will be used to try to decrypt an encrypted ID token if this property is not set.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"decryption-key-location","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".token.allow-jwt-introspection","additionalKeys":[],"configDoc":"Allow the remote introspection of JWT tokens when no matching JWK key is available. Note this property is set to 'true' by default for backward-compatibility reasons and will be set to `false` instead in one of the next releases. Also note this property will be ignored if JWK endpoint URI is not available and introspecting the tokens is the only verification option.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-jwt-introspection","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".token.require-jwt-introspection-only","additionalKeys":[],"configDoc":"Require that JWT tokens are only introspected remotely.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"require-jwt-introspection-only","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".token.allow-opaque-token-introspection","additionalKeys":[],"configDoc":"Allow the remote introspection of the opaque tokens. Set this property to 'false' if only JWT tokens are expected.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-opaque-token-introspection","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".token.customizer-name","additionalKeys":[],"configDoc":"Token customizer name. Allows to select a tenant specific token customizer as a named bean. Prefer using `TenantFeature` qualifier when registering custom `TokenCustomizer`. Use this property only to refer to `TokenCustomizer` implementations provided by this extension.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"customizer-name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.\"tenant\".token.verify-access-token-with-user-info","additionalKeys":[],"configDoc":"Indirectly verify that the opaque (binary) access token is valid by using it to request UserInfo. Opaque access token is considered valid if the provider accepted this token and returned a valid UserInfo. You should only enable this option if the opaque access tokens have to be accepted but OpenId Connect provider does not have a token introspection endpoint. This property will have no effect when JWT tokens have to be verified.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"verify-access-token-with-user-info","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".logout.path","additionalKeys":[],"configDoc":"The relative path of the logout endpoint at the application. If provided, the application is able to initiate the logout through this endpoint in conformance with the OpenID Connect RP-Initiated Logout specification.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".logout.post-logout-path","additionalKeys":[],"configDoc":"Relative path of the application endpoint where the user should be redirected to after logging out from the OpenID Connect Provider. This endpoint URI must be properly registered at the OpenID Connect Provider as a valid redirect URI.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"post-logout-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".logout.post-logout-uri-param","additionalKeys":[],"configDoc":"Name of the post logout URI parameter which will be added as a query parameter to the logout redirect URI.","withinAMap":true,"defaultValue":"post_logout_redirect_uri","javaDocSiteLink":"","docMapKey":"post-logout-uri-param","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.oidc.\"tenant\".logout.extra-params","additionalKeys":[],"configDoc":"Additional properties which will be added as the query parameters to the logout redirect URI.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"extra-params","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".logout.backchannel.path","additionalKeys":[],"configDoc":"The relative path of the Back-Channel Logout endpoint at the application.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.oidc.\"tenant\".logout.backchannel.token-cache-size","additionalKeys":[],"configDoc":"Maximum number of logout tokens that can be cached before they are matched against ID tokens stored in session cookies.","withinAMap":true,"defaultValue":"10","javaDocSiteLink":"","docMapKey":"token-cache-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.\"tenant\".logout.backchannel.token-cache-time-to-live","additionalKeys":[],"configDoc":"Number of minutes a logout token can be cached for.","withinAMap":true,"defaultValue":"10M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"token-cache-time-to-live","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.\"tenant\".logout.backchannel.clean-up-timer-interval","additionalKeys":[],"configDoc":"Token cache timer interval. If this property is set then a timer will check and remove the stale entries periodically.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"clean-up-timer-interval","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".logout.backchannel.logout-token-key","additionalKeys":[],"configDoc":"Logout token claim whose value will be used as a key for caching the tokens. Only `sub` (subject) and `sid` (session id) claims can be used as keys. Set it to `sid` only if ID tokens issued by the OIDC provider have no `sub` but have `sid` claim.","withinAMap":true,"defaultValue":"sub","javaDocSiteLink":"","docMapKey":"logout-token-key","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".logout.frontchannel.path","additionalKeys":[],"configDoc":"The relative path of the Front-Channel Logout endpoint at the application.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.Authentication.ResponseMode","key":"quarkus.oidc.\"tenant\".authentication.response-mode","additionalKeys":[],"configDoc":"Authorization code flow response mode","withinAMap":true,"defaultValue":"query","javaDocSiteLink":"","docMapKey":"response-mode","configPhase":"RUN_TIME","acceptedValues":["tooltip:query[Authorization response parameters are encoded in the query string added to the redirect_uri]","tooltip:form-post[Authorization response parameters are encoded as HTML form values that are auto-submitted in the browser and transmitted via the HTTP POST method using the application/x-www-form-urlencoded content type]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".authentication.redirect-path","additionalKeys":[],"configDoc":"Relative path for calculating a \"redirect_uri\" query parameter. It has to start from a forward slash and will be appended to the request URI's host and port. For example, if the current request URI is 'https://localhost:8080/service' then a 'redirect_uri' parameter will be set to 'https://localhost:8080/' if this property is set to '/' and be the same as the request URI if this property has not been configured. Note the original request URI will be restored after the user has authenticated if 'restorePathAfterRedirect' is set to 'true'.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"redirect-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".authentication.restore-path-after-redirect","additionalKeys":[],"configDoc":"If this property is set to 'true' then the original request URI which was used before the authentication will be restored after the user has been redirected back to the application. Note if `redirectPath` property is not set, the original request URI will be restored even if this property is disabled.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"restore-path-after-redirect","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".authentication.remove-redirect-parameters","additionalKeys":[],"configDoc":"Remove the query parameters such as 'code' and 'state' set by the OIDC server on the redirect URI after the user has authenticated by redirecting a user to the same URI but without the query parameters.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"remove-redirect-parameters","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".authentication.error-path","additionalKeys":[],"configDoc":"Relative path to the public endpoint which will process the error response from the OIDC authorization endpoint. If the user authentication has failed then the OIDC provider will return an 'error' and an optional 'error_description' parameters, instead of the expected authorization 'code'. If this property is set then the user will be redirected to the endpoint which can return a user-friendly error description page. It has to start from a forward slash and will be appended to the request URI's host and port. For example, if it is set as '/error' and the current request URI is 'https://localhost:8080/callback?error=invalid_scope' then a redirect will be made to 'https://localhost:8080/error?error=invalid_scope'. If this property is not set then HTTP 401 status will be returned in case of the user authentication failure.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"error-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".authentication.verify-access-token","additionalKeys":[],"configDoc":"Both ID and access tokens are fetched from the OIDC provider as part of the authorization code flow. ID token is always verified on every user request as the primary token which is used to represent the principal and extract the roles. Access token is not verified by default since it is meant to be propagated to the downstream services. The verification of the access token should be enabled if it is injected as a JWT token. Access tokens obtained as part of the code flow will always be verified if `quarkus.oidc.roles.source` property is set to `accesstoken` which means the authorization decision will be based on the roles extracted from the access token. Bearer access tokens are always verified.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"verify-access-token","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.\"tenant\".authentication.force-redirect-https-scheme","additionalKeys":[],"configDoc":"Force 'https' as the 'redirect_uri' parameter scheme when running behind an SSL terminating reverse proxy. This property, if enabled, will also affect the logout `post_logout_redirect_uri` and the local redirect requests.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"force-redirect-https-scheme","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".authentication.scopes","additionalKeys":[],"configDoc":"List of scopes","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"scopes","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".authentication.nonce-required","additionalKeys":[],"configDoc":"Require that ID token includes a `nonce` claim which must match `nonce` authentication request query parameter. Enabling this property can help mitigate replay attacks. Do not enable this property if your OpenId Connect provider does not support setting `nonce` in ID token or if you work with OAuth2 provider such as `GitHub` which does not issue ID tokens.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"nonce-required","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.\"tenant\".authentication.add-openid-scope","additionalKeys":[],"configDoc":"Add the 'openid' scope automatically to the list of scopes. This is required for OpenId Connect providers but will not work for OAuth2 providers such as Twitter OAuth2 which does not accept that scope and throws an error.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"add-openid-scope","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.oidc.\"tenant\".authentication.extra-params","additionalKeys":[],"configDoc":"Additional properties which will be added as the query parameters to the authentication redirect URI.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"extra-params","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".authentication.forward-params","additionalKeys":[],"configDoc":"Request URL query parameters which, if present, will be added to the authentication redirect URI.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"forward-params","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".authentication.cookie-force-secure","additionalKeys":[],"configDoc":"If enabled the state, session and post logout cookies will have their 'secure' parameter set to 'true' when HTTP is used. It may be necessary when running behind an SSL terminating reverse proxy. The cookies will always be secure if HTTPS is used even if this property is set to false.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"cookie-force-secure","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".authentication.cookie-suffix","additionalKeys":[],"configDoc":"Cookie name suffix. For example, a session cookie name for the default OIDC tenant is 'q_session' but can be changed to 'q_session_test' if this property is set to 'test'.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"cookie-suffix","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".authentication.cookie-path","additionalKeys":[],"configDoc":"Cookie path parameter value which, if set, will be used to set a path parameter for the session, state and post logout cookies. The `cookie-path-header` property, if set, will be checked first.","withinAMap":true,"defaultValue":"/","javaDocSiteLink":"","docMapKey":"cookie-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".authentication.cookie-path-header","additionalKeys":[],"configDoc":"Cookie path header parameter value which, if set, identifies the incoming HTTP header whose value will be used to set a path parameter for the session, state and post logout cookies. If the header is missing then the `cookie-path` property will be checked.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"cookie-path-header","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".authentication.cookie-domain","additionalKeys":[],"configDoc":"Cookie domain parameter value which, if set, will be used for the session, state and post logout cookies.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"cookie-domain","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.Authentication.CookieSameSite","key":"quarkus.oidc.\"tenant\".authentication.cookie-same-site","additionalKeys":[],"configDoc":"SameSite attribute for the session cookie.","withinAMap":true,"defaultValue":"lax","javaDocSiteLink":"","docMapKey":"cookie-same-site","configPhase":"RUN_TIME","acceptedValues":["`strict`","`lax`","`none`"],"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".authentication.allow-multiple-code-flows","additionalKeys":[],"configDoc":"If a state cookie is present then a `state` query parameter must also be present and both the state cookie name suffix and state cookie value have to match the value of the `state` query parameter when the redirect path matches the current path. However, if multiple authentications are attempted from the same browser, for example, from the different browser tabs, then the currently available state cookie may represent the authentication flow initiated from another tab and not related to the current request. Disable this property if you would like to avoid supporting multiple authorization code flows running in the same browser.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-multiple-code-flows","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".authentication.fail-on-missing-state-param","additionalKeys":[],"configDoc":"Fail with the HTTP 401 error if the state cookie is present but no state query parameter is present.\n\nWhen either multiple authentications are disabled or the redirect URL matches the original request URL, the stale state cookie might remain in the browser cache from the earlier failed redirect to an OpenId Connect provider and be visible during the current request. For example, if Single-page application (SPA) uses XHR to handle redirects to the provider which does not support CORS for its authorization endpoint, the browser will block it and the state cookie created by Quarkus will remain in the browser cache. Quarkus will report an authentication failure when it will detect such an old state cookie but find no matching state query parameter.\n\nReporting HTTP 401 error is usually the right thing to do in such cases, it will minimize a risk of the browser redirect loop but also can identify problems in the way SPA or Quarkus application manage redirects. For example, enabling `java-script-auto-redirect` or having the provider redirect to URL configured with `redirect-path` may be needed to avoid such errors.\n\nHowever, setting this property to `false` may help if the above options are not suitable. It will cause a new authentication redirect to OpenId Connect provider. Please be aware doing so may increase the risk of browser redirect loops.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"fail-on-missing-state-param","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.\"tenant\".authentication.user-info-required","additionalKeys":[],"configDoc":"If this property is set to 'true' then an OIDC UserInfo endpoint will be called. This property will be enabled if `quarkus.oidc.roles.source` is `userinfo` or `quarkus.oidc.token.verify-access-token-with-user-info` is `true` or `quarkus.oidc.authentication.id-token-required` is set to `false`, you do not have to enable this property manually in these cases.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"user-info-required","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.\"tenant\".authentication.session-age-extension","additionalKeys":[],"configDoc":"Session age extension in minutes. The user session age property is set to the value of the ID token life-span by default and the user will be redirected to the OIDC provider to re-authenticate once the session has expired. If this property is set to a non-zero value then the expired ID token can be refreshed before the session has expired. This property will be ignored if the `token.refresh-expired` property has not been enabled.","withinAMap":true,"defaultValue":"5M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"session-age-extension","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".authentication.java-script-auto-redirect","additionalKeys":[],"configDoc":"If this property is set to 'true' then a normal 302 redirect response will be returned if the request was initiated via JavaScript API such as XMLHttpRequest or Fetch and the current user needs to be (re)authenticated which may not be desirable for Single-page applications (SPA) since it automatically following the redirect may not work given that OIDC authorization endpoints typically do not support CORS.\n\nIf this property is set to 'false' then a status code of '499' will be returned to allow SPA to handle the redirect manually if a request header identifying current request as a JavaScript request is found. 'X-Requested-With' request header with its value set to either `JavaScript` or `XMLHttpRequest` is expected by default if this property is enabled. You can register a custom `JavaScriptRequestChecker` to do a custom JavaScript request check instead.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"java-script-auto-redirect","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.\"tenant\".authentication.id-token-required","additionalKeys":[],"configDoc":"Requires that ID token is available when the authorization code flow completes. Disable this property only when you need to use the authorization code flow with OAuth2 providers which do not return ID token - an internal IdToken will be generated in such cases.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"id-token-required","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.\"tenant\".authentication.internal-id-token-lifespan","additionalKeys":[],"configDoc":"Internal ID token lifespan. This property is only checked when an internal IdToken is generated when Oauth2 providers do not return IdToken.","withinAMap":true,"defaultValue":"5M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"internal-id-token-lifespan","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.\"tenant\".authentication.pkce-required","additionalKeys":[],"configDoc":"Requires that a Proof Key for Code Exchange (PKCE) is used.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"pkce-required","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".authentication.state-secret","additionalKeys":[],"configDoc":"Secret which will be used to encrypt Proof Key for Code Exchange (PKCE) code verifier and/or nonce in the code flow state. This secret should be at least 32 characters long.\n\nIf this secret is not set, the client secret configured with either `quarkus.oidc.credentials.secret` or `quarkus.oidc.credentials.client-secret.value` will be checked. Finally, `quarkus.oidc.credentials.jwt.secret` which can be used for `client_jwt_secret` authentication will be checked. Client secret will not be used as a state encryption secret if it is less than 32 characters long.\n\nThe secret will be auto-generated if it remains uninitialized after checking all of these properties.\n\nError will be reported if the secret length is less than 16 characters.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"state-secret","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.oidc.\"tenant\".code-grant.extra-params","additionalKeys":[],"configDoc":"Additional parameters, in addition to the required `code` and `redirect-uri` parameters, which have to be included to complete the authorization code grant request.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"extra-params","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.oidc.\"tenant\".code-grant.headers","additionalKeys":[],"configDoc":"Custom HTTP headers which have to be sent to complete the authorization code grant request.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"headers","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.TokenStateManager.Strategy","key":"quarkus.oidc.\"tenant\".token-state-manager.strategy","additionalKeys":[],"configDoc":"Default TokenStateManager strategy.","withinAMap":true,"defaultValue":"keep-all-tokens","javaDocSiteLink":"","docMapKey":"strategy","configPhase":"RUN_TIME","acceptedValues":["tooltip:keep-all-tokens[Keep ID, access and refresh tokens.]","tooltip:id-token[Keep ID token only]","tooltip:id-refresh-tokens[Keep ID and refresh tokens only]"],"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".token-state-manager.split-tokens","additionalKeys":[],"configDoc":"Default TokenStateManager keeps all tokens (ID, access and refresh) returned in the authorization code grant response in a single session cookie by default. Enable this property to minimize a session cookie size","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"split-tokens","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".token-state-manager.encryption-required","additionalKeys":[],"configDoc":"Mandates that the session cookie that stores the tokens is encrypted.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"encryption-required","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".token-state-manager.encryption-secret","additionalKeys":[],"configDoc":"Secret which will be used to encrypt the session cookie storing the tokens when `encryption-required` property is enabled.\n\nIf this secret is not set, the client secret configured with either `quarkus.oidc.credentials.secret` or `quarkus.oidc.credentials.client-secret.value` will be checked. Finally, `quarkus.oidc.credentials.jwt.secret` which can be used for `client_jwt_secret` authentication will be checked. The secret will be auto-generated if it remains uninitialized after checking all of these properties.\n\nThe length of the secret which will be used to encrypt the tokens should be at least 32 characters long. Warning will be logged if the secret length is less than 16 characters.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"encryption-secret","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".allow-token-introspection-cache","additionalKeys":[],"configDoc":"Allow caching the token introspection data. Note enabling this property does not enable the cache itself but only permits to cache the token introspection for a given tenant. If the default token cache can be used then please see `OidcConfig.TokenCache` how to enable it.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-token-introspection-cache","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".allow-user-info-cache","additionalKeys":[],"configDoc":"Allow caching the user info data. Note enabling this property does not enable the cache itself but only permits to cache the user info data for a given tenant. If the default token cache can be used then please see `OidcConfig.TokenCache` how to enable it.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-user-info-cache","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".cache-user-info-in-idtoken","additionalKeys":[],"configDoc":"Allow inlining UserInfo in IdToken instead of caching it in the token cache. This property is only checked when an internal IdToken is generated when Oauth2 providers do not return IdToken. Inlining UserInfo in the generated IdToken allows to store it in the session cookie and avoids introducing a cached state.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"cache-user-info-in-idtoken","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.Provider","key":"quarkus.oidc.\"tenant\".provider","additionalKeys":[],"configDoc":"Well known OpenId Connect provider identifier","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"provider","configPhase":"RUN_TIME","acceptedValues":["`apple`","`facebook`","`github`","`google`","`microsoft`","`spotify`","`twitch`","`twitter`","`x`"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}}],"anchorPrefix":null}},{"configDocKey":{"type":"int","key":"quarkus.oidc.token-cache.max-size","additionalKeys":[],"configDoc":"Maximum number of cache entries. Set it to a positive value if the cache has to be enabled.","withinAMap":false,"defaultValue":"0","javaDocSiteLink":"","docMapKey":"max-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.token-cache.time-to-live","additionalKeys":[],"configDoc":"Maximum amount of time a given cache entry is valid for.","withinAMap":false,"defaultValue":"3M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"time-to-live","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.token-cache.clean-up-timer-interval","additionalKeys":[],"configDoc":"Clean up timer interval. If this property is set then a timer will check and remove the stale entries periodically.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"clean-up-timer-interval","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}}] \ No newline at end of file +[{"configDocKey":{"type":"string","key":"quarkus.oidc.auth-server-url","additionalKeys":[],"configDoc":"The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. OIDC discovery endpoint will be called by default by appending a '.well-known/openid-configuration' path to this URL. Note if you work with Keycloak OIDC server, make sure the base URL is in the following format: `https://host:port/realms/++{++realm++}++` where `++{++realm++}++` has to be replaced by the name of the Keycloak realm.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"auth-server-url","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.discovery-enabled","additionalKeys":[],"configDoc":"Enables OIDC discovery. If the discovery is disabled then the OIDC endpoint URLs must be configured individually.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"discovery-enabled","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.token-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC token endpoint which issues access and refresh tokens.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"token-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.revoke-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC token revocation endpoint.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"revoke-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.client-id","additionalKeys":[],"configDoc":"The client-id of the application. Each application has a client-id that is used to identify the application","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"client-id","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.connection-delay","additionalKeys":[],"configDoc":"The maximum amount of time connecting to the currently unavailable OIDC server will be attempted for. The number of times the connection request will be repeated is calculated by dividing the value of this property by 2. For example, setting it to `20S` will allow for requesting the connection up to 10 times with a 2 seconds delay between the retries. Note this property is only effective when the initial OIDC connection is created, for example, when requesting a well-known OIDC configuration. Use the 'connection-retry-count' property to support trying to re-establish an already available connection which may have been dropped.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"connection-delay","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.oidc.connection-retry-count","additionalKeys":[],"configDoc":"The number of times an attempt to re-establish an already available connection will be repeated for. Note this property is different to the `connection-delay` property which is only effective during the initial OIDC connection creation. This property is used to try to recover the existing connection which may have been temporarily lost. For example, if a request to the OIDC token endpoint fails due to a connection exception then the request will be retried for a number of times configured by this property.","withinAMap":false,"defaultValue":"3","javaDocSiteLink":"","docMapKey":"connection-retry-count","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.connection-timeout","additionalKeys":[],"configDoc":"The amount of time after which the current OIDC connection request will time out.","withinAMap":false,"defaultValue":"10S","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"connection-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.oidc.max-pool-size","additionalKeys":[],"configDoc":"The maximum size of the connection pool used by the WebClient","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"max-pool-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.secret","additionalKeys":[],"configDoc":"Client secret which is used for a `client_secret_basic` authentication method. Note that a 'client-secret.value' can be used instead but both properties are mutually exclusive.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"secret","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.client-secret.value","additionalKeys":[],"configDoc":"The client secret value - it will be ignored if 'secret.key' is set","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"value","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.client-secret.provider.name","additionalKeys":[],"configDoc":"The CredentialsProvider name which should only be set if more than one CredentialsProvider is registered","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.client-secret.provider.key","additionalKeys":[],"configDoc":"The CredentialsProvider client secret key","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.common.runtime.OidcCommonConfig.Credentials.Secret.Method","key":"quarkus.oidc.credentials.client-secret.method","additionalKeys":[],"configDoc":"Authentication method.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"method","configPhase":"RUN_TIME","acceptedValues":["tooltip:basic[client_secret_basic (default): client id and secret are submitted with the HTTP Authorization Basic scheme]","tooltip:post[client_secret_post: client id and secret are submitted as the 'client_id' and 'client_secret' form parameters.]","tooltip:post-jwt[client_secret_jwt: client id and generated JWT secret are submitted as the 'client_id' and 'client_secret' form parameters.]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.secret","additionalKeys":[],"configDoc":"If provided, indicates that JWT is signed using a secret key","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"secret","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.secret-provider.name","additionalKeys":[],"configDoc":"The CredentialsProvider name which should only be set if more than one CredentialsProvider is registered","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.secret-provider.key","additionalKeys":[],"configDoc":"The CredentialsProvider client secret key","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.key-file","additionalKeys":[],"configDoc":"If provided, indicates that JWT is signed using a private key in PEM or JWK format. You can use the `signature-algorithm` property to specify the key algorithm.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-file","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.key-store-file","additionalKeys":[],"configDoc":"If provided, indicates that JWT is signed using a private key from a key store","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-file","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.key-store-password","additionalKeys":[],"configDoc":"A parameter to specify the password of the key store file.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.key-id","additionalKeys":[],"configDoc":"The private key id/alias","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-id","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.key-password","additionalKeys":[],"configDoc":"The private key password","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.audience","additionalKeys":[],"configDoc":"JWT audience ('aud') claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"audience","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.token-key-id","additionalKeys":[],"configDoc":"Key identifier of the signing key added as a JWT 'kid' header","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"token-key-id","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.issuer","additionalKeys":[],"configDoc":"Issuer of the signing key added as a JWT 'iss' claim (default: client id)","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"issuer","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.subject","additionalKeys":[],"configDoc":"Subject of the signing key added as a JWT 'sub' claim (default: client id)","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"subject","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.oidc.credentials.jwt.claims","additionalKeys":[],"configDoc":"Additional claims.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"claims","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.credentials.jwt.signature-algorithm","additionalKeys":[],"configDoc":"Signature algorithm, also used for the `key-file` property. Supported values: RS256, RS384, RS512, PS256, PS384, PS512, ES256, ES384, ES512, HS256, HS384, HS512.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"signature-algorithm","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.oidc.credentials.jwt.lifespan","additionalKeys":[],"configDoc":"JWT life-span in seconds. It will be added to the time it was issued at to calculate the expiration time.","withinAMap":false,"defaultValue":"10","javaDocSiteLink":"","docMapKey":"lifespan","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.proxy.host","additionalKeys":[],"configDoc":"The host (name or IP address) of the Proxy. +\nNote: If OIDC adapter needs to use a Proxy to talk with OIDC server (Provider), then at least the \"host\" config item must be configured to enable the usage of a Proxy.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"host","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.oidc.proxy.port","additionalKeys":[],"configDoc":"The port number of the Proxy. Default value is 80.","withinAMap":false,"defaultValue":"80","javaDocSiteLink":"","docMapKey":"port","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.proxy.username","additionalKeys":[],"configDoc":"The username, if Proxy needs authentication.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"username","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.proxy.password","additionalKeys":[],"configDoc":"The password, if Proxy needs authentication.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.common.runtime.OidcCommonConfig.Tls.Verification","key":"quarkus.oidc.tls.verification","additionalKeys":[],"configDoc":"Certificate validation and hostname verification, which can be one of the following values from enum `Verification`. Default is required.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"verification","configPhase":"RUN_TIME","acceptedValues":["tooltip:required[Certificates are validated and hostname verification is enabled. This is the default value.]","tooltip:certificate-validation[Certificates are validated but hostname verification is disabled.]","tooltip:none[All certificated are trusted and hostname verification is disabled.]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"path","key":"quarkus.oidc.tls.key-store-file","additionalKeys":[],"configDoc":"An optional key store which holds the certificate information instead of specifying separate files.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-file","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.tls.key-store-file-type","additionalKeys":[],"configDoc":"An optional parameter to specify type of the key store file. If not given, the type is automatically detected based on the file name.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-file-type","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.tls.key-store-provider","additionalKeys":[],"configDoc":"An optional parameter to specify a provider of the key store file. If not given, the provider is automatically detected based on the key store file type.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-provider","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.tls.key-store-password","additionalKeys":[],"configDoc":"A parameter to specify the password of the key store file. If not given, the default (\"password\") is used.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.tls.key-store-key-alias","additionalKeys":[],"configDoc":"An optional parameter to select a specific key in the key store. When SNI is disabled, if the key store contains multiple keys and no alias is specified, the behavior is undefined.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-key-alias","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.tls.key-store-key-password","additionalKeys":[],"configDoc":"An optional parameter to define the password for the key, in case it's different from `key-store-password`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-key-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"path","key":"quarkus.oidc.tls.trust-store-file","additionalKeys":[],"configDoc":"An optional trust store which holds the certificate information of the certificates to trust","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-file","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.tls.trust-store-password","additionalKeys":[],"configDoc":"A parameter to specify the password of the trust store file.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.tls.trust-store-cert-alias","additionalKeys":[],"configDoc":"A parameter to specify the alias of the trust store certificate.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-cert-alias","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.tls.trust-store-file-type","additionalKeys":[],"configDoc":"An optional parameter to specify type of the trust store file. If not given, the type is automatically detected based on the file name.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-file-type","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.tls.trust-store-provider","additionalKeys":[],"configDoc":"An optional parameter to specify a provider of the trust store file. If not given, the provider is automatically detected based on the trust store file type.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-provider","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.tenant-id","additionalKeys":[],"configDoc":"A unique tenant identifier. It must be set by `TenantConfigResolver` providers which resolve the tenant configuration dynamically and is optional in all other cases.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"tenant-id","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.tenant-enabled","additionalKeys":[],"configDoc":"If this tenant configuration is enabled. Note that the default tenant will be disabled if it is not configured but either `TenantConfigResolver` which will resolve tenant configurations is registered or named tenants are configured. You do not have to disable the default tenant in this case.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"tenant-enabled","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.ApplicationType","key":"quarkus.oidc.application-type","additionalKeys":[],"configDoc":"The application type, which can be one of the following values from enum `ApplicationType`.","withinAMap":false,"defaultValue":"service","javaDocSiteLink":"","docMapKey":"application-type","configPhase":"RUN_TIME","acceptedValues":["tooltip:web-app[A `WEB_APP` is a client that serves pages, usually a frontend application. For this type of client the Authorization Code Flow is defined as the preferred method for authenticating users.]","tooltip:service[A `SERVICE` is a client that has a set of protected HTTP resources, usually a backend application following the RESTful Architectural Design. For this type of client, the Bearer Authorization method is defined as the preferred method for authenticating and authorizing users.]","tooltip:hybrid[A combined `SERVICE` and `WEB_APP` client. For this type of client, the Bearer Authorization method will be used if the Authorization header is set and Authorization Code Flow - if not.]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"string","key":"quarkus.oidc.authorization-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC authorization endpoint which authenticates the users. This property must be set for the 'web-app' applications if OIDC discovery is disabled. This property will be ignored if the discovery is enabled.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"authorization-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.user-info-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC userinfo endpoint. This property must only be set for the 'web-app' applications if OIDC discovery is disabled and 'authentication.user-info-required' property is enabled. This property will be ignored if the discovery is enabled.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"user-info-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.introspection-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC RFC7662 introspection endpoint which can introspect both opaque and JWT tokens. This property must be set if OIDC discovery is disabled and 1) the opaque bearer access tokens have to be verified or 2) JWT tokens have to be verified while the cached JWK verification set with no matching JWK is being refreshed. This property will be ignored if the discovery is enabled.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"introspection-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.jwks-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC JWKS endpoint which returns a JSON Web Key Verification Set. This property should be set if OIDC discovery is disabled and the local JWT verification is required. This property will be ignored if the discovery is enabled.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"jwks-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.end-session-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC end_session_endpoint. This property must be set if OIDC discovery is disabled and RP Initiated Logout support for the 'web-app' applications is required. This property will be ignored if the discovery is enabled.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"end-session-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.public-key","additionalKeys":[],"configDoc":"Public key for the local JWT token verification. OIDC server connection will not be created when this property is set.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"public-key","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.introspection-credentials.name","additionalKeys":[],"configDoc":"Name","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.introspection-credentials.secret","additionalKeys":[],"configDoc":"Secret","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"secret","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.introspection-credentials.include-client-id","additionalKeys":[],"configDoc":"Include OpenId Connect Client ID configured with 'quarkus.oidc.client-id'","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"include-client-id","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.roles.role-claim-path","additionalKeys":[],"configDoc":"List of paths to claims containing an array of groups. Each path starts from the top level JWT JSON object and can contain multiple segments where each segment represents a JSON object name only, example: \"realm/groups\". Use double quotes with the namespace qualified claim names. This property can be used if a token has no 'groups' claim but has the groups set in one or more different claims.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"role-claim-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.roles.role-claim-separator","additionalKeys":[],"configDoc":"Separator for splitting a string which may contain multiple group values. It will only be used if the \"role-claim-path\" property points to one or more custom claims whose values are strings. A single space will be used by default because the standard 'scope' claim may contain a space separated sequence.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"role-claim-separator","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.Roles.Source","key":"quarkus.oidc.roles.source","additionalKeys":[],"configDoc":"Source of the principal roles.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"source","configPhase":"RUN_TIME","acceptedValues":["tooltip:idtoken[ID Token - the default value for the 'web-app' applications.]","tooltip:accesstoken[Access Token - the default value for the 'service' applications; can also be used as the source of roles for the 'web-app' applications.]","tooltip:userinfo[User Info]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"string","key":"quarkus.oidc.token.issuer","additionalKeys":[],"configDoc":"Expected issuer 'iss' claim value. Note this property overrides the `issuer` property which may be set in OpenId Connect provider's well-known configuration. If the `iss` claim value varies depending on the host/IP address or tenant id of the provider then you may skip the issuer verification by setting this property to 'any' but it should be done only when other options (such as configuring the provider to use the fixed `iss` claim value) are not possible.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"issuer","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.token.audience","additionalKeys":[],"configDoc":"Expected audience 'aud' claim value which may be a string or an array of strings. Note the audience claim will be verified for ID tokens by default. ID token audience must be equal to the value of `quarkus.oidc.client-id` property. Use this property to override the expected value if your OpenID Connect provider sets a different audience claim value in ID tokens. Set it to `any` if your provider does not set ID token audience` claim. Audience verification for access tokens will only be done if this property is configured.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"audience","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.token.subject-required","additionalKeys":[],"configDoc":"Require that the token includes a `sub` (subject) claim which is a unique and never reassigned identifier for the current user. Note that if you enable this property and if UserInfo is also required then both the token and UserInfo `sub` claims must be present and match each other.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"subject-required","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.oidc.token.required-claims","additionalKeys":[],"configDoc":"A map of required claims and their expected values. For example, `quarkus.oidc.token.required-claims.org_id = org_xyz` would require tokens to have the `org_id` claim to be present and set to `org_xyz`. Strings are the only supported types. Use `SecurityIdentityAugmentor` to verify claims of other types or complex claims.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"claim-name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.token.token-type","additionalKeys":[],"configDoc":"Expected token type","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"token-type","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.oidc.token.lifespan-grace","additionalKeys":[],"configDoc":"Life span grace period in seconds. When checking token expiry, current time is allowed to be later than token expiration time by at most the configured number of seconds. When checking token issuance, current time is allowed to be sooner than token issue time by at most the configured number of seconds.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"lifespan-grace","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.token.age","additionalKeys":[],"configDoc":"Token age. It allows for the number of seconds to be specified that must not elapse since the `iat` (issued at) time. A small leeway to account for clock skew which can be configured with 'quarkus.oidc.token.lifespan-grace' to verify the token expiry time can also be used to verify the token age property. Note that setting this property does not relax the requirement that Bearer and Code Flow JWT tokens must have a valid ('exp') expiry claim value. The only exception where setting this property relaxes the requirement is when a logout token is sent with a back-channel logout request since the current OpenId Connect Back-Channel specification does not explicitly require the logout tokens to contain an 'exp' claim. However, even if the current logout token is allowed to have no 'exp' claim, the `exp` claim will be still verified if the logout token contains it.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"age","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.token.principal-claim","additionalKeys":[],"configDoc":"Name of the claim which contains a principal name. By default, the 'upn', 'preferred_username' and `sub` claims are checked.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"principal-claim","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.token.refresh-expired","additionalKeys":[],"configDoc":"Refresh expired authorization code flow ID or access tokens. If this property is enabled then a refresh token request will be performed if the authorization code ID or access token has expired and, if successful, the local session will be updated with the new set of tokens. Otherwise, the local session will be invalidated and the user redirected to the OpenID Provider to re-authenticate. In this case the user may not be challenged again if the OIDC provider session is still active. For this option be effective the `authentication.session-age-extension` property should also be set to a non-zero value since the refresh token is currently kept in the user session. This option is valid only when the application is of type `ApplicationType++#++WEB_APP`++}++. This property will be enabled if `quarkus.oidc.token.refresh-token-time-skew` is configured, you do not have to enable this property manually in this case.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"refresh-expired","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.token.refresh-token-time-skew","additionalKeys":[],"configDoc":"Refresh token time skew in seconds. If this property is enabled then the configured number of seconds is added to the current time when checking if the authorization code ID or access token should be refreshed. If the sum is greater than the authorization code ID or access token's expiration time then a refresh is going to happen.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"refresh-token-time-skew","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.token.forced-jwk-refresh-interval","additionalKeys":[],"configDoc":"Forced JWK set refresh interval in minutes.","withinAMap":false,"defaultValue":"10M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"forced-jwk-refresh-interval","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.token.header","additionalKeys":[],"configDoc":"Custom HTTP header that contains a bearer token. This option is valid only when the application is of type `ApplicationType++#++SERVICE`++}++.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"header","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.SignatureAlgorithm","key":"quarkus.oidc.token.signature-algorithm","additionalKeys":[],"configDoc":"Required signature algorithm. OIDC providers support many signature algorithms but if necessary you can restrict Quarkus application to accept tokens signed only using an algorithm configured with this property.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"signature-algorithm","configPhase":"RUN_TIME","acceptedValues":["`rs256`","`rs384`","`rs512`","`ps256`","`ps384`","`ps512`","`es256`","`es384`","`es512`","`eddsa`"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"string","key":"quarkus.oidc.token.decryption-key-location","additionalKeys":[],"configDoc":"Decryption key location. JWT tokens can be inner-signed and encrypted by OpenId Connect providers. However, it is not always possible to remotely introspect such tokens because the providers may not control the private decryption keys. In such cases set this property to point to the file containing the decryption private key in PEM or JSON Web Key (JWK) format. Note that if a 'private_key_jwt' client authentication method is used then the private key which is used to sign client authentication JWT tokens will be used to try to decrypt an encrypted ID token if this property is not set.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"decryption-key-location","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.token.allow-jwt-introspection","additionalKeys":[],"configDoc":"Allow the remote introspection of JWT tokens when no matching JWK key is available. Note this property is set to 'true' by default for backward-compatibility reasons and will be set to `false` instead in one of the next releases. Also note this property will be ignored if JWK endpoint URI is not available and introspecting the tokens is the only verification option.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-jwt-introspection","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.token.require-jwt-introspection-only","additionalKeys":[],"configDoc":"Require that JWT tokens are only introspected remotely.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"require-jwt-introspection-only","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.token.allow-opaque-token-introspection","additionalKeys":[],"configDoc":"Allow the remote introspection of the opaque tokens. Set this property to 'false' if only JWT tokens are expected.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-opaque-token-introspection","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.token.customizer-name","additionalKeys":[],"configDoc":"Token customizer name. Allows to select a tenant specific token customizer as a named bean. Prefer using `TenantFeature` qualifier when registering custom `TokenCustomizer`. Use this property only to refer to `TokenCustomizer` implementations provided by this extension.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"customizer-name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.token.verify-access-token-with-user-info","additionalKeys":[],"configDoc":"Indirectly verify that the opaque (binary) access token is valid by using it to request UserInfo. Opaque access token is considered valid if the provider accepted this token and returned a valid UserInfo. You should only enable this option if the opaque access tokens have to be accepted but OpenId Connect provider does not have a token introspection endpoint. This property will have no effect when JWT tokens have to be verified.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"verify-access-token-with-user-info","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.logout.path","additionalKeys":[],"configDoc":"The relative path of the logout endpoint at the application. If provided, the application is able to initiate the logout through this endpoint in conformance with the OpenID Connect RP-Initiated Logout specification.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.logout.post-logout-path","additionalKeys":[],"configDoc":"Relative path of the application endpoint where the user should be redirected to after logging out from the OpenID Connect Provider. This endpoint URI must be properly registered at the OpenID Connect Provider as a valid redirect URI.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"post-logout-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.logout.post-logout-uri-param","additionalKeys":[],"configDoc":"Name of the post logout URI parameter which will be added as a query parameter to the logout redirect URI.","withinAMap":false,"defaultValue":"post_logout_redirect_uri","javaDocSiteLink":"","docMapKey":"post-logout-uri-param","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.oidc.logout.extra-params","additionalKeys":[],"configDoc":"Additional properties which will be added as the query parameters to the logout redirect URI.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"extra-params","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.logout.backchannel.path","additionalKeys":[],"configDoc":"The relative path of the Back-Channel Logout endpoint at the application.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.oidc.logout.backchannel.token-cache-size","additionalKeys":[],"configDoc":"Maximum number of logout tokens that can be cached before they are matched against ID tokens stored in session cookies.","withinAMap":false,"defaultValue":"10","javaDocSiteLink":"","docMapKey":"token-cache-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.logout.backchannel.token-cache-time-to-live","additionalKeys":[],"configDoc":"Number of minutes a logout token can be cached for.","withinAMap":false,"defaultValue":"10M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"token-cache-time-to-live","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.logout.backchannel.clean-up-timer-interval","additionalKeys":[],"configDoc":"Token cache timer interval. If this property is set then a timer will check and remove the stale entries periodically.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"clean-up-timer-interval","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.logout.backchannel.logout-token-key","additionalKeys":[],"configDoc":"Logout token claim whose value will be used as a key for caching the tokens. Only `sub` (subject) and `sid` (session id) claims can be used as keys. Set it to `sid` only if ID tokens issued by the OIDC provider have no `sub` but have `sid` claim.","withinAMap":false,"defaultValue":"sub","javaDocSiteLink":"","docMapKey":"logout-token-key","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.logout.frontchannel.path","additionalKeys":[],"configDoc":"The relative path of the Front-Channel Logout endpoint at the application.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.Authentication.ResponseMode","key":"quarkus.oidc.authentication.response-mode","additionalKeys":[],"configDoc":"Authorization code flow response mode","withinAMap":false,"defaultValue":"query","javaDocSiteLink":"","docMapKey":"response-mode","configPhase":"RUN_TIME","acceptedValues":["tooltip:query[Authorization response parameters are encoded in the query string added to the redirect_uri]","tooltip:form-post[Authorization response parameters are encoded as HTML form values that are auto-submitted in the browser and transmitted via the HTTP POST method using the application/x-www-form-urlencoded content type]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"string","key":"quarkus.oidc.authentication.redirect-path","additionalKeys":[],"configDoc":"Relative path for calculating a \"redirect_uri\" query parameter. It has to start from a forward slash and will be appended to the request URI's host and port. For example, if the current request URI is 'https://localhost:8080/service' then a 'redirect_uri' parameter will be set to 'https://localhost:8080/' if this property is set to '/' and be the same as the request URI if this property has not been configured. Note the original request URI will be restored after the user has authenticated if 'restorePathAfterRedirect' is set to 'true'.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"redirect-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.authentication.restore-path-after-redirect","additionalKeys":[],"configDoc":"If this property is set to 'true' then the original request URI which was used before the authentication will be restored after the user has been redirected back to the application. Note if `redirectPath` property is not set, the original request URI will be restored even if this property is disabled.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"restore-path-after-redirect","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.authentication.remove-redirect-parameters","additionalKeys":[],"configDoc":"Remove the query parameters such as 'code' and 'state' set by the OIDC server on the redirect URI after the user has authenticated by redirecting a user to the same URI but without the query parameters.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"remove-redirect-parameters","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.authentication.error-path","additionalKeys":[],"configDoc":"Relative path to the public endpoint which will process the error response from the OIDC authorization endpoint. If the user authentication has failed then the OIDC provider will return an 'error' and an optional 'error_description' parameters, instead of the expected authorization 'code'. If this property is set then the user will be redirected to the endpoint which can return a user-friendly error description page. It has to start from a forward slash and will be appended to the request URI's host and port. For example, if it is set as '/error' and the current request URI is 'https://localhost:8080/callback?error=invalid_scope' then a redirect will be made to 'https://localhost:8080/error?error=invalid_scope'. If this property is not set then HTTP 401 status will be returned in case of the user authentication failure.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"error-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.authentication.verify-access-token","additionalKeys":[],"configDoc":"Both ID and access tokens are fetched from the OIDC provider as part of the authorization code flow. ID token is always verified on every user request as the primary token which is used to represent the principal and extract the roles. Access token is not verified by default since it is meant to be propagated to the downstream services. The verification of the access token should be enabled if it is injected as a JWT token. Access tokens obtained as part of the code flow will always be verified if `quarkus.oidc.roles.source` property is set to `accesstoken` which means the authorization decision will be based on the roles extracted from the access token. Bearer access tokens are always verified.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"verify-access-token","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.authentication.force-redirect-https-scheme","additionalKeys":[],"configDoc":"Force 'https' as the 'redirect_uri' parameter scheme when running behind an SSL terminating reverse proxy. This property, if enabled, will also affect the logout `post_logout_redirect_uri` and the local redirect requests.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"force-redirect-https-scheme","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.authentication.scopes","additionalKeys":[],"configDoc":"List of scopes","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"scopes","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.authentication.nonce-required","additionalKeys":[],"configDoc":"Require that ID token includes a `nonce` claim which must match `nonce` authentication request query parameter. Enabling this property can help mitigate replay attacks. Do not enable this property if your OpenId Connect provider does not support setting `nonce` in ID token or if you work with OAuth2 provider such as `GitHub` which does not issue ID tokens.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"nonce-required","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.authentication.add-openid-scope","additionalKeys":[],"configDoc":"Add the 'openid' scope automatically to the list of scopes. This is required for OpenId Connect providers but will not work for OAuth2 providers such as Twitter OAuth2 which does not accept that scope and throws an error.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"add-openid-scope","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.oidc.authentication.extra-params","additionalKeys":[],"configDoc":"Additional properties which will be added as the query parameters to the authentication redirect URI.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"extra-params","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.authentication.forward-params","additionalKeys":[],"configDoc":"Request URL query parameters which, if present, will be added to the authentication redirect URI.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"forward-params","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.authentication.cookie-force-secure","additionalKeys":[],"configDoc":"If enabled the state, session and post logout cookies will have their 'secure' parameter set to 'true' when HTTP is used. It may be necessary when running behind an SSL terminating reverse proxy. The cookies will always be secure if HTTPS is used even if this property is set to false.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"cookie-force-secure","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.authentication.cookie-suffix","additionalKeys":[],"configDoc":"Cookie name suffix. For example, a session cookie name for the default OIDC tenant is 'q_session' but can be changed to 'q_session_test' if this property is set to 'test'.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"cookie-suffix","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.authentication.cookie-path","additionalKeys":[],"configDoc":"Cookie path parameter value which, if set, will be used to set a path parameter for the session, state and post logout cookies. The `cookie-path-header` property, if set, will be checked first.","withinAMap":false,"defaultValue":"/","javaDocSiteLink":"","docMapKey":"cookie-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.authentication.cookie-path-header","additionalKeys":[],"configDoc":"Cookie path header parameter value which, if set, identifies the incoming HTTP header whose value will be used to set a path parameter for the session, state and post logout cookies. If the header is missing then the `cookie-path` property will be checked.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"cookie-path-header","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.authentication.cookie-domain","additionalKeys":[],"configDoc":"Cookie domain parameter value which, if set, will be used for the session, state and post logout cookies.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"cookie-domain","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.Authentication.CookieSameSite","key":"quarkus.oidc.authentication.cookie-same-site","additionalKeys":[],"configDoc":"SameSite attribute for the session cookie.","withinAMap":false,"defaultValue":"lax","javaDocSiteLink":"","docMapKey":"cookie-same-site","configPhase":"RUN_TIME","acceptedValues":["`strict`","`lax`","`none`"],"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.authentication.allow-multiple-code-flows","additionalKeys":[],"configDoc":"If a state cookie is present then a `state` query parameter must also be present and both the state cookie name suffix and state cookie value have to match the value of the `state` query parameter when the redirect path matches the current path. However, if multiple authentications are attempted from the same browser, for example, from the different browser tabs, then the currently available state cookie may represent the authentication flow initiated from another tab and not related to the current request. Disable this property if you would like to avoid supporting multiple authorization code flows running in the same browser.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-multiple-code-flows","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.authentication.fail-on-missing-state-param","additionalKeys":[],"configDoc":"Fail with the HTTP 401 error if the state cookie is present but no state query parameter is present.\n\nWhen either multiple authentications are disabled or the redirect URL matches the original request URL, the stale state cookie might remain in the browser cache from the earlier failed redirect to an OpenId Connect provider and be visible during the current request. For example, if Single-page application (SPA) uses XHR to handle redirects to the provider which does not support CORS for its authorization endpoint, the browser will block it and the state cookie created by Quarkus will remain in the browser cache. Quarkus will report an authentication failure when it will detect such an old state cookie but find no matching state query parameter.\n\nReporting HTTP 401 error is usually the right thing to do in such cases, it will minimize a risk of the browser redirect loop but also can identify problems in the way SPA or Quarkus application manage redirects. For example, enabling `java-script-auto-redirect` or having the provider redirect to URL configured with `redirect-path` may be needed to avoid such errors.\n\nHowever, setting this property to `false` may help if the above options are not suitable. It will cause a new authentication redirect to OpenId Connect provider. Please be aware doing so may increase the risk of browser redirect loops.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"fail-on-missing-state-param","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.authentication.user-info-required","additionalKeys":[],"configDoc":"If this property is set to 'true' then an OIDC UserInfo endpoint will be called. This property will be enabled if `quarkus.oidc.roles.source` is `userinfo` or `quarkus.oidc.token.verify-access-token-with-user-info` is `true` or `quarkus.oidc.authentication.id-token-required` is set to `false`, you do not have to enable this property manually in these cases.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"user-info-required","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.authentication.session-age-extension","additionalKeys":[],"configDoc":"Session age extension in minutes. The user session age property is set to the value of the ID token life-span by default and the user will be redirected to the OIDC provider to re-authenticate once the session has expired. If this property is set to a non-zero value then the expired ID token can be refreshed before the session has expired. This property will be ignored if the `token.refresh-expired` property has not been enabled.","withinAMap":false,"defaultValue":"5M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"session-age-extension","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.authentication.java-script-auto-redirect","additionalKeys":[],"configDoc":"If this property is set to 'true' then a normal 302 redirect response will be returned if the request was initiated via JavaScript API such as XMLHttpRequest or Fetch and the current user needs to be (re)authenticated which may not be desirable for Single-page applications (SPA) since it automatically following the redirect may not work given that OIDC authorization endpoints typically do not support CORS.\n\nIf this property is set to 'false' then a status code of '499' will be returned to allow SPA to handle the redirect manually if a request header identifying current request as a JavaScript request is found. 'X-Requested-With' request header with its value set to either `JavaScript` or `XMLHttpRequest` is expected by default if this property is enabled. You can register a custom `JavaScriptRequestChecker` to do a custom JavaScript request check instead.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"java-script-auto-redirect","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.authentication.id-token-required","additionalKeys":[],"configDoc":"Requires that ID token is available when the authorization code flow completes. Disable this property only when you need to use the authorization code flow with OAuth2 providers which do not return ID token - an internal IdToken will be generated in such cases.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"id-token-required","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.authentication.internal-id-token-lifespan","additionalKeys":[],"configDoc":"Internal ID token lifespan. This property is only checked when an internal IdToken is generated when Oauth2 providers do not return IdToken.","withinAMap":false,"defaultValue":"5M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"internal-id-token-lifespan","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.authentication.pkce-required","additionalKeys":[],"configDoc":"Requires that a Proof Key for Code Exchange (PKCE) is used.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"pkce-required","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.authentication.state-secret","additionalKeys":[],"configDoc":"Secret which will be used to encrypt Proof Key for Code Exchange (PKCE) code verifier and/or nonce in the code flow state. This secret should be at least 32 characters long.\n\nIf this secret is not set, the client secret configured with either `quarkus.oidc.credentials.secret` or `quarkus.oidc.credentials.client-secret.value` will be checked. Finally, `quarkus.oidc.credentials.jwt.secret` which can be used for `client_jwt_secret` authentication will be checked. Client secret will not be used as a state encryption secret if it is less than 32 characters long.\n\nThe secret will be auto-generated if it remains uninitialized after checking all of these properties.\n\nError will be reported if the secret length is less than 16 characters.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"state-secret","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.oidc.code-grant.extra-params","additionalKeys":[],"configDoc":"Additional parameters, in addition to the required `code` and `redirect-uri` parameters, which have to be included to complete the authorization code grant request.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"extra-params","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.oidc.code-grant.headers","additionalKeys":[],"configDoc":"Custom HTTP headers which have to be sent to complete the authorization code grant request.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"headers","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.TokenStateManager.Strategy","key":"quarkus.oidc.token-state-manager.strategy","additionalKeys":[],"configDoc":"Default TokenStateManager strategy.","withinAMap":false,"defaultValue":"keep-all-tokens","javaDocSiteLink":"","docMapKey":"strategy","configPhase":"RUN_TIME","acceptedValues":["tooltip:keep-all-tokens[Keep ID, access and refresh tokens.]","tooltip:id-token[Keep ID token only]","tooltip:id-refresh-tokens[Keep ID and refresh tokens only]"],"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.token-state-manager.split-tokens","additionalKeys":[],"configDoc":"Default TokenStateManager keeps all tokens (ID, access and refresh) returned in the authorization code grant response in a single session cookie by default. Enable this property to minimize a session cookie size","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"split-tokens","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.token-state-manager.encryption-required","additionalKeys":[],"configDoc":"Mandates that the session cookie that stores the tokens is encrypted.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"encryption-required","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.token-state-manager.encryption-secret","additionalKeys":[],"configDoc":"Secret which will be used to encrypt the session cookie storing the tokens when `encryption-required` property is enabled.\n\nIf this secret is not set, the client secret configured with either `quarkus.oidc.credentials.secret` or `quarkus.oidc.credentials.client-secret.value` will be checked. Finally, `quarkus.oidc.credentials.jwt.secret` which can be used for `client_jwt_secret` authentication will be checked. The secret will be auto-generated if it remains uninitialized after checking all of these properties.\n\nThe length of the secret which will be used to encrypt the tokens should be at least 32 characters long. Warning will be logged if the secret length is less than 16 characters.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"encryption-secret","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.allow-token-introspection-cache","additionalKeys":[],"configDoc":"Allow caching the token introspection data. Note enabling this property does not enable the cache itself but only permits to cache the token introspection for a given tenant. If the default token cache can be used then please see `OidcConfig.TokenCache` how to enable it.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-token-introspection-cache","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.allow-user-info-cache","additionalKeys":[],"configDoc":"Allow caching the user info data. Note enabling this property does not enable the cache itself but only permits to cache the user info data for a given tenant. If the default token cache can be used then please see `OidcConfig.TokenCache` how to enable it.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-user-info-cache","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.cache-user-info-in-idtoken","additionalKeys":[],"configDoc":"Allow inlining UserInfo in IdToken instead of caching it in the token cache. This property is only checked when an internal IdToken is generated when Oauth2 providers do not return IdToken. Inlining UserInfo in the generated IdToken allows to store it in the session cookie and avoids introducing a cached state.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"cache-user-info-in-idtoken","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.Provider","key":"quarkus.oidc.provider","additionalKeys":[],"configDoc":"Well known OpenId Connect provider identifier","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"provider","configPhase":"RUN_TIME","acceptedValues":["`apple`","`facebook`","`github`","`google`","`mastodon`","`microsoft`","`spotify`","`twitch`","`twitter`","`x`"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocSection":{"name":"quarkus.oidc.named-tenants","optional":false,"withinAMap":false,"sectionDetails":"= Additional named tenants","sectionDetailsTitle":"Additional named tenants","configPhase":"RUN_TIME","topLevelGrouping":"quarkus.oidc","configGroupType":"io.quarkus.oidc.OidcTenantConfig","showSection":true,"configDocItems":[{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".auth-server-url","additionalKeys":[],"configDoc":"The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. OIDC discovery endpoint will be called by default by appending a '.well-known/openid-configuration' path to this URL. Note if you work with Keycloak OIDC server, make sure the base URL is in the following format: `https://host:port/realms/++{++realm++}++` where `++{++realm++}++` has to be replaced by the name of the Keycloak realm.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"auth-server-url","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.\"tenant\".discovery-enabled","additionalKeys":[],"configDoc":"Enables OIDC discovery. If the discovery is disabled then the OIDC endpoint URLs must be configured individually.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"discovery-enabled","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".token-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC token endpoint which issues access and refresh tokens.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"token-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".revoke-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC token revocation endpoint.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"revoke-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".client-id","additionalKeys":[],"configDoc":"The client-id of the application. Each application has a client-id that is used to identify the application","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"client-id","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.\"tenant\".connection-delay","additionalKeys":[],"configDoc":"The maximum amount of time connecting to the currently unavailable OIDC server will be attempted for. The number of times the connection request will be repeated is calculated by dividing the value of this property by 2. For example, setting it to `20S` will allow for requesting the connection up to 10 times with a 2 seconds delay between the retries. Note this property is only effective when the initial OIDC connection is created, for example, when requesting a well-known OIDC configuration. Use the 'connection-retry-count' property to support trying to re-establish an already available connection which may have been dropped.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"connection-delay","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.oidc.\"tenant\".connection-retry-count","additionalKeys":[],"configDoc":"The number of times an attempt to re-establish an already available connection will be repeated for. Note this property is different to the `connection-delay` property which is only effective during the initial OIDC connection creation. This property is used to try to recover the existing connection which may have been temporarily lost. For example, if a request to the OIDC token endpoint fails due to a connection exception then the request will be retried for a number of times configured by this property.","withinAMap":true,"defaultValue":"3","javaDocSiteLink":"","docMapKey":"connection-retry-count","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.\"tenant\".connection-timeout","additionalKeys":[],"configDoc":"The amount of time after which the current OIDC connection request will time out.","withinAMap":true,"defaultValue":"10S","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"connection-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.oidc.\"tenant\".max-pool-size","additionalKeys":[],"configDoc":"The maximum size of the connection pool used by the WebClient","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"max-pool-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.secret","additionalKeys":[],"configDoc":"Client secret which is used for a `client_secret_basic` authentication method. Note that a 'client-secret.value' can be used instead but both properties are mutually exclusive.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"secret","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.client-secret.value","additionalKeys":[],"configDoc":"The client secret value - it will be ignored if 'secret.key' is set","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"value","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.client-secret.provider.name","additionalKeys":[],"configDoc":"The CredentialsProvider name which should only be set if more than one CredentialsProvider is registered","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.client-secret.provider.key","additionalKeys":[],"configDoc":"The CredentialsProvider client secret key","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.common.runtime.OidcCommonConfig.Credentials.Secret.Method","key":"quarkus.oidc.\"tenant\".credentials.client-secret.method","additionalKeys":[],"configDoc":"Authentication method.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"method","configPhase":"RUN_TIME","acceptedValues":["tooltip:basic[client_secret_basic (default): client id and secret are submitted with the HTTP Authorization Basic scheme]","tooltip:post[client_secret_post: client id and secret are submitted as the 'client_id' and 'client_secret' form parameters.]","tooltip:post-jwt[client_secret_jwt: client id and generated JWT secret are submitted as the 'client_id' and 'client_secret' form parameters.]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.secret","additionalKeys":[],"configDoc":"If provided, indicates that JWT is signed using a secret key","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"secret","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.secret-provider.name","additionalKeys":[],"configDoc":"The CredentialsProvider name which should only be set if more than one CredentialsProvider is registered","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.secret-provider.key","additionalKeys":[],"configDoc":"The CredentialsProvider client secret key","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.key-file","additionalKeys":[],"configDoc":"If provided, indicates that JWT is signed using a private key in PEM or JWK format. You can use the `signature-algorithm` property to specify the key algorithm.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-file","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.key-store-file","additionalKeys":[],"configDoc":"If provided, indicates that JWT is signed using a private key from a key store","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-file","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.key-store-password","additionalKeys":[],"configDoc":"A parameter to specify the password of the key store file.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.key-id","additionalKeys":[],"configDoc":"The private key id/alias","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-id","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.key-password","additionalKeys":[],"configDoc":"The private key password","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.audience","additionalKeys":[],"configDoc":"JWT audience ('aud') claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"audience","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.token-key-id","additionalKeys":[],"configDoc":"Key identifier of the signing key added as a JWT 'kid' header","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"token-key-id","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.issuer","additionalKeys":[],"configDoc":"Issuer of the signing key added as a JWT 'iss' claim (default: client id)","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"issuer","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.subject","additionalKeys":[],"configDoc":"Subject of the signing key added as a JWT 'sub' claim (default: client id)","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"subject","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.oidc.\"tenant\".credentials.jwt.claims","additionalKeys":[],"configDoc":"Additional claims.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"claims","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".credentials.jwt.signature-algorithm","additionalKeys":[],"configDoc":"Signature algorithm, also used for the `key-file` property. Supported values: RS256, RS384, RS512, PS256, PS384, PS512, ES256, ES384, ES512, HS256, HS384, HS512.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"signature-algorithm","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.oidc.\"tenant\".credentials.jwt.lifespan","additionalKeys":[],"configDoc":"JWT life-span in seconds. It will be added to the time it was issued at to calculate the expiration time.","withinAMap":true,"defaultValue":"10","javaDocSiteLink":"","docMapKey":"lifespan","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".proxy.host","additionalKeys":[],"configDoc":"The host (name or IP address) of the Proxy. +\nNote: If OIDC adapter needs to use a Proxy to talk with OIDC server (Provider), then at least the \"host\" config item must be configured to enable the usage of a Proxy.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"host","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.oidc.\"tenant\".proxy.port","additionalKeys":[],"configDoc":"The port number of the Proxy. Default value is 80.","withinAMap":true,"defaultValue":"80","javaDocSiteLink":"","docMapKey":"port","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".proxy.username","additionalKeys":[],"configDoc":"The username, if Proxy needs authentication.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"username","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".proxy.password","additionalKeys":[],"configDoc":"The password, if Proxy needs authentication.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.common.runtime.OidcCommonConfig.Tls.Verification","key":"quarkus.oidc.\"tenant\".tls.verification","additionalKeys":[],"configDoc":"Certificate validation and hostname verification, which can be one of the following values from enum `Verification`. Default is required.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"verification","configPhase":"RUN_TIME","acceptedValues":["tooltip:required[Certificates are validated and hostname verification is enabled. This is the default value.]","tooltip:certificate-validation[Certificates are validated but hostname verification is disabled.]","tooltip:none[All certificated are trusted and hostname verification is disabled.]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"path","key":"quarkus.oidc.\"tenant\".tls.key-store-file","additionalKeys":[],"configDoc":"An optional key store which holds the certificate information instead of specifying separate files.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-file","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".tls.key-store-file-type","additionalKeys":[],"configDoc":"An optional parameter to specify type of the key store file. If not given, the type is automatically detected based on the file name.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-file-type","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".tls.key-store-provider","additionalKeys":[],"configDoc":"An optional parameter to specify a provider of the key store file. If not given, the provider is automatically detected based on the key store file type.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-provider","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".tls.key-store-password","additionalKeys":[],"configDoc":"A parameter to specify the password of the key store file. If not given, the default (\"password\") is used.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".tls.key-store-key-alias","additionalKeys":[],"configDoc":"An optional parameter to select a specific key in the key store. When SNI is disabled, if the key store contains multiple keys and no alias is specified, the behavior is undefined.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-key-alias","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".tls.key-store-key-password","additionalKeys":[],"configDoc":"An optional parameter to define the password for the key, in case it's different from `key-store-password`.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-key-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"path","key":"quarkus.oidc.\"tenant\".tls.trust-store-file","additionalKeys":[],"configDoc":"An optional trust store which holds the certificate information of the certificates to trust","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-file","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".tls.trust-store-password","additionalKeys":[],"configDoc":"A parameter to specify the password of the trust store file.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".tls.trust-store-cert-alias","additionalKeys":[],"configDoc":"A parameter to specify the alias of the trust store certificate.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-cert-alias","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".tls.trust-store-file-type","additionalKeys":[],"configDoc":"An optional parameter to specify type of the trust store file. If not given, the type is automatically detected based on the file name.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-file-type","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".tls.trust-store-provider","additionalKeys":[],"configDoc":"An optional parameter to specify a provider of the trust store file. If not given, the provider is automatically detected based on the trust store file type.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-provider","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".tenant-id","additionalKeys":[],"configDoc":"A unique tenant identifier. It must be set by `TenantConfigResolver` providers which resolve the tenant configuration dynamically and is optional in all other cases.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"tenant-id","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".tenant-enabled","additionalKeys":[],"configDoc":"If this tenant configuration is enabled. Note that the default tenant will be disabled if it is not configured but either `TenantConfigResolver` which will resolve tenant configurations is registered or named tenants are configured. You do not have to disable the default tenant in this case.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"tenant-enabled","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.ApplicationType","key":"quarkus.oidc.\"tenant\".application-type","additionalKeys":[],"configDoc":"The application type, which can be one of the following values from enum `ApplicationType`.","withinAMap":true,"defaultValue":"service","javaDocSiteLink":"","docMapKey":"application-type","configPhase":"RUN_TIME","acceptedValues":["tooltip:web-app[A `WEB_APP` is a client that serves pages, usually a frontend application. For this type of client the Authorization Code Flow is defined as the preferred method for authenticating users.]","tooltip:service[A `SERVICE` is a client that has a set of protected HTTP resources, usually a backend application following the RESTful Architectural Design. For this type of client, the Bearer Authorization method is defined as the preferred method for authenticating and authorizing users.]","tooltip:hybrid[A combined `SERVICE` and `WEB_APP` client. For this type of client, the Bearer Authorization method will be used if the Authorization header is set and Authorization Code Flow - if not.]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".authorization-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC authorization endpoint which authenticates the users. This property must be set for the 'web-app' applications if OIDC discovery is disabled. This property will be ignored if the discovery is enabled.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"authorization-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".user-info-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC userinfo endpoint. This property must only be set for the 'web-app' applications if OIDC discovery is disabled and 'authentication.user-info-required' property is enabled. This property will be ignored if the discovery is enabled.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"user-info-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".introspection-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC RFC7662 introspection endpoint which can introspect both opaque and JWT tokens. This property must be set if OIDC discovery is disabled and 1) the opaque bearer access tokens have to be verified or 2) JWT tokens have to be verified while the cached JWK verification set with no matching JWK is being refreshed. This property will be ignored if the discovery is enabled.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"introspection-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".jwks-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC JWKS endpoint which returns a JSON Web Key Verification Set. This property should be set if OIDC discovery is disabled and the local JWT verification is required. This property will be ignored if the discovery is enabled.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"jwks-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".end-session-path","additionalKeys":[],"configDoc":"Relative path or absolute URL of the OIDC end_session_endpoint. This property must be set if OIDC discovery is disabled and RP Initiated Logout support for the 'web-app' applications is required. This property will be ignored if the discovery is enabled.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"end-session-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".public-key","additionalKeys":[],"configDoc":"Public key for the local JWT token verification. OIDC server connection will not be created when this property is set.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"public-key","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".introspection-credentials.name","additionalKeys":[],"configDoc":"Name","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".introspection-credentials.secret","additionalKeys":[],"configDoc":"Secret","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"secret","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".introspection-credentials.include-client-id","additionalKeys":[],"configDoc":"Include OpenId Connect Client ID configured with 'quarkus.oidc.client-id'","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"include-client-id","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".roles.role-claim-path","additionalKeys":[],"configDoc":"List of paths to claims containing an array of groups. Each path starts from the top level JWT JSON object and can contain multiple segments where each segment represents a JSON object name only, example: \"realm/groups\". Use double quotes with the namespace qualified claim names. This property can be used if a token has no 'groups' claim but has the groups set in one or more different claims.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"role-claim-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".roles.role-claim-separator","additionalKeys":[],"configDoc":"Separator for splitting a string which may contain multiple group values. It will only be used if the \"role-claim-path\" property points to one or more custom claims whose values are strings. A single space will be used by default because the standard 'scope' claim may contain a space separated sequence.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"role-claim-separator","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.Roles.Source","key":"quarkus.oidc.\"tenant\".roles.source","additionalKeys":[],"configDoc":"Source of the principal roles.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"source","configPhase":"RUN_TIME","acceptedValues":["tooltip:idtoken[ID Token - the default value for the 'web-app' applications.]","tooltip:accesstoken[Access Token - the default value for the 'service' applications; can also be used as the source of roles for the 'web-app' applications.]","tooltip:userinfo[User Info]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".token.issuer","additionalKeys":[],"configDoc":"Expected issuer 'iss' claim value. Note this property overrides the `issuer` property which may be set in OpenId Connect provider's well-known configuration. If the `iss` claim value varies depending on the host/IP address or tenant id of the provider then you may skip the issuer verification by setting this property to 'any' but it should be done only when other options (such as configuring the provider to use the fixed `iss` claim value) are not possible.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"issuer","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".token.audience","additionalKeys":[],"configDoc":"Expected audience 'aud' claim value which may be a string or an array of strings. Note the audience claim will be verified for ID tokens by default. ID token audience must be equal to the value of `quarkus.oidc.client-id` property. Use this property to override the expected value if your OpenID Connect provider sets a different audience claim value in ID tokens. Set it to `any` if your provider does not set ID token audience` claim. Audience verification for access tokens will only be done if this property is configured.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"audience","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".token.subject-required","additionalKeys":[],"configDoc":"Require that the token includes a `sub` (subject) claim which is a unique and never reassigned identifier for the current user. Note that if you enable this property and if UserInfo is also required then both the token and UserInfo `sub` claims must be present and match each other.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"subject-required","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.oidc.\"tenant\".token.required-claims","additionalKeys":[],"configDoc":"A map of required claims and their expected values. For example, `quarkus.oidc.token.required-claims.org_id = org_xyz` would require tokens to have the `org_id` claim to be present and set to `org_xyz`. Strings are the only supported types. Use `SecurityIdentityAugmentor` to verify claims of other types or complex claims.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"claim-name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".token.token-type","additionalKeys":[],"configDoc":"Expected token type","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"token-type","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.oidc.\"tenant\".token.lifespan-grace","additionalKeys":[],"configDoc":"Life span grace period in seconds. When checking token expiry, current time is allowed to be later than token expiration time by at most the configured number of seconds. When checking token issuance, current time is allowed to be sooner than token issue time by at most the configured number of seconds.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"lifespan-grace","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.\"tenant\".token.age","additionalKeys":[],"configDoc":"Token age. It allows for the number of seconds to be specified that must not elapse since the `iat` (issued at) time. A small leeway to account for clock skew which can be configured with 'quarkus.oidc.token.lifespan-grace' to verify the token expiry time can also be used to verify the token age property. Note that setting this property does not relax the requirement that Bearer and Code Flow JWT tokens must have a valid ('exp') expiry claim value. The only exception where setting this property relaxes the requirement is when a logout token is sent with a back-channel logout request since the current OpenId Connect Back-Channel specification does not explicitly require the logout tokens to contain an 'exp' claim. However, even if the current logout token is allowed to have no 'exp' claim, the `exp` claim will be still verified if the logout token contains it.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"age","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".token.principal-claim","additionalKeys":[],"configDoc":"Name of the claim which contains a principal name. By default, the 'upn', 'preferred_username' and `sub` claims are checked.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"principal-claim","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".token.refresh-expired","additionalKeys":[],"configDoc":"Refresh expired authorization code flow ID or access tokens. If this property is enabled then a refresh token request will be performed if the authorization code ID or access token has expired and, if successful, the local session will be updated with the new set of tokens. Otherwise, the local session will be invalidated and the user redirected to the OpenID Provider to re-authenticate. In this case the user may not be challenged again if the OIDC provider session is still active. For this option be effective the `authentication.session-age-extension` property should also be set to a non-zero value since the refresh token is currently kept in the user session. This option is valid only when the application is of type `ApplicationType++#++WEB_APP`++}++. This property will be enabled if `quarkus.oidc.token.refresh-token-time-skew` is configured, you do not have to enable this property manually in this case.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"refresh-expired","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.\"tenant\".token.refresh-token-time-skew","additionalKeys":[],"configDoc":"Refresh token time skew in seconds. If this property is enabled then the configured number of seconds is added to the current time when checking if the authorization code ID or access token should be refreshed. If the sum is greater than the authorization code ID or access token's expiration time then a refresh is going to happen.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"refresh-token-time-skew","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.\"tenant\".token.forced-jwk-refresh-interval","additionalKeys":[],"configDoc":"Forced JWK set refresh interval in minutes.","withinAMap":true,"defaultValue":"10M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"forced-jwk-refresh-interval","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".token.header","additionalKeys":[],"configDoc":"Custom HTTP header that contains a bearer token. This option is valid only when the application is of type `ApplicationType++#++SERVICE`++}++.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"header","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.SignatureAlgorithm","key":"quarkus.oidc.\"tenant\".token.signature-algorithm","additionalKeys":[],"configDoc":"Required signature algorithm. OIDC providers support many signature algorithms but if necessary you can restrict Quarkus application to accept tokens signed only using an algorithm configured with this property.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"signature-algorithm","configPhase":"RUN_TIME","acceptedValues":["`rs256`","`rs384`","`rs512`","`ps256`","`ps384`","`ps512`","`es256`","`es384`","`es512`","`eddsa`"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".token.decryption-key-location","additionalKeys":[],"configDoc":"Decryption key location. JWT tokens can be inner-signed and encrypted by OpenId Connect providers. However, it is not always possible to remotely introspect such tokens because the providers may not control the private decryption keys. In such cases set this property to point to the file containing the decryption private key in PEM or JSON Web Key (JWK) format. Note that if a 'private_key_jwt' client authentication method is used then the private key which is used to sign client authentication JWT tokens will be used to try to decrypt an encrypted ID token if this property is not set.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"decryption-key-location","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".token.allow-jwt-introspection","additionalKeys":[],"configDoc":"Allow the remote introspection of JWT tokens when no matching JWK key is available. Note this property is set to 'true' by default for backward-compatibility reasons and will be set to `false` instead in one of the next releases. Also note this property will be ignored if JWK endpoint URI is not available and introspecting the tokens is the only verification option.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-jwt-introspection","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".token.require-jwt-introspection-only","additionalKeys":[],"configDoc":"Require that JWT tokens are only introspected remotely.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"require-jwt-introspection-only","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".token.allow-opaque-token-introspection","additionalKeys":[],"configDoc":"Allow the remote introspection of the opaque tokens. Set this property to 'false' if only JWT tokens are expected.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-opaque-token-introspection","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".token.customizer-name","additionalKeys":[],"configDoc":"Token customizer name. Allows to select a tenant specific token customizer as a named bean. Prefer using `TenantFeature` qualifier when registering custom `TokenCustomizer`. Use this property only to refer to `TokenCustomizer` implementations provided by this extension.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"customizer-name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.\"tenant\".token.verify-access-token-with-user-info","additionalKeys":[],"configDoc":"Indirectly verify that the opaque (binary) access token is valid by using it to request UserInfo. Opaque access token is considered valid if the provider accepted this token and returned a valid UserInfo. You should only enable this option if the opaque access tokens have to be accepted but OpenId Connect provider does not have a token introspection endpoint. This property will have no effect when JWT tokens have to be verified.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"verify-access-token-with-user-info","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".logout.path","additionalKeys":[],"configDoc":"The relative path of the logout endpoint at the application. If provided, the application is able to initiate the logout through this endpoint in conformance with the OpenID Connect RP-Initiated Logout specification.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".logout.post-logout-path","additionalKeys":[],"configDoc":"Relative path of the application endpoint where the user should be redirected to after logging out from the OpenID Connect Provider. This endpoint URI must be properly registered at the OpenID Connect Provider as a valid redirect URI.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"post-logout-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".logout.post-logout-uri-param","additionalKeys":[],"configDoc":"Name of the post logout URI parameter which will be added as a query parameter to the logout redirect URI.","withinAMap":true,"defaultValue":"post_logout_redirect_uri","javaDocSiteLink":"","docMapKey":"post-logout-uri-param","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.oidc.\"tenant\".logout.extra-params","additionalKeys":[],"configDoc":"Additional properties which will be added as the query parameters to the logout redirect URI.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"extra-params","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".logout.backchannel.path","additionalKeys":[],"configDoc":"The relative path of the Back-Channel Logout endpoint at the application.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.oidc.\"tenant\".logout.backchannel.token-cache-size","additionalKeys":[],"configDoc":"Maximum number of logout tokens that can be cached before they are matched against ID tokens stored in session cookies.","withinAMap":true,"defaultValue":"10","javaDocSiteLink":"","docMapKey":"token-cache-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.\"tenant\".logout.backchannel.token-cache-time-to-live","additionalKeys":[],"configDoc":"Number of minutes a logout token can be cached for.","withinAMap":true,"defaultValue":"10M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"token-cache-time-to-live","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.\"tenant\".logout.backchannel.clean-up-timer-interval","additionalKeys":[],"configDoc":"Token cache timer interval. If this property is set then a timer will check and remove the stale entries periodically.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"clean-up-timer-interval","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".logout.backchannel.logout-token-key","additionalKeys":[],"configDoc":"Logout token claim whose value will be used as a key for caching the tokens. Only `sub` (subject) and `sid` (session id) claims can be used as keys. Set it to `sid` only if ID tokens issued by the OIDC provider have no `sub` but have `sid` claim.","withinAMap":true,"defaultValue":"sub","javaDocSiteLink":"","docMapKey":"logout-token-key","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".logout.frontchannel.path","additionalKeys":[],"configDoc":"The relative path of the Front-Channel Logout endpoint at the application.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.Authentication.ResponseMode","key":"quarkus.oidc.\"tenant\".authentication.response-mode","additionalKeys":[],"configDoc":"Authorization code flow response mode","withinAMap":true,"defaultValue":"query","javaDocSiteLink":"","docMapKey":"response-mode","configPhase":"RUN_TIME","acceptedValues":["tooltip:query[Authorization response parameters are encoded in the query string added to the redirect_uri]","tooltip:form-post[Authorization response parameters are encoded as HTML form values that are auto-submitted in the browser and transmitted via the HTTP POST method using the application/x-www-form-urlencoded content type]"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".authentication.redirect-path","additionalKeys":[],"configDoc":"Relative path for calculating a \"redirect_uri\" query parameter. It has to start from a forward slash and will be appended to the request URI's host and port. For example, if the current request URI is 'https://localhost:8080/service' then a 'redirect_uri' parameter will be set to 'https://localhost:8080/' if this property is set to '/' and be the same as the request URI if this property has not been configured. Note the original request URI will be restored after the user has authenticated if 'restorePathAfterRedirect' is set to 'true'.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"redirect-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".authentication.restore-path-after-redirect","additionalKeys":[],"configDoc":"If this property is set to 'true' then the original request URI which was used before the authentication will be restored after the user has been redirected back to the application. Note if `redirectPath` property is not set, the original request URI will be restored even if this property is disabled.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"restore-path-after-redirect","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".authentication.remove-redirect-parameters","additionalKeys":[],"configDoc":"Remove the query parameters such as 'code' and 'state' set by the OIDC server on the redirect URI after the user has authenticated by redirecting a user to the same URI but without the query parameters.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"remove-redirect-parameters","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".authentication.error-path","additionalKeys":[],"configDoc":"Relative path to the public endpoint which will process the error response from the OIDC authorization endpoint. If the user authentication has failed then the OIDC provider will return an 'error' and an optional 'error_description' parameters, instead of the expected authorization 'code'. If this property is set then the user will be redirected to the endpoint which can return a user-friendly error description page. It has to start from a forward slash and will be appended to the request URI's host and port. For example, if it is set as '/error' and the current request URI is 'https://localhost:8080/callback?error=invalid_scope' then a redirect will be made to 'https://localhost:8080/error?error=invalid_scope'. If this property is not set then HTTP 401 status will be returned in case of the user authentication failure.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"error-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".authentication.verify-access-token","additionalKeys":[],"configDoc":"Both ID and access tokens are fetched from the OIDC provider as part of the authorization code flow. ID token is always verified on every user request as the primary token which is used to represent the principal and extract the roles. Access token is not verified by default since it is meant to be propagated to the downstream services. The verification of the access token should be enabled if it is injected as a JWT token. Access tokens obtained as part of the code flow will always be verified if `quarkus.oidc.roles.source` property is set to `accesstoken` which means the authorization decision will be based on the roles extracted from the access token. Bearer access tokens are always verified.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"verify-access-token","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.\"tenant\".authentication.force-redirect-https-scheme","additionalKeys":[],"configDoc":"Force 'https' as the 'redirect_uri' parameter scheme when running behind an SSL terminating reverse proxy. This property, if enabled, will also affect the logout `post_logout_redirect_uri` and the local redirect requests.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"force-redirect-https-scheme","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".authentication.scopes","additionalKeys":[],"configDoc":"List of scopes","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"scopes","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".authentication.nonce-required","additionalKeys":[],"configDoc":"Require that ID token includes a `nonce` claim which must match `nonce` authentication request query parameter. Enabling this property can help mitigate replay attacks. Do not enable this property if your OpenId Connect provider does not support setting `nonce` in ID token or if you work with OAuth2 provider such as `GitHub` which does not issue ID tokens.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"nonce-required","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.\"tenant\".authentication.add-openid-scope","additionalKeys":[],"configDoc":"Add the 'openid' scope automatically to the list of scopes. This is required for OpenId Connect providers but will not work for OAuth2 providers such as Twitter OAuth2 which does not accept that scope and throws an error.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"add-openid-scope","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.oidc.\"tenant\".authentication.extra-params","additionalKeys":[],"configDoc":"Additional properties which will be added as the query parameters to the authentication redirect URI.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"extra-params","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".authentication.forward-params","additionalKeys":[],"configDoc":"Request URL query parameters which, if present, will be added to the authentication redirect URI.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"forward-params","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".authentication.cookie-force-secure","additionalKeys":[],"configDoc":"If enabled the state, session and post logout cookies will have their 'secure' parameter set to 'true' when HTTP is used. It may be necessary when running behind an SSL terminating reverse proxy. The cookies will always be secure if HTTPS is used even if this property is set to false.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"cookie-force-secure","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".authentication.cookie-suffix","additionalKeys":[],"configDoc":"Cookie name suffix. For example, a session cookie name for the default OIDC tenant is 'q_session' but can be changed to 'q_session_test' if this property is set to 'test'.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"cookie-suffix","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".authentication.cookie-path","additionalKeys":[],"configDoc":"Cookie path parameter value which, if set, will be used to set a path parameter for the session, state and post logout cookies. The `cookie-path-header` property, if set, will be checked first.","withinAMap":true,"defaultValue":"/","javaDocSiteLink":"","docMapKey":"cookie-path","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".authentication.cookie-path-header","additionalKeys":[],"configDoc":"Cookie path header parameter value which, if set, identifies the incoming HTTP header whose value will be used to set a path parameter for the session, state and post logout cookies. If the header is missing then the `cookie-path` property will be checked.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"cookie-path-header","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".authentication.cookie-domain","additionalKeys":[],"configDoc":"Cookie domain parameter value which, if set, will be used for the session, state and post logout cookies.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"cookie-domain","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.Authentication.CookieSameSite","key":"quarkus.oidc.\"tenant\".authentication.cookie-same-site","additionalKeys":[],"configDoc":"SameSite attribute for the session cookie.","withinAMap":true,"defaultValue":"lax","javaDocSiteLink":"","docMapKey":"cookie-same-site","configPhase":"RUN_TIME","acceptedValues":["`strict`","`lax`","`none`"],"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".authentication.allow-multiple-code-flows","additionalKeys":[],"configDoc":"If a state cookie is present then a `state` query parameter must also be present and both the state cookie name suffix and state cookie value have to match the value of the `state` query parameter when the redirect path matches the current path. However, if multiple authentications are attempted from the same browser, for example, from the different browser tabs, then the currently available state cookie may represent the authentication flow initiated from another tab and not related to the current request. Disable this property if you would like to avoid supporting multiple authorization code flows running in the same browser.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-multiple-code-flows","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".authentication.fail-on-missing-state-param","additionalKeys":[],"configDoc":"Fail with the HTTP 401 error if the state cookie is present but no state query parameter is present.\n\nWhen either multiple authentications are disabled or the redirect URL matches the original request URL, the stale state cookie might remain in the browser cache from the earlier failed redirect to an OpenId Connect provider and be visible during the current request. For example, if Single-page application (SPA) uses XHR to handle redirects to the provider which does not support CORS for its authorization endpoint, the browser will block it and the state cookie created by Quarkus will remain in the browser cache. Quarkus will report an authentication failure when it will detect such an old state cookie but find no matching state query parameter.\n\nReporting HTTP 401 error is usually the right thing to do in such cases, it will minimize a risk of the browser redirect loop but also can identify problems in the way SPA or Quarkus application manage redirects. For example, enabling `java-script-auto-redirect` or having the provider redirect to URL configured with `redirect-path` may be needed to avoid such errors.\n\nHowever, setting this property to `false` may help if the above options are not suitable. It will cause a new authentication redirect to OpenId Connect provider. Please be aware doing so may increase the risk of browser redirect loops.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"fail-on-missing-state-param","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.\"tenant\".authentication.user-info-required","additionalKeys":[],"configDoc":"If this property is set to 'true' then an OIDC UserInfo endpoint will be called. This property will be enabled if `quarkus.oidc.roles.source` is `userinfo` or `quarkus.oidc.token.verify-access-token-with-user-info` is `true` or `quarkus.oidc.authentication.id-token-required` is set to `false`, you do not have to enable this property manually in these cases.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"user-info-required","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.\"tenant\".authentication.session-age-extension","additionalKeys":[],"configDoc":"Session age extension in minutes. The user session age property is set to the value of the ID token life-span by default and the user will be redirected to the OIDC provider to re-authenticate once the session has expired. If this property is set to a non-zero value then the expired ID token can be refreshed before the session has expired. This property will be ignored if the `token.refresh-expired` property has not been enabled.","withinAMap":true,"defaultValue":"5M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"session-age-extension","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".authentication.java-script-auto-redirect","additionalKeys":[],"configDoc":"If this property is set to 'true' then a normal 302 redirect response will be returned if the request was initiated via JavaScript API such as XMLHttpRequest or Fetch and the current user needs to be (re)authenticated which may not be desirable for Single-page applications (SPA) since it automatically following the redirect may not work given that OIDC authorization endpoints typically do not support CORS.\n\nIf this property is set to 'false' then a status code of '499' will be returned to allow SPA to handle the redirect manually if a request header identifying current request as a JavaScript request is found. 'X-Requested-With' request header with its value set to either `JavaScript` or `XMLHttpRequest` is expected by default if this property is enabled. You can register a custom `JavaScriptRequestChecker` to do a custom JavaScript request check instead.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"java-script-auto-redirect","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.\"tenant\".authentication.id-token-required","additionalKeys":[],"configDoc":"Requires that ID token is available when the authorization code flow completes. Disable this property only when you need to use the authorization code flow with OAuth2 providers which do not return ID token - an internal IdToken will be generated in such cases.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"id-token-required","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.\"tenant\".authentication.internal-id-token-lifespan","additionalKeys":[],"configDoc":"Internal ID token lifespan. This property is only checked when an internal IdToken is generated when Oauth2 providers do not return IdToken.","withinAMap":true,"defaultValue":"5M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"internal-id-token-lifespan","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.oidc.\"tenant\".authentication.pkce-required","additionalKeys":[],"configDoc":"Requires that a Proof Key for Code Exchange (PKCE) is used.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"pkce-required","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".authentication.state-secret","additionalKeys":[],"configDoc":"Secret which will be used to encrypt Proof Key for Code Exchange (PKCE) code verifier and/or nonce in the code flow state. This secret should be at least 32 characters long.\n\nIf this secret is not set, the client secret configured with either `quarkus.oidc.credentials.secret` or `quarkus.oidc.credentials.client-secret.value` will be checked. Finally, `quarkus.oidc.credentials.jwt.secret` which can be used for `client_jwt_secret` authentication will be checked. Client secret will not be used as a state encryption secret if it is less than 32 characters long.\n\nThe secret will be auto-generated if it remains uninitialized after checking all of these properties.\n\nError will be reported if the secret length is less than 16 characters.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"state-secret","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.oidc.\"tenant\".code-grant.extra-params","additionalKeys":[],"configDoc":"Additional parameters, in addition to the required `code` and `redirect-uri` parameters, which have to be included to complete the authorization code grant request.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"extra-params","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.oidc.\"tenant\".code-grant.headers","additionalKeys":[],"configDoc":"Custom HTTP headers which have to be sent to complete the authorization code grant request.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"headers","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.TokenStateManager.Strategy","key":"quarkus.oidc.\"tenant\".token-state-manager.strategy","additionalKeys":[],"configDoc":"Default TokenStateManager strategy.","withinAMap":true,"defaultValue":"keep-all-tokens","javaDocSiteLink":"","docMapKey":"strategy","configPhase":"RUN_TIME","acceptedValues":["tooltip:keep-all-tokens[Keep ID, access and refresh tokens.]","tooltip:id-token[Keep ID token only]","tooltip:id-refresh-tokens[Keep ID and refresh tokens only]"],"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".token-state-manager.split-tokens","additionalKeys":[],"configDoc":"Default TokenStateManager keeps all tokens (ID, access and refresh) returned in the authorization code grant response in a single session cookie by default. Enable this property to minimize a session cookie size","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"split-tokens","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".token-state-manager.encryption-required","additionalKeys":[],"configDoc":"Mandates that the session cookie that stores the tokens is encrypted.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"encryption-required","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.oidc.\"tenant\".token-state-manager.encryption-secret","additionalKeys":[],"configDoc":"Secret which will be used to encrypt the session cookie storing the tokens when `encryption-required` property is enabled.\n\nIf this secret is not set, the client secret configured with either `quarkus.oidc.credentials.secret` or `quarkus.oidc.credentials.client-secret.value` will be checked. Finally, `quarkus.oidc.credentials.jwt.secret` which can be used for `client_jwt_secret` authentication will be checked. The secret will be auto-generated if it remains uninitialized after checking all of these properties.\n\nThe length of the secret which will be used to encrypt the tokens should be at least 32 characters long. Warning will be logged if the secret length is less than 16 characters.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"encryption-secret","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".allow-token-introspection-cache","additionalKeys":[],"configDoc":"Allow caching the token introspection data. Note enabling this property does not enable the cache itself but only permits to cache the token introspection for a given tenant. If the default token cache can be used then please see `OidcConfig.TokenCache` how to enable it.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-token-introspection-cache","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".allow-user-info-cache","additionalKeys":[],"configDoc":"Allow caching the user info data. Note enabling this property does not enable the cache itself but only permits to cache the user info data for a given tenant. If the default token cache can be used then please see `OidcConfig.TokenCache` how to enable it.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"allow-user-info-cache","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.oidc.\"tenant\".cache-user-info-in-idtoken","additionalKeys":[],"configDoc":"Allow inlining UserInfo in IdToken instead of caching it in the token cache. This property is only checked when an internal IdToken is generated when Oauth2 providers do not return IdToken. Inlining UserInfo in the generated IdToken allows to store it in the session cookie and avoids introducing a cached state.","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"cache-user-info-in-idtoken","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"io.quarkus.oidc.OidcTenantConfig.Provider","key":"quarkus.oidc.\"tenant\".provider","additionalKeys":[],"configDoc":"Well known OpenId Connect provider identifier","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"provider","configPhase":"RUN_TIME","acceptedValues":["`apple`","`facebook`","`github`","`google`","`mastodon`","`microsoft`","`spotify`","`twitch`","`twitter`","`x`"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":true}}],"anchorPrefix":null}},{"configDocKey":{"type":"int","key":"quarkus.oidc.token-cache.max-size","additionalKeys":[],"configDoc":"Maximum number of cache entries. Set it to a positive value if the cache has to be enabled.","withinAMap":false,"defaultValue":"0","javaDocSiteLink":"","docMapKey":"max-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.token-cache.time-to-live","additionalKeys":[],"configDoc":"Maximum amount of time a given cache entry is valid for.","withinAMap":false,"defaultValue":"3M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"time-to-live","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.oidc.token-cache.clean-up-timer-interval","additionalKeys":[],"configDoc":"Clean up timer interval. If this property is set then a timer will check and remove the stale entries periodically.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"clean-up-timer-interval","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.oidc","enum":false}}] \ No newline at end of file diff --git a/_generated-doc/main/config/all-configuration-roots-generated-doc/io.quarkus.smallrye.reactivemessaging.amqp.deployment.AmqpBuildTimeConfig b/_generated-doc/main/config/all-configuration-roots-generated-doc/io.quarkus.smallrye.reactivemessaging.amqp.deployment.AmqpBuildTimeConfig index 9cb16d16a4..bfc671ac1e 100644 --- a/_generated-doc/main/config/all-configuration-roots-generated-doc/io.quarkus.smallrye.reactivemessaging.amqp.deployment.AmqpBuildTimeConfig +++ b/_generated-doc/main/config/all-configuration-roots-generated-doc/io.quarkus.smallrye.reactivemessaging.amqp.deployment.AmqpBuildTimeConfig @@ -1 +1 @@ -[{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.amqp.devservices.enabled","additionalKeys":[],"configDoc":"If Dev Services for AMQP has been explicitly enabled or disabled. Dev Services are generally enabled by default, unless there is an existing configuration present. For AMQP, Dev Services starts a broker unless `amqp-host` or `amqp-port` are set or if all the Reactive Messaging AMQP channel are configured with `host` or `port`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"enabled","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.amqp","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.amqp.devservices.port","additionalKeys":[],"configDoc":"Optional fixed port the dev service will listen to.\n\nIf not defined, the port will be chosen randomly.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"port","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.amqp","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.amqp.devservices.image-name","additionalKeys":[],"configDoc":"The image to use. Note that only ActiveMQ Artemis images are supported. Specifically, the image repository must end with `artemiscloud/activemq-artemis-broker`. Check the link:https://quay.io/repository/artemiscloud/activemq-artemis-broker[activemq-artemis-broker on Quay page] to find the available versions.","withinAMap":false,"defaultValue":"quay.io/artemiscloud/activemq-artemis-broker:1.0.18","javaDocSiteLink":"","docMapKey":"image-name","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.amqp","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.amqp.devservices.extra-args","additionalKeys":[],"configDoc":"The value of the `AMQ_EXTRA_ARGS` environment variable to pass to the container.","withinAMap":false,"defaultValue":"--no-autotune --mapped --no-fsync --relax-jolokia --http-host 0.0.0.0","javaDocSiteLink":"","docMapKey":"extra-args","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.amqp","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.amqp.devservices.shared","additionalKeys":[],"configDoc":"Indicates if the AMQP broker managed by Quarkus Dev Services is shared. When shared, Quarkus looks for running containers using label-based service discovery. If a matching container is found, it is used, and so a second one is not started. Otherwise, Dev Services for AMQP starts a new container.\n\nThe discovery uses the `quarkus-dev-service-amqp` label. The value is configured using the `service-name` property.\n\nContainer sharing is only used in dev mode.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"shared","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.amqp","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.amqp.devservices.service-name","additionalKeys":[],"configDoc":"The value of the `quarkus-dev-service-aqmp` label attached to the started container. This property is used when `shared` is set to `true`. In this case, before starting a container, Dev Services for AMQP looks for a container with the `quarkus-dev-service-amqp` label set to the configured value. If found, it will use this container instead of starting a new one. Otherwise, it starts a new container with the `quarkus-dev-service-amqp` label set to the specified value.\n\nThis property is used when you need multiple shared AMQP brokers.","withinAMap":false,"defaultValue":"amqp","javaDocSiteLink":"","docMapKey":"service-name","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.amqp","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.amqp.devservices.container-env","additionalKeys":[],"configDoc":"Environment variables that are passed to the container.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"container-env","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.amqp","enum":false}}] \ No newline at end of file +[{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.amqp.devservices.enabled","additionalKeys":[],"configDoc":"If Dev Services for AMQP has been explicitly enabled or disabled. Dev Services are generally enabled by default, unless there is an existing configuration present. For AMQP, Dev Services starts a broker unless `amqp-host` or `amqp-port` are set or if all the Reactive Messaging AMQP channel are configured with `host` or `port`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"enabled","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.amqp","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.amqp.devservices.port","additionalKeys":[],"configDoc":"Optional fixed port the dev service will listen to.\n\nIf not defined, the port will be chosen randomly.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"port","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.amqp","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.amqp.devservices.image-name","additionalKeys":[],"configDoc":"The image to use. Note that only ActiveMQ Artemis images are supported. Specifically, the image repository must end with `artemiscloud/activemq-artemis-broker`.\n\nCheck the link:https://quay.io/repository/artemiscloud/activemq-artemis-broker[activemq-artemis-broker on Quay page] to find the available versions.","withinAMap":false,"defaultValue":"quay.io/artemiscloud/activemq-artemis-broker:1.0.22","javaDocSiteLink":"","docMapKey":"image-name","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.amqp","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.amqp.devservices.extra-args","additionalKeys":[],"configDoc":"The value of the `AMQ_EXTRA_ARGS` environment variable to pass to the container. For ActiveMQ Artemis Broker <= 1.0.21, set this property to `--no-autotune --mapped --no-fsync --relax-jolokia --http-host 0.0.0.0`","withinAMap":false,"defaultValue":"--no-autotune --mapped --no-fsync --relax-jolokia","javaDocSiteLink":"","docMapKey":"extra-args","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.amqp","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.amqp.devservices.shared","additionalKeys":[],"configDoc":"Indicates if the AMQP broker managed by Quarkus Dev Services is shared. When shared, Quarkus looks for running containers using label-based service discovery. If a matching container is found, it is used, and so a second one is not started. Otherwise, Dev Services for AMQP starts a new container.\n\nThe discovery uses the `quarkus-dev-service-amqp` label. The value is configured using the `service-name` property.\n\nContainer sharing is only used in dev mode.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"shared","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.amqp","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.amqp.devservices.service-name","additionalKeys":[],"configDoc":"The value of the `quarkus-dev-service-aqmp` label attached to the started container. This property is used when `shared` is set to `true`. In this case, before starting a container, Dev Services for AMQP looks for a container with the `quarkus-dev-service-amqp` label set to the configured value. If found, it will use this container instead of starting a new one. Otherwise, it starts a new container with the `quarkus-dev-service-amqp` label set to the specified value.\n\nThis property is used when you need multiple shared AMQP brokers.","withinAMap":false,"defaultValue":"amqp","javaDocSiteLink":"","docMapKey":"service-name","configPhase":"BUILD_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.amqp","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.amqp.devservices.container-env","additionalKeys":[],"configDoc":"Environment variables that are passed to the container.","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"container-env","configPhase":"BUILD_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.amqp","enum":false}}] \ No newline at end of file diff --git a/_generated-doc/main/config/all-configuration-roots-generated-doc/io.quarkus.vertx.http.runtime.HttpConfiguration b/_generated-doc/main/config/all-configuration-roots-generated-doc/io.quarkus.vertx.http.runtime.HttpConfiguration index 624b0a557c..807d862862 100644 --- a/_generated-doc/main/config/all-configuration-roots-generated-doc/io.quarkus.vertx.http.runtime.HttpConfiguration +++ b/_generated-doc/main/config/all-configuration-roots-generated-doc/io.quarkus.vertx.http.runtime.HttpConfiguration @@ -1 +1 @@ -[{"configDocKey":{"type":"boolean","key":"quarkus.http.cors","additionalKeys":[],"configDoc":"Enable the CORS filter.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"cors-enabled","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.http.port","additionalKeys":[],"configDoc":"The HTTP port","withinAMap":false,"defaultValue":"8080","javaDocSiteLink":"","docMapKey":"port","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.http.test-port","additionalKeys":[],"configDoc":"The HTTP port used to run tests","withinAMap":false,"defaultValue":"8081","javaDocSiteLink":"","docMapKey":"test-port","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.host","additionalKeys":[],"configDoc":"The HTTP host In dev/test mode this defaults to localhost, in prod mode this defaults to 0.0.0.0 Defaulting to 0.0.0.0 makes it easier to deploy Quarkus to container, however it is not suitable for dev/test mode as other people on the network can connect to your development machine.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"host","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.test-host","additionalKeys":[],"configDoc":"Used when `QuarkusIntegrationTest` is meant to execute against an application that is already running and listening on the host specified by this property.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"test-host","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.host-enabled","additionalKeys":[],"configDoc":"Enable listening to host:port","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"host-enabled","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.http.ssl-port","additionalKeys":[],"configDoc":"The HTTPS port","withinAMap":false,"defaultValue":"8443","javaDocSiteLink":"","docMapKey":"ssl-port","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.http.test-ssl-port","additionalKeys":[],"configDoc":"The HTTPS port used to run tests","withinAMap":false,"defaultValue":"8444","javaDocSiteLink":"","docMapKey":"test-ssl-port","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.http.test-ssl-enabled","additionalKeys":[],"configDoc":"Used when `QuarkusIntegrationTest` is meant to execute against an application that is already running to configure the test to use SSL.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"test-ssl-enabled","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"io.quarkus.vertx.http.runtime.HttpConfiguration.InsecureRequests","key":"quarkus.http.insecure-requests","additionalKeys":[],"configDoc":"If insecure (i.e. http rather than https) requests are allowed. If this is `enabled` then http works as normal. `redirect` will still open the http port, but all requests will be redirected to the HTTPS port. `disabled` will prevent the HTTP port from opening at all.","withinAMap":false,"defaultValue":"enabled","javaDocSiteLink":"","docMapKey":"insecure-requests","configPhase":"RUN_TIME","acceptedValues":["`enabled`","`redirect`","`disabled`"],"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":true}},{"configDocKey":{"type":"boolean","key":"quarkus.http.http2","additionalKeys":[],"configDoc":"If this is true (the default) then HTTP/2 will be enabled. Note that for browsers to be able to use it HTTPS must be enabled, and you must be running on JDK11 or above, as JDK8 does not support ALPN.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"http2","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.http2-push-enabled","additionalKeys":[],"configDoc":"Enables or Disable the HTTP/2 Push feature. This setting can be used to disable server push. The server will not send a `PUSH_PROMISE` frame if it receives this parameter set to @++{++code false++}++.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"http2-push-enabled","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.cors.origins","additionalKeys":[],"configDoc":"Origins allowed for CORS Comma separated list of valid URLs, e.g.: http://www.quarkus.io,http://localhost:3000 In case an entry of the list is surrounded by forward slashes, it is interpreted as a regular expression.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"origins","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.cors.methods","additionalKeys":[],"configDoc":"HTTP methods allowed for CORS Comma separated list of valid methods. ex: GET,PUT,POST The filter allows any method if this is not set. default: returns any requested method as valid","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"methods","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.cors.headers","additionalKeys":[],"configDoc":"HTTP headers allowed for CORS Comma separated list of valid headers. ex: X-Custom,Content-Disposition The filter allows any header if this is not set. default: returns any requested header as valid","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"headers","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.cors.exposed-headers","additionalKeys":[],"configDoc":"HTTP headers exposed in CORS Comma separated list of valid headers. ex: X-Custom,Content-Disposition default: empty","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"exposed-headers","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.http.cors.access-control-max-age","additionalKeys":[],"configDoc":"The `Access-Control-Max-Age` response header value indicating how long the results of a pre-flight request can be cached.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"access-control-max-age","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.http.cors.access-control-allow-credentials","additionalKeys":[],"configDoc":"The `Access-Control-Allow-Credentials` header is used to tell the browsers to expose the response to front-end JavaScript code when the request’s credentials mode Request.credentials is “include”. The value of this header will default to `true` if `quarkus.http.cors.origins` property is set and there is a match with the precise `Origin` header.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"access-control-allow-credentials","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.credentials-provider","additionalKeys":[],"configDoc":"The `CredentialsProvider`. If this property is configured, then a matching 'CredentialsProvider' will be used to get the keystore, keystore key, and truststore passwords unless these passwords have already been configured. Please note that using MicroProfile `ConfigSource` which is directly supported by Quarkus Configuration should be preferred unless using `CredentialsProvider` provides for some additional security and dynamism.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"credentials-provider","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.credentials-provider-name","additionalKeys":[],"configDoc":"The credentials provider bean name.\n\nThis is a bean name (as in `@Named`) of a bean that implements `CredentialsProvider`. It is used to select the credentials provider bean when multiple exist. This is unnecessary when there is only one credentials provider available.\n\nFor Vault, the credentials provider bean name is `vault-credentials-provider`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"credentials-provider-name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"path","key":"quarkus.http.ssl.certificate.files","additionalKeys":[],"configDoc":"The list of path to server certificates using the PEM format. Specifying multiple files requires SNI to be enabled.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"files","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"path","key":"quarkus.http.ssl.certificate.key-files","additionalKeys":[],"configDoc":"The list of path to server certificates private key files using the PEM format. Specifying multiple files requires SNI to be enabled. The order of the key files must match the order of the certificates.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-files","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"path","key":"quarkus.http.ssl.certificate.key-store-file","additionalKeys":[],"configDoc":"An optional key store that holds the certificate information instead of specifying separate files.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-file","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.key-store-file-type","additionalKeys":[],"configDoc":"An optional parameter to specify the type of the key store file. If not given, the type is automatically detected based on the file name.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-file-type","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.key-store-provider","additionalKeys":[],"configDoc":"An optional parameter to specify a provider of the key store file. If not given, the provider is automatically detected based on the key store file type.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-provider","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.key-store-password","additionalKeys":[],"configDoc":"A parameter to specify the password of the key store file. If not given, and if it can not be retrieved from `CredentialsProvider`.","withinAMap":false,"defaultValue":"password","javaDocSiteLink":"","docMapKey":"key-store-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.key-store-password-key","additionalKeys":[],"configDoc":"A parameter to specify a `CredentialsProvider` property key, which can be used to get the password of the key store file from `CredentialsProvider`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-password-key","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.key-store-key-alias","additionalKeys":[],"configDoc":"An optional parameter to select a specific key in the key store. When SNI is disabled, and the key store contains multiple keys and no alias is specified; the behavior is undefined.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-key-alias","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.key-store-key-password","additionalKeys":[],"configDoc":"An optional parameter to define the password for the key, in case it is different from `key-store-password` If not given, it might be retrieved from `CredentialsProvider`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-key-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.key-store-key-password-key","additionalKeys":[],"configDoc":"A parameter to specify a `CredentialsProvider` property key, which can be used to get the password for the key from `CredentialsProvider`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-key-password-key","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"path","key":"quarkus.http.ssl.certificate.trust-store-file","additionalKeys":[],"configDoc":"An optional trust store that holds the certificate information of the trusted certificates.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-file","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.trust-store-file-type","additionalKeys":[],"configDoc":"An optional parameter to specify the type of the trust store file. If not given, the type is automatically detected based on the file name.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-file-type","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.trust-store-provider","additionalKeys":[],"configDoc":"An optional parameter to specify a provider of the trust store file. If not given, the provider is automatically detected based on the trust store file type.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-provider","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.trust-store-password","additionalKeys":[],"configDoc":"A parameter to specify the password of the trust store file. If not given, it might be retrieved from `CredentialsProvider`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.trust-store-password-key","additionalKeys":[],"configDoc":"A parameter to specify a `CredentialsProvider` property key, which can be used to get the password of the trust store file from `CredentialsProvider`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-password-key","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.trust-store-cert-alias","additionalKeys":[],"configDoc":"An optional parameter to trust a single certificate from the trust store rather than trusting all certificates in the store.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-cert-alias","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.cipher-suites","additionalKeys":[],"configDoc":"The cipher suites to use. If none is given, a reasonable default is selected.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"cipher-suites","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.protocols","additionalKeys":[],"configDoc":"Sets the ordered list of enabled SSL/TLS protocols.\n\nIf not set, it defaults to `\"TLSv1.3, TLSv1.2\"`. The following list of protocols are supported: `TLSv1, TLSv1.1, TLSv1.2, TLSv1.3`. To only enable `TLSv1.3`, set the value to `to \"TLSv1.3\"`.\n\nNote that setting an empty list, and enabling SSL/TLS is invalid. You must at least have one protocol.","withinAMap":false,"defaultValue":"TLSv1.3,TLSv1.2","javaDocSiteLink":"","docMapKey":"protocols","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.ssl.sni","additionalKeys":[],"configDoc":"Enables Server Name Indication (SNI), an TLS extension allowing the server to use multiple certificates. The client indicate the server name during the TLS handshake, allowing the server to select the right certificate.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"sni","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.static-resources.index-page","additionalKeys":[],"configDoc":"Set the index page when serving static resources.","withinAMap":false,"defaultValue":"index.html","javaDocSiteLink":"","docMapKey":"index-page","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.static-resources.include-hidden","additionalKeys":[],"configDoc":"Set whether hidden files should be served.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"include-hidden","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.static-resources.enable-range-support","additionalKeys":[],"configDoc":"Set whether range requests (resumable downloads; media streaming) should be enabled.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"enable-range-support","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.static-resources.caching-enabled","additionalKeys":[],"configDoc":"Set whether cache handling is enabled.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"caching-enabled","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.http.static-resources.cache-entry-timeout","additionalKeys":[],"configDoc":"Set the cache entry timeout. The default is `30` seconds.","withinAMap":false,"defaultValue":"30S","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"cache-entry-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.http.static-resources.max-age","additionalKeys":[],"configDoc":"Set value for max age in caching headers. The default is `24` hours.","withinAMap":false,"defaultValue":"24H","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"max-age","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.http.static-resources.max-cache-size","additionalKeys":[],"configDoc":"Set the max cache size.","withinAMap":false,"defaultValue":"10000","javaDocSiteLink":"","docMapKey":"max-cache-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.handle-100-continue-automatically","additionalKeys":[],"configDoc":"When set to `true`, the HTTP server automatically sends `100 CONTINUE` response when the request expects it (with the `Expect: 100-Continue` header).","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"handle100-continue-automatically","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.http.io-threads","additionalKeys":[],"configDoc":"The number if IO threads used to perform IO. This will be automatically set to a reasonable value based on the number of CPU cores if it is not provided. If this is set to a higher value than the number of Vert.x event loops then it will be capped at the number of event loops. In general this should be controlled by setting quarkus.vertx.event-loops-pool-size, this setting should only be used if you want to limit the number of HTTP io threads to a smaller number than the total number of IO threads.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"io-threads","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"io.quarkus.runtime.configuration.MemorySize","key":"quarkus.http.limits.max-header-size","additionalKeys":[],"configDoc":"The maximum length of all headers.","withinAMap":false,"defaultValue":"20K","javaDocSiteLink":"","docMapKey":"max-header-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"io.quarkus.runtime.configuration.MemorySize","key":"quarkus.http.limits.max-body-size","additionalKeys":[],"configDoc":"The maximum size of a request body.","withinAMap":false,"defaultValue":"10240K","javaDocSiteLink":"","docMapKey":"max-body-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"io.quarkus.runtime.configuration.MemorySize","key":"quarkus.http.limits.max-chunk-size","additionalKeys":[],"configDoc":"The max HTTP chunk size","withinAMap":false,"defaultValue":"8192","javaDocSiteLink":"","docMapKey":"max-chunk-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.http.limits.max-initial-line-length","additionalKeys":[],"configDoc":"The maximum length of the initial line (e.g. `\"GET / HTTP/1.0\"`).","withinAMap":false,"defaultValue":"4096","javaDocSiteLink":"","docMapKey":"max-initial-line-length","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"io.quarkus.runtime.configuration.MemorySize","key":"quarkus.http.limits.max-form-attribute-size","additionalKeys":[],"configDoc":"The maximum length of a form attribute.","withinAMap":false,"defaultValue":"2048","javaDocSiteLink":"","docMapKey":"max-form-attribute-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.http.limits.max-connections","additionalKeys":[],"configDoc":"The maximum number of connections that are allowed at any one time. If this is set it is recommended to set a short idle timeout.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"max-connections","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.lang.Long","key":"quarkus.http.limits.header-table-size","additionalKeys":[],"configDoc":"Set the SETTINGS_HEADER_TABLE_SIZE HTTP/2 setting.\n\nAllows the sender to inform the remote endpoint of the maximum size of the header compression table used to decode header blocks, in octets. The encoder can select any size equal to or less than this value by using signaling specific to the header compression format inside a header block. The initial value is `4,096` octets.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"header-table-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.lang.Long","key":"quarkus.http.limits.max-concurrent-streams","additionalKeys":[],"configDoc":"Set SETTINGS_MAX_CONCURRENT_STREAMS HTTP/2 setting.\n\nIndicates the maximum number of concurrent streams that the sender will allow. This limit is directional: it applies to the number of streams that the sender permits the receiver to create. Initially, there is no limit to this value. It is recommended that this value be no smaller than 100, to not unnecessarily limit parallelism.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"max-concurrent-streams","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.http.limits.max-frame-size","additionalKeys":[],"configDoc":"Set the SETTINGS_MAX_FRAME_SIZE HTTP/2 setting. Indicates the size of the largest frame payload that the sender is willing to receive, in octets. The initial value is `2^14` (16,384) octets.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"max-frame-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.lang.Long","key":"quarkus.http.limits.max-header-list-size","additionalKeys":[],"configDoc":"Set the SETTINGS_MAX_HEADER_LIST_SIZE HTTP/2 setting. This advisory setting informs a peer of the maximum size of header list that the sender is prepared to accept, in octets. The value is based on the uncompressed size of header fields, including the length of the name and value in octets plus an overhead of 32 octets for each header field. The default value is `8192`","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"max-header-list-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.http.idle-timeout","additionalKeys":[],"configDoc":"Http connection idle timeout","withinAMap":false,"defaultValue":"30M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"idle-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.http.read-timeout","additionalKeys":[],"configDoc":"Http connection read timeout for blocking IO. This is the maximum amount of time a thread will wait for data, before an IOException will be thrown and the connection closed.","withinAMap":false,"defaultValue":"60S","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"read-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.body.handle-file-uploads","additionalKeys":[],"configDoc":"Whether the files sent using `multipart/form-data` will be stored locally.\n\nIf `true`, they will be stored in `quarkus.http.body-handler.uploads-directory` and will be made available via `io.vertx.ext.web.RoutingContext.fileUploads()`. Otherwise, the files sent using `multipart/form-data` will not be stored locally, and `io.vertx.ext.web.RoutingContext.fileUploads()` will always return an empty collection. Note that even with this option being set to `false`, the `multipart/form-data` requests will be accepted.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"handle-file-uploads","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.body.uploads-directory","additionalKeys":[],"configDoc":"The directory where the files sent using `multipart/form-data` should be stored.\n\nEither an absolute path or a path relative to the current directory of the application process.","withinAMap":false,"defaultValue":"${java.io.tmpdir}/uploads","javaDocSiteLink":"","docMapKey":"uploads-directory","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.body.merge-form-attributes","additionalKeys":[],"configDoc":"Whether the form attributes should be added to the request parameters.\n\nIf `true`, the form attributes will be added to the request parameters; otherwise the form parameters will not be added to the request parameters","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"merge-form-attributes","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.body.delete-uploaded-files-on-end","additionalKeys":[],"configDoc":"Whether the uploaded files should be removed after serving the request.\n\nIf `true` the uploaded files stored in `quarkus.http.body-handler.uploads-directory` will be removed after handling the request. Otherwise, the files will be left there forever.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"delete-uploaded-files-on-end","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.body.preallocate-body-buffer","additionalKeys":[],"configDoc":"Whether the body buffer should pre-allocated based on the `Content-Length` header value.\n\nIf `true` the body buffer is pre-allocated according to the size read from the `Content-Length` header. Otherwise, the body buffer is pre-allocated to 1KB, and is resized dynamically","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"preallocate-body-buffer","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.body.multipart.file-content-types","additionalKeys":[],"configDoc":"A comma-separated list of `ContentType` to indicate whether a given multipart field should be handled as a file part. You can use this setting to force HTTP-based extensions to parse a message part as a file based on its content type. For now, this setting only works when using RESTEasy Reactive.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"file-content-types","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.auth.session.encryption-key","additionalKeys":[],"configDoc":"The encryption key that is used to store persistent logins (e.g. for form auth). Logins are stored in a persistent cookie that is encrypted with AES-256 using a key derived from a SHA-256 hash of the key that is provided here. If no key is provided then an in-memory one will be generated, this will change on every restart though so it is not suitable for production environments. This must be more than 16 characters long for security reasons","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"encryption-key","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.so-reuse-port","additionalKeys":[],"configDoc":"Enable socket reuse port (linux/macOs native transport only)","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"so-reuse-port","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.tcp-quick-ack","additionalKeys":[],"configDoc":"Enable tcp quick ack (linux native transport only)","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"tcp-quick-ack","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.tcp-cork","additionalKeys":[],"configDoc":"Enable tcp cork (linux native transport only)","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"tcp-cork","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.tcp-fast-open","additionalKeys":[],"configDoc":"Enable tcp fast open (linux native transport only)","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"tcp-fast-open","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.http.accept-backlog","additionalKeys":[],"configDoc":"The accept backlog, this is how many connections can be waiting to be accepted before connections start being rejected","withinAMap":false,"defaultValue":"-1","javaDocSiteLink":"","docMapKey":"accept-backlog","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.http.initial-window-size","additionalKeys":[],"configDoc":"Set the SETTINGS_INITIAL_WINDOW_SIZE HTTP/2 setting. Indicates the sender's initial window size (in octets) for stream-level flow control. The initial value is `2^16-1` (65,535) octets.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"initial-window-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.domain-socket","additionalKeys":[],"configDoc":"Path to a unix domain socket","withinAMap":false,"defaultValue":"/var/run/io.quarkus.app.socket","javaDocSiteLink":"","docMapKey":"domain-socket","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.domain-socket-enabled","additionalKeys":[],"configDoc":"Enable listening to host:port","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"domain-socket-enabled","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.record-request-start-time","additionalKeys":[],"configDoc":"If this is true then the request start time will be recorded to enable logging of total request time. This has a small performance penalty, so is disabled by default.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"record-request-start-time","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.access-log.enabled","additionalKeys":[],"configDoc":"If access logging is enabled. By default this will log via the standard logging facility","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"enabled","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.access-log.exclude-pattern","additionalKeys":[],"configDoc":"A regular expression that can be used to exclude some paths from logging.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"exclude-pattern","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.access-log.pattern","additionalKeys":[],"configDoc":"The access log pattern.\n\nIf this is the string `common`, `combined` or `long` then this will use one of the specified named formats:\n\n- common: `%h %l %u %t \"%r\" %s %b`\n- combined: `%h %l %u %t \"%r\" %s %b \"%{i,Referer}\" \"%{i,User-Agent}\"`\n- long: `%r\\n%{ALL_REQUEST_HEADERS}`\n\nOtherwise, consult the Quarkus documentation for the full list of variables that can be used.","withinAMap":false,"defaultValue":"common","javaDocSiteLink":"","docMapKey":"pattern","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.access-log.log-to-file","additionalKeys":[],"configDoc":"If logging should be done to a separate file.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"log-to-file","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.access-log.base-file-name","additionalKeys":[],"configDoc":"The access log file base name, defaults to 'quarkus' which will give a log file name of 'quarkus.log'.","withinAMap":false,"defaultValue":"quarkus","javaDocSiteLink":"","docMapKey":"base-file-name","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.access-log.log-directory","additionalKeys":[],"configDoc":"The log directory to use when logging access to a file If this is not set then the current working directory is used.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"log-directory","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.access-log.log-suffix","additionalKeys":[],"configDoc":"The log file suffix","withinAMap":false,"defaultValue":".log","javaDocSiteLink":"","docMapKey":"log-suffix","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.access-log.category","additionalKeys":[],"configDoc":"The log category to use if logging is being done via the standard log mechanism (i.e. if base-file-name is empty).","withinAMap":false,"defaultValue":"io.quarkus.http.access-log","javaDocSiteLink":"","docMapKey":"category","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.access-log.rotate","additionalKeys":[],"configDoc":"If the log should be rotated daily","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"rotate","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.same-site-cookie.\"same-site-cookie\".case-sensitive","additionalKeys":[],"configDoc":"If the cookie pattern is case-sensitive","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"case-sensitive","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"io.vertx.core.http.CookieSameSite","key":"quarkus.http.same-site-cookie.\"same-site-cookie\".value","additionalKeys":[],"configDoc":"The value to set in the samesite attribute","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://vertx.io/docs/apidocs/io/vertx/core/http/CookieSameSite.html","docMapKey":"value","configPhase":"RUN_TIME","acceptedValues":["`none`","`strict`","`lax`"],"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":true}},{"configDocKey":{"type":"boolean","key":"quarkus.http.same-site-cookie.\"same-site-cookie\".enable-client-checker","additionalKeys":[],"configDoc":"Some User Agents break when sent SameSite=None, this will detect them and avoid sending the value","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"enable-client-checker","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.same-site-cookie.\"same-site-cookie\".add-secure-for-none","additionalKeys":[],"configDoc":"If this is true then the 'secure' attribute will automatically be sent on cookies with a SameSite attribute of None.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"add-secure-for-none","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"io.quarkus.vertx.http.runtime.HttpConfiguration.PayloadHint","key":"quarkus.http.unhandled-error-content-type-default","additionalKeys":[],"configDoc":"Provides a hint (optional) for the default content type of responses generated for the errors not handled by the application.\n\nIf the client requested a supported content-type in request headers (e.g. \"Accept: application/json\", \"Accept: text/html\"), Quarkus will use that content type.\n\nOtherwise, it will default to the content type configured here.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"unhandled-error-content-type-default","configPhase":"RUN_TIME","acceptedValues":["`json`","`html`"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":true}},{"configDocKey":{"type":"string","key":"quarkus.http.header.\"header\".path","additionalKeys":[],"configDoc":"The path this header should be applied","withinAMap":true,"defaultValue":"/*","javaDocSiteLink":"","docMapKey":"path","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.header.\"header\".value","additionalKeys":[],"configDoc":"The value for this header configuration","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"value","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.header.\"header\".methods","additionalKeys":[],"configDoc":"The HTTP methods for this header configuration","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"methods","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.filter.\"filter\".matches","additionalKeys":[],"configDoc":"A regular expression for the paths matching this configuration","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"matches","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.http.filter.\"filter\".header","additionalKeys":[],"configDoc":"Additional HTTP Headers always sent in the response","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"header","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.filter.\"filter\".methods","additionalKeys":[],"configDoc":"The HTTP methods for this path configuration","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"methods","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.http.filter.\"filter\".order","additionalKeys":[],"configDoc":"","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"order","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.proxy.use-proxy-protocol","additionalKeys":[],"configDoc":"Set whether the server should use the HA `PROXY` protocol when serving requests from behind a proxy. (see the link:https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt[PROXY Protocol]). When set to `true`, the remote address returned will be the one from the actual connecting client. If it is set to `false` (default), the remote address returned will be the one from the proxy.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"use-proxy-protocol","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.proxy.proxy-address-forwarding","additionalKeys":[],"configDoc":"If this is true then the address, scheme etc. will be set from headers forwarded by the proxy server, such as `X-Forwarded-For`. This should only be set if you are behind a proxy that sets these headers.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"proxy-address-forwarding","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.proxy.allow-forwarded","additionalKeys":[],"configDoc":"If this is true and proxy address forwarding is enabled then the standard `Forwarded` header will be used. In case the not standard `X-Forwarded-For` header is enabled and detected on HTTP requests, the standard header has the precedence. Activating this together with `quarkus.http.proxy.allow-x-forwarded` has security implications as clients can forge requests with a forwarded header that is not overwritten by the proxy. Therefore, proxies should strip unexpected `X-Forwarded` or `X-Forwarded-++*++` headers from the client.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"allow-forwarded","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.http.proxy.allow-x-forwarded","additionalKeys":[],"configDoc":"If either this or `allow-forwarded` are true and proxy address forwarding is enabled then the not standard `Forwarded` header will be used. In case the standard `Forwarded` header is enabled and detected on HTTP requests, the standard header has the precedence. Activating this together with `quarkus.http.proxy.allow-forwarded` has security implications as clients can forge requests with a forwarded header that is not overwritten by the proxy. Therefore, proxies should strip unexpected `X-Forwarded` or `X-Forwarded-++*++` headers from the client.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"allow-x-forwarded","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.proxy.enable-forwarded-host","additionalKeys":[],"configDoc":"Enable override the received request's host through a forwarded host header.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"enable-forwarded-host","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.proxy.forwarded-host-header","additionalKeys":[],"configDoc":"Configure the forwarded host header to be used if override enabled.","withinAMap":false,"defaultValue":"X-Forwarded-Host","javaDocSiteLink":"","docMapKey":"forwarded-host-header","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.proxy.enable-forwarded-prefix","additionalKeys":[],"configDoc":"Enable prefix the received request's path with a forwarded prefix header.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"enable-forwarded-prefix","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.proxy.forwarded-prefix-header","additionalKeys":[],"configDoc":"Configure the forwarded prefix header to be used if prefixing enabled.","withinAMap":false,"defaultValue":"X-Forwarded-Prefix","javaDocSiteLink":"","docMapKey":"forwarded-prefix-header","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"io.quarkus.vertx.http.runtime.TrustedProxyCheck.TrustedProxyCheckPart","key":"quarkus.http.proxy.trusted-proxies","additionalKeys":[],"configDoc":"Configure the list of trusted proxy addresses. Received `Forwarded`, `X-Forwarded` or `X-Forwarded-++*++` headers from any other proxy address will be ignored. The trusted proxy address should be specified as the IP address (IPv4 or IPv6), hostname or Classless Inter-Domain Routing (CIDR) notation. Please note that Quarkus needs to perform DNS lookup for all hostnames during the request. For that reason, using hostnames is not recommended.\n\nExamples of a socket address in the form of `host` or `host:port`:\n\n - `127.0.0.1:8084`\n - `++[++0:0:0:0:0:0:0:1++]++`\n - `++[++0:0:0:0:0:0:0:1++]++:8084`\n - `++[++::++]++`\n - `localhost`\n - `localhost:8084`\n\nExamples of a CIDR notation:\n\n - `::/128`\n - `::/0`\n - `127.0.0.0/8`\n\nPlease bear in mind that IPv4 CIDR won't match request sent from the IPv6 address and the other way around.","withinAMap":false,"defaultValue":"All proxy addresses are trusted","javaDocSiteLink":"","docMapKey":"trusted-proxies","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}}] \ No newline at end of file +[{"configDocKey":{"type":"boolean","key":"quarkus.http.cors","additionalKeys":[],"configDoc":"Enable the CORS filter.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"cors-enabled","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.http.port","additionalKeys":[],"configDoc":"The HTTP port","withinAMap":false,"defaultValue":"8080","javaDocSiteLink":"","docMapKey":"port","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.http.test-port","additionalKeys":[],"configDoc":"The HTTP port used to run tests","withinAMap":false,"defaultValue":"8081","javaDocSiteLink":"","docMapKey":"test-port","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.host","additionalKeys":[],"configDoc":"The HTTP host In dev/test mode this defaults to localhost, in prod mode this defaults to 0.0.0.0 Defaulting to 0.0.0.0 makes it easier to deploy Quarkus to container, however it is not suitable for dev/test mode as other people on the network can connect to your development machine.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"host","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.test-host","additionalKeys":[],"configDoc":"Used when `QuarkusIntegrationTest` is meant to execute against an application that is already running and listening on the host specified by this property.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"test-host","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.host-enabled","additionalKeys":[],"configDoc":"Enable listening to host:port","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"host-enabled","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.http.ssl-port","additionalKeys":[],"configDoc":"The HTTPS port","withinAMap":false,"defaultValue":"8443","javaDocSiteLink":"","docMapKey":"ssl-port","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.http.test-ssl-port","additionalKeys":[],"configDoc":"The HTTPS port used to run tests","withinAMap":false,"defaultValue":"8444","javaDocSiteLink":"","docMapKey":"test-ssl-port","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.http.test-ssl-enabled","additionalKeys":[],"configDoc":"Used when `QuarkusIntegrationTest` is meant to execute against an application that is already running to configure the test to use SSL.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"test-ssl-enabled","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"io.quarkus.vertx.http.runtime.HttpConfiguration.InsecureRequests","key":"quarkus.http.insecure-requests","additionalKeys":[],"configDoc":"If insecure (i.e. http rather than https) requests are allowed. If this is `enabled` then http works as normal. `redirect` will still open the http port, but all requests will be redirected to the HTTPS port. `disabled` will prevent the HTTP port from opening at all.","withinAMap":false,"defaultValue":"enabled","javaDocSiteLink":"","docMapKey":"insecure-requests","configPhase":"RUN_TIME","acceptedValues":["`enabled`","`redirect`","`disabled`"],"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":true}},{"configDocKey":{"type":"boolean","key":"quarkus.http.http2","additionalKeys":[],"configDoc":"If this is true (the default) then HTTP/2 will be enabled. Note that for browsers to be able to use it HTTPS must be enabled, and you must be running on JDK11 or above, as JDK8 does not support ALPN.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"http2","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.http2-push-enabled","additionalKeys":[],"configDoc":"Enables or Disable the HTTP/2 Push feature. This setting can be used to disable server push. The server will not send a `PUSH_PROMISE` frame if it receives this parameter set to @++{++code false++}++.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"http2-push-enabled","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.cors.origins","additionalKeys":[],"configDoc":"Origins allowed for CORS Comma separated list of valid URLs, e.g.: http://www.quarkus.io,http://localhost:3000 In case an entry of the list is surrounded by forward slashes, it is interpreted as a regular expression.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"origins","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.cors.methods","additionalKeys":[],"configDoc":"HTTP methods allowed for CORS Comma separated list of valid methods. ex: GET,PUT,POST The filter allows any method if this is not set. default: returns any requested method as valid","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"methods","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.cors.headers","additionalKeys":[],"configDoc":"HTTP headers allowed for CORS Comma separated list of valid headers. ex: X-Custom,Content-Disposition The filter allows any header if this is not set. default: returns any requested header as valid","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"headers","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.cors.exposed-headers","additionalKeys":[],"configDoc":"HTTP headers exposed in CORS Comma separated list of valid headers. ex: X-Custom,Content-Disposition default: empty","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"exposed-headers","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.http.cors.access-control-max-age","additionalKeys":[],"configDoc":"The `Access-Control-Max-Age` response header value indicating how long the results of a pre-flight request can be cached.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"access-control-max-age","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.http.cors.access-control-allow-credentials","additionalKeys":[],"configDoc":"The `Access-Control-Allow-Credentials` header is used to tell the browsers to expose the response to front-end JavaScript code when the request’s credentials mode Request.credentials is “include”. The value of this header will default to `true` if `quarkus.http.cors.origins` property is set and there is a match with the precise `Origin` header.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"access-control-allow-credentials","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.credentials-provider","additionalKeys":[],"configDoc":"The `CredentialsProvider`. If this property is configured, then a matching 'CredentialsProvider' will be used to get the keystore, keystore key, and truststore passwords unless these passwords have already been configured. Please note that using MicroProfile `ConfigSource` which is directly supported by Quarkus Configuration should be preferred unless using `CredentialsProvider` provides for some additional security and dynamism.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"credentials-provider","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.credentials-provider-name","additionalKeys":[],"configDoc":"The credentials provider bean name.\n\nThis is a bean name (as in `@Named`) of a bean that implements `CredentialsProvider`. It is used to select the credentials provider bean when multiple exist. This is unnecessary when there is only one credentials provider available.\n\nFor Vault, the credentials provider bean name is `vault-credentials-provider`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"credentials-provider-name","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"path","key":"quarkus.http.ssl.certificate.files","additionalKeys":[],"configDoc":"The list of path to server certificates using the PEM format. Specifying multiple files requires SNI to be enabled.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"files","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"path","key":"quarkus.http.ssl.certificate.key-files","additionalKeys":[],"configDoc":"The list of path to server certificates private key files using the PEM format. Specifying multiple files requires SNI to be enabled. The order of the key files must match the order of the certificates.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-files","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"path","key":"quarkus.http.ssl.certificate.key-store-file","additionalKeys":[],"configDoc":"An optional key store that holds the certificate information instead of specifying separate files.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-file","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.key-store-file-type","additionalKeys":[],"configDoc":"An optional parameter to specify the type of the key store file. If not given, the type is automatically detected based on the file name.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-file-type","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.key-store-provider","additionalKeys":[],"configDoc":"An optional parameter to specify a provider of the key store file. If not given, the provider is automatically detected based on the key store file type.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-provider","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.key-store-password","additionalKeys":[],"configDoc":"A parameter to specify the password of the key store file. If not given, and if it can not be retrieved from `CredentialsProvider`.","withinAMap":false,"defaultValue":"password","javaDocSiteLink":"","docMapKey":"key-store-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.key-store-password-key","additionalKeys":[],"configDoc":"A parameter to specify a `CredentialsProvider` property key, which can be used to get the password of the key store file from `CredentialsProvider`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-password-key","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.key-store-key-alias","additionalKeys":[],"configDoc":"An optional parameter to select a specific key in the key store. When SNI is disabled, and the key store contains multiple keys and no alias is specified; the behavior is undefined.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-key-alias","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.key-store-key-password","additionalKeys":[],"configDoc":"An optional parameter to define the password for the key, in case it is different from `key-store-password` If not given, it might be retrieved from `CredentialsProvider`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-key-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.key-store-key-password-key","additionalKeys":[],"configDoc":"A parameter to specify a `CredentialsProvider` property key, which can be used to get the password for the key from `CredentialsProvider`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"key-store-key-password-key","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"path","key":"quarkus.http.ssl.certificate.trust-store-file","additionalKeys":[],"configDoc":"An optional trust store that holds the certificate information of the trusted certificates.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-file","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.trust-store-file-type","additionalKeys":[],"configDoc":"An optional parameter to specify the type of the trust store file. If not given, the type is automatically detected based on the file name.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-file-type","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.trust-store-provider","additionalKeys":[],"configDoc":"An optional parameter to specify a provider of the trust store file. If not given, the provider is automatically detected based on the trust store file type.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-provider","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.trust-store-password","additionalKeys":[],"configDoc":"A parameter to specify the password of the trust store file. If not given, it might be retrieved from `CredentialsProvider`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-password","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.trust-store-password-key","additionalKeys":[],"configDoc":"A parameter to specify a `CredentialsProvider` property key, which can be used to get the password of the trust store file from `CredentialsProvider`.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-password-key","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.certificate.trust-store-cert-alias","additionalKeys":[],"configDoc":"An optional parameter to trust a single certificate from the trust store rather than trusting all certificates in the store.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"trust-store-cert-alias","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.cipher-suites","additionalKeys":[],"configDoc":"The cipher suites to use. If none is given, a reasonable default is selected.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"cipher-suites","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.ssl.protocols","additionalKeys":[],"configDoc":"Sets the ordered list of enabled SSL/TLS protocols.\n\nIf not set, it defaults to `\"TLSv1.3, TLSv1.2\"`. The following list of protocols are supported: `TLSv1, TLSv1.1, TLSv1.2, TLSv1.3`. To only enable `TLSv1.3`, set the value to `to \"TLSv1.3\"`.\n\nNote that setting an empty list, and enabling SSL/TLS is invalid. You must at least have one protocol.","withinAMap":false,"defaultValue":"TLSv1.3,TLSv1.2","javaDocSiteLink":"","docMapKey":"protocols","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.ssl.sni","additionalKeys":[],"configDoc":"Enables Server Name Indication (SNI), an TLS extension allowing the server to use multiple certificates. The client indicate the server name during the TLS handshake, allowing the server to select the right certificate.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"sni","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.static-resources.index-page","additionalKeys":[],"configDoc":"Set the index page when serving static resources.","withinAMap":false,"defaultValue":"index.html","javaDocSiteLink":"","docMapKey":"index-page","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.static-resources.include-hidden","additionalKeys":[],"configDoc":"Set whether hidden files should be served.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"include-hidden","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.static-resources.enable-range-support","additionalKeys":[],"configDoc":"Set whether range requests (resumable downloads; media streaming) should be enabled.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"enable-range-support","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.static-resources.caching-enabled","additionalKeys":[],"configDoc":"Set whether cache handling is enabled.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"caching-enabled","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.http.static-resources.cache-entry-timeout","additionalKeys":[],"configDoc":"Set the cache entry timeout. The default is `30` seconds.","withinAMap":false,"defaultValue":"30S","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"cache-entry-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.http.static-resources.max-age","additionalKeys":[],"configDoc":"Set value for max age in caching headers. The default is `24` hours.","withinAMap":false,"defaultValue":"24H","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"max-age","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.http.static-resources.max-cache-size","additionalKeys":[],"configDoc":"Set the max cache size.","withinAMap":false,"defaultValue":"10000","javaDocSiteLink":"","docMapKey":"max-cache-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.handle-100-continue-automatically","additionalKeys":[],"configDoc":"When set to `true`, the HTTP server automatically sends `100 CONTINUE` response when the request expects it (with the `Expect: 100-Continue` header).","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"handle100-continue-automatically","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.http.io-threads","additionalKeys":[],"configDoc":"The number if IO threads used to perform IO. This will be automatically set to a reasonable value based on the number of CPU cores if it is not provided. If this is set to a higher value than the number of Vert.x event loops then it will be capped at the number of event loops. In general this should be controlled by setting quarkus.vertx.event-loops-pool-size, this setting should only be used if you want to limit the number of HTTP io threads to a smaller number than the total number of IO threads.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"io-threads","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"io.quarkus.runtime.configuration.MemorySize","key":"quarkus.http.limits.max-header-size","additionalKeys":[],"configDoc":"The maximum length of all headers.","withinAMap":false,"defaultValue":"20K","javaDocSiteLink":"","docMapKey":"max-header-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"io.quarkus.runtime.configuration.MemorySize","key":"quarkus.http.limits.max-body-size","additionalKeys":[],"configDoc":"The maximum size of a request body.","withinAMap":false,"defaultValue":"10240K","javaDocSiteLink":"","docMapKey":"max-body-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"io.quarkus.runtime.configuration.MemorySize","key":"quarkus.http.limits.max-chunk-size","additionalKeys":[],"configDoc":"The max HTTP chunk size","withinAMap":false,"defaultValue":"8192","javaDocSiteLink":"","docMapKey":"max-chunk-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.http.limits.max-initial-line-length","additionalKeys":[],"configDoc":"The maximum length of the initial line (e.g. `\"GET / HTTP/1.0\"`).","withinAMap":false,"defaultValue":"4096","javaDocSiteLink":"","docMapKey":"max-initial-line-length","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"io.quarkus.runtime.configuration.MemorySize","key":"quarkus.http.limits.max-form-attribute-size","additionalKeys":[],"configDoc":"The maximum length of a form attribute.","withinAMap":false,"defaultValue":"2048","javaDocSiteLink":"","docMapKey":"max-form-attribute-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.http.limits.max-connections","additionalKeys":[],"configDoc":"The maximum number of connections that are allowed at any one time. If this is set it is recommended to set a short idle timeout.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"max-connections","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.lang.Long","key":"quarkus.http.limits.header-table-size","additionalKeys":[],"configDoc":"Set the SETTINGS_HEADER_TABLE_SIZE HTTP/2 setting.\n\nAllows the sender to inform the remote endpoint of the maximum size of the header compression table used to decode header blocks, in octets. The encoder can select any size equal to or less than this value by using signaling specific to the header compression format inside a header block. The initial value is `4,096` octets.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"header-table-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.lang.Long","key":"quarkus.http.limits.max-concurrent-streams","additionalKeys":[],"configDoc":"Set SETTINGS_MAX_CONCURRENT_STREAMS HTTP/2 setting.\n\nIndicates the maximum number of concurrent streams that the sender will allow. This limit is directional: it applies to the number of streams that the sender permits the receiver to create. Initially, there is no limit to this value. It is recommended that this value be no smaller than 100, to not unnecessarily limit parallelism.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"max-concurrent-streams","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.http.limits.max-frame-size","additionalKeys":[],"configDoc":"Set the SETTINGS_MAX_FRAME_SIZE HTTP/2 setting. Indicates the size of the largest frame payload that the sender is willing to receive, in octets. The initial value is `2^14` (16,384) octets.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"max-frame-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.lang.Long","key":"quarkus.http.limits.max-header-list-size","additionalKeys":[],"configDoc":"Set the SETTINGS_MAX_HEADER_LIST_SIZE HTTP/2 setting. This advisory setting informs a peer of the maximum size of header list that the sender is prepared to accept, in octets. The value is based on the uncompressed size of header fields, including the length of the name and value in octets plus an overhead of 32 octets for each header field. The default value is `8192`","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"max-header-list-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.http.idle-timeout","additionalKeys":[],"configDoc":"Http connection idle timeout","withinAMap":false,"defaultValue":"30M","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"idle-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.http.read-timeout","additionalKeys":[],"configDoc":"Http connection read timeout for blocking IO. This is the maximum amount of time a thread will wait for data, before an IOException will be thrown and the connection closed.","withinAMap":false,"defaultValue":"60S","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"read-timeout","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.body.handle-file-uploads","additionalKeys":[],"configDoc":"Whether the files sent using `multipart/form-data` will be stored locally.\n\nIf `true`, they will be stored in `quarkus.http.body-handler.uploads-directory` and will be made available via `io.vertx.ext.web.RoutingContext.fileUploads()`. Otherwise, the files sent using `multipart/form-data` will not be stored locally, and `io.vertx.ext.web.RoutingContext.fileUploads()` will always return an empty collection. Note that even with this option being set to `false`, the `multipart/form-data` requests will be accepted.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"handle-file-uploads","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.body.uploads-directory","additionalKeys":[],"configDoc":"The directory where the files sent using `multipart/form-data` should be stored.\n\nEither an absolute path or a path relative to the current directory of the application process.","withinAMap":false,"defaultValue":"${java.io.tmpdir}/uploads","javaDocSiteLink":"","docMapKey":"uploads-directory","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.body.merge-form-attributes","additionalKeys":[],"configDoc":"Whether the form attributes should be added to the request parameters.\n\nIf `true`, the form attributes will be added to the request parameters; otherwise the form parameters will not be added to the request parameters","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"merge-form-attributes","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.body.delete-uploaded-files-on-end","additionalKeys":[],"configDoc":"Whether the uploaded files should be removed after serving the request.\n\nIf `true` the uploaded files stored in `quarkus.http.body-handler.uploads-directory` will be removed after handling the request. Otherwise, the files will be left there forever.","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"delete-uploaded-files-on-end","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.body.preallocate-body-buffer","additionalKeys":[],"configDoc":"Whether the body buffer should pre-allocated based on the `Content-Length` header value.\n\nIf `true` the body buffer is pre-allocated according to the size read from the `Content-Length` header. Otherwise, the body buffer is pre-allocated to 1KB, and is resized dynamically","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"preallocate-body-buffer","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.body.multipart.file-content-types","additionalKeys":[],"configDoc":"A comma-separated list of `ContentType` to indicate whether a given multipart field should be handled as a file part. You can use this setting to force HTTP-based extensions to parse a message part as a file based on its content type. For now, this setting only works when using RESTEasy Reactive.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"file-content-types","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.auth.session.encryption-key","additionalKeys":[],"configDoc":"The encryption key that is used to store persistent logins (e.g. for form auth). Logins are stored in a persistent cookie that is encrypted with AES-256 using a key derived from a SHA-256 hash of the key that is provided here. If no key is provided then an in-memory one will be generated, this will change on every restart though so it is not suitable for production environments. This must be more than 16 characters long for security reasons","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"encryption-key","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.so-reuse-port","additionalKeys":[],"configDoc":"Enable socket reuse port (linux/macOs native transport only)","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"so-reuse-port","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.tcp-quick-ack","additionalKeys":[],"configDoc":"Enable tcp quick ack (linux native transport only)","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"tcp-quick-ack","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.tcp-cork","additionalKeys":[],"configDoc":"Enable tcp cork (linux native transport only)","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"tcp-cork","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.tcp-fast-open","additionalKeys":[],"configDoc":"Enable tcp fast open (linux native transport only)","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"tcp-fast-open","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"int","key":"quarkus.http.accept-backlog","additionalKeys":[],"configDoc":"The accept backlog, this is how many connections can be waiting to be accepted before connections start being rejected","withinAMap":false,"defaultValue":"-1","javaDocSiteLink":"","docMapKey":"accept-backlog","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.http.initial-window-size","additionalKeys":[],"configDoc":"Set the SETTINGS_INITIAL_WINDOW_SIZE HTTP/2 setting. Indicates the sender's initial window size (in octets) for stream-level flow control. The initial value is `2^16-1` (65,535) octets.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"initial-window-size","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.domain-socket","additionalKeys":[],"configDoc":"Path to a unix domain socket","withinAMap":false,"defaultValue":"/var/run/io.quarkus.app.socket","javaDocSiteLink":"","docMapKey":"domain-socket","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.domain-socket-enabled","additionalKeys":[],"configDoc":"Enable listening to host:port","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"domain-socket-enabled","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.record-request-start-time","additionalKeys":[],"configDoc":"If this is true then the request start time will be recorded to enable logging of total request time. This has a small performance penalty, so is disabled by default.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"record-request-start-time","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.access-log.enabled","additionalKeys":[],"configDoc":"If access logging is enabled. By default this will log via the standard logging facility","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"enabled","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.access-log.exclude-pattern","additionalKeys":[],"configDoc":"A regular expression that can be used to exclude some paths from logging.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"exclude-pattern","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.access-log.pattern","additionalKeys":[],"configDoc":"The access log pattern.\n\nIf this is the string `common`, `combined` or `long` then this will use one of the specified named formats:\n\n- common: `%h %l %u %t \"%r\" %s %b`\n- combined: `%h %l %u %t \"%r\" %s %b \"%{i,Referer}\" \"%{i,User-Agent}\"`\n- long: `%r\\n%{ALL_REQUEST_HEADERS}`\n\nOtherwise, consult the Quarkus documentation for the full list of variables that can be used.","withinAMap":false,"defaultValue":"common","javaDocSiteLink":"","docMapKey":"pattern","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.access-log.log-to-file","additionalKeys":[],"configDoc":"If logging should be done to a separate file.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"log-to-file","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.access-log.base-file-name","additionalKeys":[],"configDoc":"The access log file base name, defaults to 'quarkus' which will give a log file name of 'quarkus.log'.","withinAMap":false,"defaultValue":"quarkus","javaDocSiteLink":"","docMapKey":"base-file-name","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.access-log.log-directory","additionalKeys":[],"configDoc":"The log directory to use when logging access to a file If this is not set then the current working directory is used.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"log-directory","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.access-log.log-suffix","additionalKeys":[],"configDoc":"The log file suffix","withinAMap":false,"defaultValue":".log","javaDocSiteLink":"","docMapKey":"log-suffix","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.access-log.category","additionalKeys":[],"configDoc":"The log category to use if logging is being done via the standard log mechanism (i.e. if base-file-name is empty).","withinAMap":false,"defaultValue":"io.quarkus.http.access-log","javaDocSiteLink":"","docMapKey":"category","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.access-log.rotate","additionalKeys":[],"configDoc":"If the log should be rotated daily","withinAMap":false,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"rotate","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.traffic-shaping.enabled","additionalKeys":[],"configDoc":"Enables the traffic shaping.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"enabled","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"io.quarkus.runtime.configuration.MemorySize","key":"quarkus.http.traffic-shaping.inbound-global-bandwidth","additionalKeys":[],"configDoc":"Set bandwidth limit in bytes per second for inbound connections. If not set, no limits are applied.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"inbound-global-bandwidth","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"io.quarkus.runtime.configuration.MemorySize","key":"quarkus.http.traffic-shaping.outbound-global-bandwidth","additionalKeys":[],"configDoc":"Set bandwidth limit in bytes per second for outbound connections. If not set, no limits are applied.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"outbound-global-bandwidth","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.http.traffic-shaping.max-delay","additionalKeys":[],"configDoc":"Set the maximum delay to wait in case of traffic excess. Default is 15s. Must be less than the HTTP timeout.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"max-delay","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.time.Duration","key":"quarkus.http.traffic-shaping.check-interval","additionalKeys":[],"configDoc":"Set the delay between two computations of performances for channels. If set to 0, no stats are computed. Despite 0 is accepted (no accounting), it is recommended to set a positive value for the check interval, even if it is high since the precision of the traffic shaping depends on the period where the traffic is computed. In this case, a suggested value is something close to 5 or 10 minutes.\n\nIf not default, it defaults to 1s.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html","docMapKey":"check-interval","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"io.quarkus.runtime.configuration.MemorySize","key":"quarkus.http.traffic-shaping.peak-outbound-global-bandwidth","additionalKeys":[],"configDoc":"Set the maximum global write size in bytes per second allowed in the buffer globally for all channels before write are suspended. The default value is 400 MB.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"peak-outbound-global-bandwidth","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.same-site-cookie.\"same-site-cookie\".case-sensitive","additionalKeys":[],"configDoc":"If the cookie pattern is case-sensitive","withinAMap":true,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"case-sensitive","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"io.vertx.core.http.CookieSameSite","key":"quarkus.http.same-site-cookie.\"same-site-cookie\".value","additionalKeys":[],"configDoc":"The value to set in the samesite attribute","withinAMap":true,"defaultValue":"","javaDocSiteLink":"https://vertx.io/docs/apidocs/io/vertx/core/http/CookieSameSite.html","docMapKey":"value","configPhase":"RUN_TIME","acceptedValues":["`none`","`strict`","`lax`"],"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":true}},{"configDocKey":{"type":"boolean","key":"quarkus.http.same-site-cookie.\"same-site-cookie\".enable-client-checker","additionalKeys":[],"configDoc":"Some User Agents break when sent SameSite=None, this will detect them and avoid sending the value","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"enable-client-checker","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.same-site-cookie.\"same-site-cookie\".add-secure-for-none","additionalKeys":[],"configDoc":"If this is true then the 'secure' attribute will automatically be sent on cookies with a SameSite attribute of None.","withinAMap":true,"defaultValue":"true","javaDocSiteLink":"","docMapKey":"add-secure-for-none","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"io.quarkus.vertx.http.runtime.HttpConfiguration.PayloadHint","key":"quarkus.http.unhandled-error-content-type-default","additionalKeys":[],"configDoc":"Provides a hint (optional) for the default content type of responses generated for the errors not handled by the application.\n\nIf the client requested a supported content-type in request headers (e.g. \"Accept: application/json\", \"Accept: text/html\"), Quarkus will use that content type.\n\nOtherwise, it will default to the content type configured here.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"unhandled-error-content-type-default","configPhase":"RUN_TIME","acceptedValues":["`json`","`html`"],"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":false,"topLevelGrouping":"quarkus.http","enum":true}},{"configDocKey":{"type":"string","key":"quarkus.http.header.\"header\".path","additionalKeys":[],"configDoc":"The path this header should be applied","withinAMap":true,"defaultValue":"/*","javaDocSiteLink":"","docMapKey":"path","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.header.\"header\".value","additionalKeys":[],"configDoc":"The value for this header configuration","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"value","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.header.\"header\".methods","additionalKeys":[],"configDoc":"The HTTP methods for this header configuration","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"methods","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.filter.\"filter\".matches","additionalKeys":[],"configDoc":"A regular expression for the paths matching this configuration","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"matches","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"`Map`","key":"quarkus.http.filter.\"filter\".header","additionalKeys":[],"configDoc":"Additional HTTP Headers always sent in the response","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"header","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":true,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.filter.\"filter\".methods","additionalKeys":[],"configDoc":"The HTTP methods for this path configuration","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"methods","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.lang.Integer","key":"quarkus.http.filter.\"filter\".order","additionalKeys":[],"configDoc":"","withinAMap":true,"defaultValue":"","javaDocSiteLink":"","docMapKey":"order","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.proxy.use-proxy-protocol","additionalKeys":[],"configDoc":"Set whether the server should use the HA `PROXY` protocol when serving requests from behind a proxy. (see the link:https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt[PROXY Protocol]). When set to `true`, the remote address returned will be the one from the actual connecting client. If it is set to `false` (default), the remote address returned will be the one from the proxy.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"use-proxy-protocol","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.proxy.proxy-address-forwarding","additionalKeys":[],"configDoc":"If this is true then the address, scheme etc. will be set from headers forwarded by the proxy server, such as `X-Forwarded-For`. This should only be set if you are behind a proxy that sets these headers.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"proxy-address-forwarding","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.proxy.allow-forwarded","additionalKeys":[],"configDoc":"If this is true and proxy address forwarding is enabled then the standard `Forwarded` header will be used. In case the not standard `X-Forwarded-For` header is enabled and detected on HTTP requests, the standard header has the precedence. Activating this together with `quarkus.http.proxy.allow-x-forwarded` has security implications as clients can forge requests with a forwarded header that is not overwritten by the proxy. Therefore, proxies should strip unexpected `X-Forwarded` or `X-Forwarded-++*++` headers from the client.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"allow-forwarded","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"java.lang.Boolean","key":"quarkus.http.proxy.allow-x-forwarded","additionalKeys":[],"configDoc":"If either this or `allow-forwarded` are true and proxy address forwarding is enabled then the not standard `Forwarded` header will be used. In case the standard `Forwarded` header is enabled and detected on HTTP requests, the standard header has the precedence. Activating this together with `quarkus.http.proxy.allow-forwarded` has security implications as clients can forge requests with a forwarded header that is not overwritten by the proxy. Therefore, proxies should strip unexpected `X-Forwarded` or `X-Forwarded-++*++` headers from the client.","withinAMap":false,"defaultValue":"","javaDocSiteLink":"","docMapKey":"allow-x-forwarded","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.proxy.enable-forwarded-host","additionalKeys":[],"configDoc":"Enable override the received request's host through a forwarded host header.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"enable-forwarded-host","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.proxy.forwarded-host-header","additionalKeys":[],"configDoc":"Configure the forwarded host header to be used if override enabled.","withinAMap":false,"defaultValue":"X-Forwarded-Host","javaDocSiteLink":"","docMapKey":"forwarded-host-header","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"boolean","key":"quarkus.http.proxy.enable-forwarded-prefix","additionalKeys":[],"configDoc":"Enable prefix the received request's path with a forwarded prefix header.","withinAMap":false,"defaultValue":"false","javaDocSiteLink":"","docMapKey":"enable-forwarded-prefix","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"string","key":"quarkus.http.proxy.forwarded-prefix-header","additionalKeys":[],"configDoc":"Configure the forwarded prefix header to be used if prefixing enabled.","withinAMap":false,"defaultValue":"X-Forwarded-Prefix","javaDocSiteLink":"","docMapKey":"forwarded-prefix-header","configPhase":"RUN_TIME","acceptedValues":null,"optional":false,"list":false,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}},{"configDocKey":{"type":"io.quarkus.vertx.http.runtime.TrustedProxyCheck.TrustedProxyCheckPart","key":"quarkus.http.proxy.trusted-proxies","additionalKeys":[],"configDoc":"Configure the list of trusted proxy addresses. Received `Forwarded`, `X-Forwarded` or `X-Forwarded-++*++` headers from any other proxy address will be ignored. The trusted proxy address should be specified as the IP address (IPv4 or IPv6), hostname or Classless Inter-Domain Routing (CIDR) notation. Please note that Quarkus needs to perform DNS lookup for all hostnames during the request. For that reason, using hostnames is not recommended.\n\nExamples of a socket address in the form of `host` or `host:port`:\n\n - `127.0.0.1:8084`\n - `++[++0:0:0:0:0:0:0:1++]++`\n - `++[++0:0:0:0:0:0:0:1++]++:8084`\n - `++[++::++]++`\n - `localhost`\n - `localhost:8084`\n\nExamples of a CIDR notation:\n\n - `::/128`\n - `::/0`\n - `127.0.0.0/8`\n\nPlease bear in mind that IPv4 CIDR won't match request sent from the IPv6 address and the other way around.","withinAMap":false,"defaultValue":"All proxy addresses are trusted","javaDocSiteLink":"","docMapKey":"trusted-proxies","configPhase":"RUN_TIME","acceptedValues":null,"optional":true,"list":true,"passThroughMap":false,"withinAConfigGroup":true,"topLevelGrouping":"quarkus.http","enum":false}}] \ No newline at end of file diff --git a/_generated-doc/main/config/quarkus-all-config.adoc b/_generated-doc/main/config/quarkus-all-config.adoc index b885df099b..c7743051cc 100644 --- a/_generated-doc/main/config/quarkus-all-config.adoc +++ b/_generated-doc/main/config/quarkus-all-config.adoc @@ -8256,6 +8256,112 @@ endif::add-copy-button-to-env-var[] |`true` +a| [[quarkus-vertx-http_quarkus.http.traffic-shaping.enabled]]`link:#quarkus-vertx-http_quarkus.http.traffic-shaping.enabled[quarkus.http.traffic-shaping.enabled]` + + +[.description] +-- +Enables the traffic shaping. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_ENABLED+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_ENABLED+++` +endif::add-copy-button-to-env-var[] +--|boolean +|`false` + + +a| [[quarkus-vertx-http_quarkus.http.traffic-shaping.inbound-global-bandwidth]]`link:#quarkus-vertx-http_quarkus.http.traffic-shaping.inbound-global-bandwidth[quarkus.http.traffic-shaping.inbound-global-bandwidth]` + + +[.description] +-- +Set bandwidth limit in bytes per second for inbound connections. If not set, no limits are applied. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_INBOUND_GLOBAL_BANDWIDTH+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_INBOUND_GLOBAL_BANDWIDTH+++` +endif::add-copy-button-to-env-var[] +--|MemorySize link:#memory-size-note-anchor[icon:question-circle[], title=More information about the MemorySize format] +| + + +a| [[quarkus-vertx-http_quarkus.http.traffic-shaping.outbound-global-bandwidth]]`link:#quarkus-vertx-http_quarkus.http.traffic-shaping.outbound-global-bandwidth[quarkus.http.traffic-shaping.outbound-global-bandwidth]` + + +[.description] +-- +Set bandwidth limit in bytes per second for outbound connections. If not set, no limits are applied. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_OUTBOUND_GLOBAL_BANDWIDTH+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_OUTBOUND_GLOBAL_BANDWIDTH+++` +endif::add-copy-button-to-env-var[] +--|MemorySize link:#memory-size-note-anchor[icon:question-circle[], title=More information about the MemorySize format] +| + + +a| [[quarkus-vertx-http_quarkus.http.traffic-shaping.max-delay]]`link:#quarkus-vertx-http_quarkus.http.traffic-shaping.max-delay[quarkus.http.traffic-shaping.max-delay]` + + +[.description] +-- +Set the maximum delay to wait in case of traffic excess. Default is 15s. Must be less than the HTTP timeout. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_MAX_DELAY+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_MAX_DELAY+++` +endif::add-copy-button-to-env-var[] +--|link:https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html[Duration] + link:#duration-note-anchor-{summaryTableId}[icon:question-circle[], title=More information about the Duration format] +| + + +a| [[quarkus-vertx-http_quarkus.http.traffic-shaping.check-interval]]`link:#quarkus-vertx-http_quarkus.http.traffic-shaping.check-interval[quarkus.http.traffic-shaping.check-interval]` + + +[.description] +-- +Set the delay between two computations of performances for channels. If set to 0, no stats are computed. Despite 0 is accepted (no accounting), it is recommended to set a positive value for the check interval, even if it is high since the precision of the traffic shaping depends on the period where the traffic is computed. In this case, a suggested value is something close to 5 or 10 minutes. + +If not default, it defaults to 1s. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_CHECK_INTERVAL+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_CHECK_INTERVAL+++` +endif::add-copy-button-to-env-var[] +--|link:https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html[Duration] + link:#duration-note-anchor-{summaryTableId}[icon:question-circle[], title=More information about the Duration format] +| + + +a| [[quarkus-vertx-http_quarkus.http.traffic-shaping.peak-outbound-global-bandwidth]]`link:#quarkus-vertx-http_quarkus.http.traffic-shaping.peak-outbound-global-bandwidth[quarkus.http.traffic-shaping.peak-outbound-global-bandwidth]` + + +[.description] +-- +Set the maximum global write size in bytes per second allowed in the buffer globally for all channels before write are suspended. The default value is 400 MB. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_PEAK_OUTBOUND_GLOBAL_BANDWIDTH+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_PEAK_OUTBOUND_GLOBAL_BANDWIDTH+++` +endif::add-copy-button-to-env-var[] +--|MemorySize link:#memory-size-note-anchor[icon:question-circle[], title=More information about the MemorySize format] +| + + a| [[quarkus-vertx-http_quarkus.http.unhandled-error-content-type-default]]`link:#quarkus-vertx-http_quarkus.http.unhandled-error-content-type-default[quarkus.http.unhandled-error-content-type-default]` @@ -42402,6 +42508,24 @@ endif::add-copy-button-to-env-var[] |`admin` +a| [[quarkus-mongodb-client_quarkus.mongodb.uuid-representation]]`link:#quarkus-mongodb-client_quarkus.mongodb.uuid-representation[quarkus.mongodb.uuid-representation]` + + +[.description] +-- +Configures the UUID representation to use when encoding instances of `java.util.UUID` and when decoding BSON binary values with subtype of 3. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_MONGODB_UUID_REPRESENTATION+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_MONGODB_UUID_REPRESENTATION+++` +endif::add-copy-button-to-env-var[] +-- a| +`unspecified`, `standard`, `c-sharp-legacy`, `java-legacy`, `python-legacy` +| + + a| [[quarkus-mongodb-client_quarkus.mongodb.dns.server-host]]`link:#quarkus-mongodb-client_quarkus.mongodb.dns.server-host[quarkus.mongodb.dns.server-host]` @@ -42897,6 +43021,24 @@ endif::add-copy-button-to-env-var[] |`admin` +a| [[quarkus-mongodb-client_quarkus.mongodb.-mongo-client-configs-.uuid-representation]]`link:#quarkus-mongodb-client_quarkus.mongodb.-mongo-client-configs-.uuid-representation[quarkus.mongodb."mongo-client-configs".uuid-representation]` + + +[.description] +-- +Configures the UUID representation to use when encoding instances of `java.util.UUID` and when decoding BSON binary values with subtype of 3. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_MONGODB__MONGO_CLIENT_CONFIGS__UUID_REPRESENTATION+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_MONGODB__MONGO_CLIENT_CONFIGS__UUID_REPRESENTATION+++` +endif::add-copy-button-to-env-var[] +-- a| +`unspecified`, `standard`, `c-sharp-legacy`, `java-legacy`, `python-legacy` +| + + h|[[quarkus-mongodb-client_quarkus.mongodb.write-concern-write-concern]]link:#quarkus-mongodb-client_quarkus.mongodb.write-concern-write-concern[Write concern] h|Type @@ -45999,7 +46141,7 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_OIDC_PROVIDER+++` endif::add-copy-button-to-env-var[] -- a| -`apple`, `facebook`, `github`, `google`, `microsoft`, `spotify`, `twitch`, `twitter`, `x` +`apple`, `facebook`, `github`, `google`, `mastodon`, `microsoft`, `spotify`, `twitch`, `twitter`, `x` | @@ -48355,7 +48497,7 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_OIDC__TENANT__PROVIDER+++` endif::add-copy-button-to-env-var[] -- a| -`apple`, `facebook`, `github`, `google`, `microsoft`, `spotify`, `twitch`, `twitter`, `x` +`apple`, `facebook`, `github`, `google`, `mastodon`, `microsoft`, `spotify`, `twitch`, `twitter`, `x` | @@ -65650,7 +65792,9 @@ a|icon:lock[title=Fixed at build time] [[quarkus-smallrye-reactive-messaging-amq [.description] -- -The image to use. Note that only ActiveMQ Artemis images are supported. Specifically, the image repository must end with `artemiscloud/activemq-artemis-broker`. Check the link:https://quay.io/repository/artemiscloud/activemq-artemis-broker[activemq-artemis-broker on Quay page] to find the available versions. +The image to use. Note that only ActiveMQ Artemis images are supported. Specifically, the image repository must end with `artemiscloud/activemq-artemis-broker`. + +Check the link:https://quay.io/repository/artemiscloud/activemq-artemis-broker[activemq-artemis-broker on Quay page] to find the available versions. ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_AMQP_DEVSERVICES_IMAGE_NAME+++[] @@ -65659,7 +65803,7 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_AMQP_DEVSERVICES_IMAGE_NAME+++` endif::add-copy-button-to-env-var[] --|string -|`quay.io/artemiscloud/activemq-artemis-broker:1.0.18` +|`quay.io/artemiscloud/activemq-artemis-broker:1.0.22` a|icon:lock[title=Fixed at build time] [[quarkus-smallrye-reactive-messaging-amqp_quarkus.amqp.devservices.extra-args]]`link:#quarkus-smallrye-reactive-messaging-amqp_quarkus.amqp.devservices.extra-args[quarkus.amqp.devservices.extra-args]` @@ -65667,7 +65811,7 @@ a|icon:lock[title=Fixed at build time] [[quarkus-smallrye-reactive-messaging-amq [.description] -- -The value of the `AMQ_EXTRA_ARGS` environment variable to pass to the container. +The value of the `AMQ_EXTRA_ARGS` environment variable to pass to the container. For ActiveMQ Artemis Broker <= 1.0.21, set this property to `--no-autotune --mapped --no-fsync --relax-jolokia --http-host 0.0.0.0` ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_AMQP_DEVSERVICES_EXTRA_ARGS+++[] @@ -65676,7 +65820,7 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_AMQP_DEVSERVICES_EXTRA_ARGS+++` endif::add-copy-button-to-env-var[] --|string -|`--no-autotune --mapped --no-fsync --relax-jolokia --http-host 0.0.0.0` +|`--no-autotune --mapped --no-fsync --relax-jolokia` a|icon:lock[title=Fixed at build time] [[quarkus-smallrye-reactive-messaging-amqp_quarkus.amqp.devservices.shared]]`link:#quarkus-smallrye-reactive-messaging-amqp_quarkus.amqp.devservices.shared[quarkus.amqp.devservices.shared]` diff --git a/_generated-doc/main/config/quarkus-amqp-amqp-build-time-config.adoc b/_generated-doc/main/config/quarkus-amqp-amqp-build-time-config.adoc index 1247c5ad18..a391d889f3 100644 --- a/_generated-doc/main/config/quarkus-amqp-amqp-build-time-config.adoc +++ b/_generated-doc/main/config/quarkus-amqp-amqp-build-time-config.adoc @@ -51,7 +51,9 @@ a|icon:lock[title=Fixed at build time] [[quarkus-amqp-amqp-build-time-config_qua [.description] -- -The image to use. Note that only ActiveMQ Artemis images are supported. Specifically, the image repository must end with `artemiscloud/activemq-artemis-broker`. Check the link:https://quay.io/repository/artemiscloud/activemq-artemis-broker[activemq-artemis-broker on Quay page] to find the available versions. +The image to use. Note that only ActiveMQ Artemis images are supported. Specifically, the image repository must end with `artemiscloud/activemq-artemis-broker`. + +Check the link:https://quay.io/repository/artemiscloud/activemq-artemis-broker[activemq-artemis-broker on Quay page] to find the available versions. ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_AMQP_DEVSERVICES_IMAGE_NAME+++[] @@ -60,7 +62,7 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_AMQP_DEVSERVICES_IMAGE_NAME+++` endif::add-copy-button-to-env-var[] --|string -|`quay.io/artemiscloud/activemq-artemis-broker:1.0.18` +|`quay.io/artemiscloud/activemq-artemis-broker:1.0.22` a|icon:lock[title=Fixed at build time] [[quarkus-amqp-amqp-build-time-config_quarkus.amqp.devservices.extra-args]]`link:#quarkus-amqp-amqp-build-time-config_quarkus.amqp.devservices.extra-args[quarkus.amqp.devservices.extra-args]` @@ -68,7 +70,7 @@ a|icon:lock[title=Fixed at build time] [[quarkus-amqp-amqp-build-time-config_qua [.description] -- -The value of the `AMQ_EXTRA_ARGS` environment variable to pass to the container. +The value of the `AMQ_EXTRA_ARGS` environment variable to pass to the container. For ActiveMQ Artemis Broker <= 1.0.21, set this property to `--no-autotune --mapped --no-fsync --relax-jolokia --http-host 0.0.0.0` ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_AMQP_DEVSERVICES_EXTRA_ARGS+++[] @@ -77,7 +79,7 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_AMQP_DEVSERVICES_EXTRA_ARGS+++` endif::add-copy-button-to-env-var[] --|string -|`--no-autotune --mapped --no-fsync --relax-jolokia --http-host 0.0.0.0` +|`--no-autotune --mapped --no-fsync --relax-jolokia` a|icon:lock[title=Fixed at build time] [[quarkus-amqp-amqp-build-time-config_quarkus.amqp.devservices.shared]]`link:#quarkus-amqp-amqp-build-time-config_quarkus.amqp.devservices.shared[quarkus.amqp.devservices.shared]` diff --git a/_generated-doc/main/config/quarkus-http-http-configuration.adoc b/_generated-doc/main/config/quarkus-http-http-configuration.adoc index bc93ca4225..17681ddc3d 100644 --- a/_generated-doc/main/config/quarkus-http-http-configuration.adoc +++ b/_generated-doc/main/config/quarkus-http-http-configuration.adoc @@ -1491,6 +1491,112 @@ endif::add-copy-button-to-env-var[] |`true` +a| [[quarkus-http-http-configuration_quarkus.http.traffic-shaping.enabled]]`link:#quarkus-http-http-configuration_quarkus.http.traffic-shaping.enabled[quarkus.http.traffic-shaping.enabled]` + + +[.description] +-- +Enables the traffic shaping. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_ENABLED+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_ENABLED+++` +endif::add-copy-button-to-env-var[] +--|boolean +|`false` + + +a| [[quarkus-http-http-configuration_quarkus.http.traffic-shaping.inbound-global-bandwidth]]`link:#quarkus-http-http-configuration_quarkus.http.traffic-shaping.inbound-global-bandwidth[quarkus.http.traffic-shaping.inbound-global-bandwidth]` + + +[.description] +-- +Set bandwidth limit in bytes per second for inbound connections. If not set, no limits are applied. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_INBOUND_GLOBAL_BANDWIDTH+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_INBOUND_GLOBAL_BANDWIDTH+++` +endif::add-copy-button-to-env-var[] +--|MemorySize link:#memory-size-note-anchor[icon:question-circle[], title=More information about the MemorySize format] +| + + +a| [[quarkus-http-http-configuration_quarkus.http.traffic-shaping.outbound-global-bandwidth]]`link:#quarkus-http-http-configuration_quarkus.http.traffic-shaping.outbound-global-bandwidth[quarkus.http.traffic-shaping.outbound-global-bandwidth]` + + +[.description] +-- +Set bandwidth limit in bytes per second for outbound connections. If not set, no limits are applied. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_OUTBOUND_GLOBAL_BANDWIDTH+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_OUTBOUND_GLOBAL_BANDWIDTH+++` +endif::add-copy-button-to-env-var[] +--|MemorySize link:#memory-size-note-anchor[icon:question-circle[], title=More information about the MemorySize format] +| + + +a| [[quarkus-http-http-configuration_quarkus.http.traffic-shaping.max-delay]]`link:#quarkus-http-http-configuration_quarkus.http.traffic-shaping.max-delay[quarkus.http.traffic-shaping.max-delay]` + + +[.description] +-- +Set the maximum delay to wait in case of traffic excess. Default is 15s. Must be less than the HTTP timeout. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_MAX_DELAY+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_MAX_DELAY+++` +endif::add-copy-button-to-env-var[] +--|link:https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html[Duration] + link:#duration-note-anchor-{summaryTableId}[icon:question-circle[], title=More information about the Duration format] +| + + +a| [[quarkus-http-http-configuration_quarkus.http.traffic-shaping.check-interval]]`link:#quarkus-http-http-configuration_quarkus.http.traffic-shaping.check-interval[quarkus.http.traffic-shaping.check-interval]` + + +[.description] +-- +Set the delay between two computations of performances for channels. If set to 0, no stats are computed. Despite 0 is accepted (no accounting), it is recommended to set a positive value for the check interval, even if it is high since the precision of the traffic shaping depends on the period where the traffic is computed. In this case, a suggested value is something close to 5 or 10 minutes. + +If not default, it defaults to 1s. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_CHECK_INTERVAL+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_CHECK_INTERVAL+++` +endif::add-copy-button-to-env-var[] +--|link:https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html[Duration] + link:#duration-note-anchor-{summaryTableId}[icon:question-circle[], title=More information about the Duration format] +| + + +a| [[quarkus-http-http-configuration_quarkus.http.traffic-shaping.peak-outbound-global-bandwidth]]`link:#quarkus-http-http-configuration_quarkus.http.traffic-shaping.peak-outbound-global-bandwidth[quarkus.http.traffic-shaping.peak-outbound-global-bandwidth]` + + +[.description] +-- +Set the maximum global write size in bytes per second allowed in the buffer globally for all channels before write are suspended. The default value is 400 MB. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_PEAK_OUTBOUND_GLOBAL_BANDWIDTH+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_PEAK_OUTBOUND_GLOBAL_BANDWIDTH+++` +endif::add-copy-button-to-env-var[] +--|MemorySize link:#memory-size-note-anchor[icon:question-circle[], title=More information about the MemorySize format] +| + + a| [[quarkus-http-http-configuration_quarkus.http.unhandled-error-content-type-default]]`link:#quarkus-http-http-configuration_quarkus.http.unhandled-error-content-type-default[quarkus.http.unhandled-error-content-type-default]` diff --git a/_generated-doc/main/config/quarkus-mongodb-config-group-mongo-client-config.adoc b/_generated-doc/main/config/quarkus-mongodb-config-group-mongo-client-config.adoc index f6291f3cf3..b26f199ac0 100644 --- a/_generated-doc/main/config/quarkus-mongodb-config-group-mongo-client-config.adoc +++ b/_generated-doc/main/config/quarkus-mongodb-config-group-mongo-client-config.adoc @@ -402,6 +402,24 @@ endif::add-copy-button-to-env-var[] |`admin` +a| [[quarkus-mongodb-config-group-mongo-client-config_quarkus.mongodb.uuid-representation]]`link:#quarkus-mongodb-config-group-mongo-client-config_quarkus.mongodb.uuid-representation[quarkus.mongodb.uuid-representation]` + + +[.description] +-- +Configures the UUID representation to use when encoding instances of `java.util.UUID` and when decoding BSON binary values with subtype of 3. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_MONGODB_UUID_REPRESENTATION+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_MONGODB_UUID_REPRESENTATION+++` +endif::add-copy-button-to-env-var[] +-- a| +`unspecified`, `standard`, `c-sharp-legacy`, `java-legacy`, `python-legacy` +| + + a| [[quarkus-mongodb-config-group-mongo-client-config_quarkus.mongodb.-mongo-client-configs-.connection-string]]`link:#quarkus-mongodb-config-group-mongo-client-config_quarkus.mongodb.-mongo-client-configs-.connection-string[quarkus.mongodb."mongo-client-configs".connection-string]` @@ -794,6 +812,24 @@ endif::add-copy-button-to-env-var[] |`admin` +a| [[quarkus-mongodb-config-group-mongo-client-config_quarkus.mongodb.-mongo-client-configs-.uuid-representation]]`link:#quarkus-mongodb-config-group-mongo-client-config_quarkus.mongodb.-mongo-client-configs-.uuid-representation[quarkus.mongodb."mongo-client-configs".uuid-representation]` + + +[.description] +-- +Configures the UUID representation to use when encoding instances of `java.util.UUID` and when decoding BSON binary values with subtype of 3. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_MONGODB__MONGO_CLIENT_CONFIGS__UUID_REPRESENTATION+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_MONGODB__MONGO_CLIENT_CONFIGS__UUID_REPRESENTATION+++` +endif::add-copy-button-to-env-var[] +-- a| +`unspecified`, `standard`, `c-sharp-legacy`, `java-legacy`, `python-legacy` +| + + h|[[quarkus-mongodb-config-group-mongo-client-config_quarkus.mongodb.write-concern-write-concern]]link:#quarkus-mongodb-config-group-mongo-client-config_quarkus.mongodb.write-concern-write-concern[Write concern] h|Type diff --git a/_generated-doc/main/config/quarkus-mongodb-general-config-items.adoc b/_generated-doc/main/config/quarkus-mongodb-general-config-items.adoc index 00019596b0..743406cee6 100644 --- a/_generated-doc/main/config/quarkus-mongodb-general-config-items.adoc +++ b/_generated-doc/main/config/quarkus-mongodb-general-config-items.adoc @@ -455,6 +455,24 @@ endif::add-copy-button-to-env-var[] |`admin` +a| [[quarkus-mongodb-general-config-items_quarkus.mongodb.uuid-representation]]`link:#quarkus-mongodb-general-config-items_quarkus.mongodb.uuid-representation[quarkus.mongodb.uuid-representation]` + + +[.description] +-- +Configures the UUID representation to use when encoding instances of `java.util.UUID` and when decoding BSON binary values with subtype of 3. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_MONGODB_UUID_REPRESENTATION+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_MONGODB_UUID_REPRESENTATION+++` +endif::add-copy-button-to-env-var[] +-- a| +`unspecified`, `standard`, `c-sharp-legacy`, `java-legacy`, `python-legacy` +| + + a|icon:lock[title=Fixed at build time] [[quarkus-mongodb-general-config-items_quarkus.mongodb.devservices.properties-properties]]`link:#quarkus-mongodb-general-config-items_quarkus.mongodb.devservices.properties-properties[quarkus.mongodb.devservices.properties]` @@ -881,6 +899,24 @@ endif::add-copy-button-to-env-var[] |`admin` +a| [[quarkus-mongodb-general-config-items_quarkus.mongodb.-mongo-client-configs-.uuid-representation]]`link:#quarkus-mongodb-general-config-items_quarkus.mongodb.-mongo-client-configs-.uuid-representation[quarkus.mongodb."mongo-client-configs".uuid-representation]` + + +[.description] +-- +Configures the UUID representation to use when encoding instances of `java.util.UUID` and when decoding BSON binary values with subtype of 3. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_MONGODB__MONGO_CLIENT_CONFIGS__UUID_REPRESENTATION+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_MONGODB__MONGO_CLIENT_CONFIGS__UUID_REPRESENTATION+++` +endif::add-copy-button-to-env-var[] +-- a| +`unspecified`, `standard`, `c-sharp-legacy`, `java-legacy`, `python-legacy` +| + + h|[[quarkus-mongodb-general-config-items_quarkus.mongodb.write-concern-write-concern]]link:#quarkus-mongodb-general-config-items_quarkus.mongodb.write-concern-write-concern[Write concern] h|Type diff --git a/_generated-doc/main/config/quarkus-mongodb-mongodb-config.adoc b/_generated-doc/main/config/quarkus-mongodb-mongodb-config.adoc index 2a3b18336f..590cc5b61c 100644 --- a/_generated-doc/main/config/quarkus-mongodb-mongodb-config.adoc +++ b/_generated-doc/main/config/quarkus-mongodb-mongodb-config.adoc @@ -402,6 +402,24 @@ endif::add-copy-button-to-env-var[] |`admin` +a| [[quarkus-mongodb-mongodb-config_quarkus.mongodb.uuid-representation]]`link:#quarkus-mongodb-mongodb-config_quarkus.mongodb.uuid-representation[quarkus.mongodb.uuid-representation]` + + +[.description] +-- +Configures the UUID representation to use when encoding instances of `java.util.UUID` and when decoding BSON binary values with subtype of 3. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_MONGODB_UUID_REPRESENTATION+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_MONGODB_UUID_REPRESENTATION+++` +endif::add-copy-button-to-env-var[] +-- a| +`unspecified`, `standard`, `c-sharp-legacy`, `java-legacy`, `python-legacy` +| + + a| [[quarkus-mongodb-mongodb-config_quarkus.mongodb.dns.server-host]]`link:#quarkus-mongodb-mongodb-config_quarkus.mongodb.dns.server-host[quarkus.mongodb.dns.server-host]` @@ -863,6 +881,24 @@ endif::add-copy-button-to-env-var[] |`admin` +a| [[quarkus-mongodb-mongodb-config_quarkus.mongodb.-mongo-client-configs-.uuid-representation]]`link:#quarkus-mongodb-mongodb-config_quarkus.mongodb.-mongo-client-configs-.uuid-representation[quarkus.mongodb."mongo-client-configs".uuid-representation]` + + +[.description] +-- +Configures the UUID representation to use when encoding instances of `java.util.UUID` and when decoding BSON binary values with subtype of 3. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_MONGODB__MONGO_CLIENT_CONFIGS__UUID_REPRESENTATION+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_MONGODB__MONGO_CLIENT_CONFIGS__UUID_REPRESENTATION+++` +endif::add-copy-button-to-env-var[] +-- a| +`unspecified`, `standard`, `c-sharp-legacy`, `java-legacy`, `python-legacy` +| + + h|[[quarkus-mongodb-mongodb-config_quarkus.mongodb.write-concern-write-concern]]link:#quarkus-mongodb-mongodb-config_quarkus.mongodb.write-concern-write-concern[Write concern] h|Type diff --git a/_generated-doc/main/config/quarkus-mongodb.adoc b/_generated-doc/main/config/quarkus-mongodb.adoc index f5128960c7..88fb47b36a 100644 --- a/_generated-doc/main/config/quarkus-mongodb.adoc +++ b/_generated-doc/main/config/quarkus-mongodb.adoc @@ -523,6 +523,24 @@ endif::add-copy-button-to-env-var[] |`admin` +a| [[quarkus-mongodb_quarkus.mongodb.uuid-representation]]`link:#quarkus-mongodb_quarkus.mongodb.uuid-representation[quarkus.mongodb.uuid-representation]` + + +[.description] +-- +Configures the UUID representation to use when encoding instances of `java.util.UUID` and when decoding BSON binary values with subtype of 3. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_MONGODB_UUID_REPRESENTATION+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_MONGODB_UUID_REPRESENTATION+++` +endif::add-copy-button-to-env-var[] +-- a| +`unspecified`, `standard`, `c-sharp-legacy`, `java-legacy`, `python-legacy` +| + + a| [[quarkus-mongodb_quarkus.mongodb.dns.server-host]]`link:#quarkus-mongodb_quarkus.mongodb.dns.server-host[quarkus.mongodb.dns.server-host]` @@ -1018,6 +1036,24 @@ endif::add-copy-button-to-env-var[] |`admin` +a| [[quarkus-mongodb_quarkus.mongodb.-mongo-client-configs-.uuid-representation]]`link:#quarkus-mongodb_quarkus.mongodb.-mongo-client-configs-.uuid-representation[quarkus.mongodb."mongo-client-configs".uuid-representation]` + + +[.description] +-- +Configures the UUID representation to use when encoding instances of `java.util.UUID` and when decoding BSON binary values with subtype of 3. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_MONGODB__MONGO_CLIENT_CONFIGS__UUID_REPRESENTATION+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_MONGODB__MONGO_CLIENT_CONFIGS__UUID_REPRESENTATION+++` +endif::add-copy-button-to-env-var[] +-- a| +`unspecified`, `standard`, `c-sharp-legacy`, `java-legacy`, `python-legacy` +| + + h|[[quarkus-mongodb_quarkus.mongodb.write-concern-write-concern]]link:#quarkus-mongodb_quarkus.mongodb.write-concern-write-concern[Write concern] h|Type diff --git a/_generated-doc/main/config/quarkus-oidc-general-config-items.adoc b/_generated-doc/main/config/quarkus-oidc-general-config-items.adoc index f563ead922..651d8503ee 100644 --- a/_generated-doc/main/config/quarkus-oidc-general-config-items.adoc +++ b/_generated-doc/main/config/quarkus-oidc-general-config-items.adoc @@ -2386,7 +2386,7 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_OIDC_PROVIDER+++` endif::add-copy-button-to-env-var[] -- a| -`apple`, `facebook`, `github`, `google`, `microsoft`, `spotify`, `twitch`, `twitter`, `x` +`apple`, `facebook`, `github`, `google`, `mastodon`, `microsoft`, `spotify`, `twitch`, `twitter`, `x` | @@ -4742,7 +4742,7 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_OIDC__TENANT__PROVIDER+++` endif::add-copy-button-to-env-var[] -- a| -`apple`, `facebook`, `github`, `google`, `microsoft`, `spotify`, `twitch`, `twitter`, `x` +`apple`, `facebook`, `github`, `google`, `mastodon`, `microsoft`, `spotify`, `twitch`, `twitter`, `x` | |=== diff --git a/_generated-doc/main/config/quarkus-oidc-oidc-config.adoc b/_generated-doc/main/config/quarkus-oidc-oidc-config.adoc index f4e0abd233..7857395d83 100644 --- a/_generated-doc/main/config/quarkus-oidc-oidc-config.adoc +++ b/_generated-doc/main/config/quarkus-oidc-oidc-config.adoc @@ -2083,7 +2083,7 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_OIDC_PROVIDER+++` endif::add-copy-button-to-env-var[] -- a| -`apple`, `facebook`, `github`, `google`, `microsoft`, `spotify`, `twitch`, `twitter`, `x` +`apple`, `facebook`, `github`, `google`, `mastodon`, `microsoft`, `spotify`, `twitch`, `twitter`, `x` | @@ -4422,7 +4422,7 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_OIDC__TENANT__PROVIDER+++` endif::add-copy-button-to-env-var[] -- a| -`apple`, `facebook`, `github`, `google`, `microsoft`, `spotify`, `twitch`, `twitter`, `x` +`apple`, `facebook`, `github`, `google`, `mastodon`, `microsoft`, `spotify`, `twitch`, `twitter`, `x` | |=== diff --git a/_generated-doc/main/config/quarkus-oidc-oidc-tenant-config.adoc b/_generated-doc/main/config/quarkus-oidc-oidc-tenant-config.adoc index 35c1b58112..598181546e 100644 --- a/_generated-doc/main/config/quarkus-oidc-oidc-tenant-config.adoc +++ b/_generated-doc/main/config/quarkus-oidc-oidc-tenant-config.adoc @@ -2083,7 +2083,7 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_OIDC_PROVIDER+++` endif::add-copy-button-to-env-var[] -- a| -`apple`, `facebook`, `github`, `google`, `microsoft`, `spotify`, `twitch`, `twitter`, `x` +`apple`, `facebook`, `github`, `google`, `mastodon`, `microsoft`, `spotify`, `twitch`, `twitter`, `x` | @@ -4369,7 +4369,7 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_OIDC__TENANT__PROVIDER+++` endif::add-copy-button-to-env-var[] -- a| -`apple`, `facebook`, `github`, `google`, `microsoft`, `spotify`, `twitch`, `twitter`, `x` +`apple`, `facebook`, `github`, `google`, `mastodon`, `microsoft`, `spotify`, `twitch`, `twitter`, `x` | |=== diff --git a/_generated-doc/main/config/quarkus-oidc.adoc b/_generated-doc/main/config/quarkus-oidc.adoc index 64a7d3f92e..f2bdcf87b4 100644 --- a/_generated-doc/main/config/quarkus-oidc.adoc +++ b/_generated-doc/main/config/quarkus-oidc.adoc @@ -2420,7 +2420,7 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_OIDC_PROVIDER+++` endif::add-copy-button-to-env-var[] -- a| -`apple`, `facebook`, `github`, `google`, `microsoft`, `spotify`, `twitch`, `twitter`, `x` +`apple`, `facebook`, `github`, `google`, `mastodon`, `microsoft`, `spotify`, `twitch`, `twitter`, `x` | @@ -4776,7 +4776,7 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_OIDC__TENANT__PROVIDER+++` endif::add-copy-button-to-env-var[] -- a| -`apple`, `facebook`, `github`, `google`, `microsoft`, `spotify`, `twitch`, `twitter`, `x` +`apple`, `facebook`, `github`, `google`, `mastodon`, `microsoft`, `spotify`, `twitch`, `twitter`, `x` | |=== diff --git a/_generated-doc/main/config/quarkus-smallrye-reactivemessaging-amqp-config-group-amqp-dev-services-build-time-config.adoc b/_generated-doc/main/config/quarkus-smallrye-reactivemessaging-amqp-config-group-amqp-dev-services-build-time-config.adoc index 31aaa4d90f..78fff73123 100644 --- a/_generated-doc/main/config/quarkus-smallrye-reactivemessaging-amqp-config-group-amqp-dev-services-build-time-config.adoc +++ b/_generated-doc/main/config/quarkus-smallrye-reactivemessaging-amqp-config-group-amqp-dev-services-build-time-config.adoc @@ -51,7 +51,9 @@ a|icon:lock[title=Fixed at build time] [[quarkus-smallrye-reactivemessaging-amqp [.description] -- -The image to use. Note that only ActiveMQ Artemis images are supported. Specifically, the image repository must end with `artemiscloud/activemq-artemis-broker`. Check the link:https://quay.io/repository/artemiscloud/activemq-artemis-broker[activemq-artemis-broker on Quay page] to find the available versions. +The image to use. Note that only ActiveMQ Artemis images are supported. Specifically, the image repository must end with `artemiscloud/activemq-artemis-broker`. + +Check the link:https://quay.io/repository/artemiscloud/activemq-artemis-broker[activemq-artemis-broker on Quay page] to find the available versions. ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_AMQP_DEVSERVICES_IMAGE_NAME+++[] @@ -60,7 +62,7 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_AMQP_DEVSERVICES_IMAGE_NAME+++` endif::add-copy-button-to-env-var[] --|string -|`quay.io/artemiscloud/activemq-artemis-broker:1.0.18` +|`quay.io/artemiscloud/activemq-artemis-broker:1.0.22` a|icon:lock[title=Fixed at build time] [[quarkus-smallrye-reactivemessaging-amqp-config-group-amqp-dev-services-build-time-config_quarkus.amqp.devservices.extra-args]]`link:#quarkus-smallrye-reactivemessaging-amqp-config-group-amqp-dev-services-build-time-config_quarkus.amqp.devservices.extra-args[quarkus.amqp.devservices.extra-args]` @@ -68,7 +70,7 @@ a|icon:lock[title=Fixed at build time] [[quarkus-smallrye-reactivemessaging-amqp [.description] -- -The value of the `AMQ_EXTRA_ARGS` environment variable to pass to the container. +The value of the `AMQ_EXTRA_ARGS` environment variable to pass to the container. For ActiveMQ Artemis Broker <= 1.0.21, set this property to `--no-autotune --mapped --no-fsync --relax-jolokia --http-host 0.0.0.0` ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_AMQP_DEVSERVICES_EXTRA_ARGS+++[] @@ -77,7 +79,7 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_AMQP_DEVSERVICES_EXTRA_ARGS+++` endif::add-copy-button-to-env-var[] --|string -|`--no-autotune --mapped --no-fsync --relax-jolokia --http-host 0.0.0.0` +|`--no-autotune --mapped --no-fsync --relax-jolokia` a|icon:lock[title=Fixed at build time] [[quarkus-smallrye-reactivemessaging-amqp-config-group-amqp-dev-services-build-time-config_quarkus.amqp.devservices.shared]]`link:#quarkus-smallrye-reactivemessaging-amqp-config-group-amqp-dev-services-build-time-config_quarkus.amqp.devservices.shared[quarkus.amqp.devservices.shared]` diff --git a/_generated-doc/main/config/quarkus-smallrye-reactivemessaging-amqp-general-config-items.adoc b/_generated-doc/main/config/quarkus-smallrye-reactivemessaging-amqp-general-config-items.adoc index ad9823d993..b4e59ed906 100644 --- a/_generated-doc/main/config/quarkus-smallrye-reactivemessaging-amqp-general-config-items.adoc +++ b/_generated-doc/main/config/quarkus-smallrye-reactivemessaging-amqp-general-config-items.adoc @@ -51,7 +51,9 @@ a|icon:lock[title=Fixed at build time] [[quarkus-smallrye-reactivemessaging-amqp [.description] -- -The image to use. Note that only ActiveMQ Artemis images are supported. Specifically, the image repository must end with `artemiscloud/activemq-artemis-broker`. Check the link:https://quay.io/repository/artemiscloud/activemq-artemis-broker[activemq-artemis-broker on Quay page] to find the available versions. +The image to use. Note that only ActiveMQ Artemis images are supported. Specifically, the image repository must end with `artemiscloud/activemq-artemis-broker`. + +Check the link:https://quay.io/repository/artemiscloud/activemq-artemis-broker[activemq-artemis-broker on Quay page] to find the available versions. ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_AMQP_DEVSERVICES_IMAGE_NAME+++[] @@ -60,7 +62,7 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_AMQP_DEVSERVICES_IMAGE_NAME+++` endif::add-copy-button-to-env-var[] --|string -|`quay.io/artemiscloud/activemq-artemis-broker:1.0.18` +|`quay.io/artemiscloud/activemq-artemis-broker:1.0.22` a|icon:lock[title=Fixed at build time] [[quarkus-smallrye-reactivemessaging-amqp-general-config-items_quarkus.amqp.devservices.extra-args]]`link:#quarkus-smallrye-reactivemessaging-amqp-general-config-items_quarkus.amqp.devservices.extra-args[quarkus.amqp.devservices.extra-args]` @@ -68,7 +70,7 @@ a|icon:lock[title=Fixed at build time] [[quarkus-smallrye-reactivemessaging-amqp [.description] -- -The value of the `AMQ_EXTRA_ARGS` environment variable to pass to the container. +The value of the `AMQ_EXTRA_ARGS` environment variable to pass to the container. For ActiveMQ Artemis Broker <= 1.0.21, set this property to `--no-autotune --mapped --no-fsync --relax-jolokia --http-host 0.0.0.0` ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_AMQP_DEVSERVICES_EXTRA_ARGS+++[] @@ -77,7 +79,7 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_AMQP_DEVSERVICES_EXTRA_ARGS+++` endif::add-copy-button-to-env-var[] --|string -|`--no-autotune --mapped --no-fsync --relax-jolokia --http-host 0.0.0.0` +|`--no-autotune --mapped --no-fsync --relax-jolokia` a|icon:lock[title=Fixed at build time] [[quarkus-smallrye-reactivemessaging-amqp-general-config-items_quarkus.amqp.devservices.shared]]`link:#quarkus-smallrye-reactivemessaging-amqp-general-config-items_quarkus.amqp.devservices.shared[quarkus.amqp.devservices.shared]` diff --git a/_generated-doc/main/config/quarkus-smallrye-reactivemessaging-amqp.adoc b/_generated-doc/main/config/quarkus-smallrye-reactivemessaging-amqp.adoc index 0836c74896..77c5f7f0ff 100644 --- a/_generated-doc/main/config/quarkus-smallrye-reactivemessaging-amqp.adoc +++ b/_generated-doc/main/config/quarkus-smallrye-reactivemessaging-amqp.adoc @@ -51,7 +51,9 @@ a|icon:lock[title=Fixed at build time] [[quarkus-smallrye-reactivemessaging-amqp [.description] -- -The image to use. Note that only ActiveMQ Artemis images are supported. Specifically, the image repository must end with `artemiscloud/activemq-artemis-broker`. Check the link:https://quay.io/repository/artemiscloud/activemq-artemis-broker[activemq-artemis-broker on Quay page] to find the available versions. +The image to use. Note that only ActiveMQ Artemis images are supported. Specifically, the image repository must end with `artemiscloud/activemq-artemis-broker`. + +Check the link:https://quay.io/repository/artemiscloud/activemq-artemis-broker[activemq-artemis-broker on Quay page] to find the available versions. ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_AMQP_DEVSERVICES_IMAGE_NAME+++[] @@ -60,7 +62,7 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_AMQP_DEVSERVICES_IMAGE_NAME+++` endif::add-copy-button-to-env-var[] --|string -|`quay.io/artemiscloud/activemq-artemis-broker:1.0.18` +|`quay.io/artemiscloud/activemq-artemis-broker:1.0.22` a|icon:lock[title=Fixed at build time] [[quarkus-smallrye-reactivemessaging-amqp_quarkus.amqp.devservices.extra-args]]`link:#quarkus-smallrye-reactivemessaging-amqp_quarkus.amqp.devservices.extra-args[quarkus.amqp.devservices.extra-args]` @@ -68,7 +70,7 @@ a|icon:lock[title=Fixed at build time] [[quarkus-smallrye-reactivemessaging-amqp [.description] -- -The value of the `AMQ_EXTRA_ARGS` environment variable to pass to the container. +The value of the `AMQ_EXTRA_ARGS` environment variable to pass to the container. For ActiveMQ Artemis Broker <= 1.0.21, set this property to `--no-autotune --mapped --no-fsync --relax-jolokia --http-host 0.0.0.0` ifdef::add-copy-button-to-env-var[] Environment variable: env_var_with_copy_button:+++QUARKUS_AMQP_DEVSERVICES_EXTRA_ARGS+++[] @@ -77,7 +79,7 @@ ifndef::add-copy-button-to-env-var[] Environment variable: `+++QUARKUS_AMQP_DEVSERVICES_EXTRA_ARGS+++` endif::add-copy-button-to-env-var[] --|string -|`--no-autotune --mapped --no-fsync --relax-jolokia --http-host 0.0.0.0` +|`--no-autotune --mapped --no-fsync --relax-jolokia` a|icon:lock[title=Fixed at build time] [[quarkus-smallrye-reactivemessaging-amqp_quarkus.amqp.devservices.shared]]`link:#quarkus-smallrye-reactivemessaging-amqp_quarkus.amqp.devservices.shared[quarkus.amqp.devservices.shared]` diff --git a/_generated-doc/main/config/quarkus-vertx-http-config-group-traffic-shaping-config.adoc b/_generated-doc/main/config/quarkus-vertx-http-config-group-traffic-shaping-config.adoc new file mode 100644 index 0000000000..11828449d5 --- /dev/null +++ b/_generated-doc/main/config/quarkus-vertx-http-config-group-traffic-shaping-config.adoc @@ -0,0 +1,145 @@ + +:summaryTableId: quarkus-vertx-http-config-group-traffic-shaping-config +[.configuration-legend] +icon:lock[title=Fixed at build time] Configuration property fixed at build time - All other configuration properties are overridable at runtime +[.configuration-reference, cols="80,.^10,.^10"] +|=== + +h|[[quarkus-vertx-http-config-group-traffic-shaping-config_configuration]]link:#quarkus-vertx-http-config-group-traffic-shaping-config_configuration[Configuration property] + +h|Type +h|Default + +a| [[quarkus-vertx-http-config-group-traffic-shaping-config_quarkus.http.traffic-shaping.enabled]]`link:#quarkus-vertx-http-config-group-traffic-shaping-config_quarkus.http.traffic-shaping.enabled[quarkus.http.traffic-shaping.enabled]` + + +[.description] +-- +Enables the traffic shaping. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_ENABLED+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_ENABLED+++` +endif::add-copy-button-to-env-var[] +--|boolean +|`false` + + +a| [[quarkus-vertx-http-config-group-traffic-shaping-config_quarkus.http.traffic-shaping.inbound-global-bandwidth]]`link:#quarkus-vertx-http-config-group-traffic-shaping-config_quarkus.http.traffic-shaping.inbound-global-bandwidth[quarkus.http.traffic-shaping.inbound-global-bandwidth]` + + +[.description] +-- +Set bandwidth limit in bytes per second for inbound connections. If not set, no limits are applied. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_INBOUND_GLOBAL_BANDWIDTH+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_INBOUND_GLOBAL_BANDWIDTH+++` +endif::add-copy-button-to-env-var[] +--|MemorySize link:#memory-size-note-anchor[icon:question-circle[], title=More information about the MemorySize format] +| + + +a| [[quarkus-vertx-http-config-group-traffic-shaping-config_quarkus.http.traffic-shaping.outbound-global-bandwidth]]`link:#quarkus-vertx-http-config-group-traffic-shaping-config_quarkus.http.traffic-shaping.outbound-global-bandwidth[quarkus.http.traffic-shaping.outbound-global-bandwidth]` + + +[.description] +-- +Set bandwidth limit in bytes per second for outbound connections. If not set, no limits are applied. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_OUTBOUND_GLOBAL_BANDWIDTH+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_OUTBOUND_GLOBAL_BANDWIDTH+++` +endif::add-copy-button-to-env-var[] +--|MemorySize link:#memory-size-note-anchor[icon:question-circle[], title=More information about the MemorySize format] +| + + +a| [[quarkus-vertx-http-config-group-traffic-shaping-config_quarkus.http.traffic-shaping.max-delay]]`link:#quarkus-vertx-http-config-group-traffic-shaping-config_quarkus.http.traffic-shaping.max-delay[quarkus.http.traffic-shaping.max-delay]` + + +[.description] +-- +Set the maximum delay to wait in case of traffic excess. Default is 15s. Must be less than the HTTP timeout. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_MAX_DELAY+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_MAX_DELAY+++` +endif::add-copy-button-to-env-var[] +--|link:https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html[Duration] + link:#duration-note-anchor-{summaryTableId}[icon:question-circle[], title=More information about the Duration format] +| + + +a| [[quarkus-vertx-http-config-group-traffic-shaping-config_quarkus.http.traffic-shaping.check-interval]]`link:#quarkus-vertx-http-config-group-traffic-shaping-config_quarkus.http.traffic-shaping.check-interval[quarkus.http.traffic-shaping.check-interval]` + + +[.description] +-- +Set the delay between two computations of performances for channels. If set to 0, no stats are computed. Despite 0 is accepted (no accounting), it is recommended to set a positive value for the check interval, even if it is high since the precision of the traffic shaping depends on the period where the traffic is computed. In this case, a suggested value is something close to 5 or 10 minutes. + +If not default, it defaults to 1s. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_CHECK_INTERVAL+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_CHECK_INTERVAL+++` +endif::add-copy-button-to-env-var[] +--|link:https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html[Duration] + link:#duration-note-anchor-{summaryTableId}[icon:question-circle[], title=More information about the Duration format] +| + + +a| [[quarkus-vertx-http-config-group-traffic-shaping-config_quarkus.http.traffic-shaping.peak-outbound-global-bandwidth]]`link:#quarkus-vertx-http-config-group-traffic-shaping-config_quarkus.http.traffic-shaping.peak-outbound-global-bandwidth[quarkus.http.traffic-shaping.peak-outbound-global-bandwidth]` + + +[.description] +-- +Set the maximum global write size in bytes per second allowed in the buffer globally for all channels before write are suspended. The default value is 400 MB. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_PEAK_OUTBOUND_GLOBAL_BANDWIDTH+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_PEAK_OUTBOUND_GLOBAL_BANDWIDTH+++` +endif::add-copy-button-to-env-var[] +--|MemorySize link:#memory-size-note-anchor[icon:question-circle[], title=More information about the MemorySize format] +| + +|=== +ifndef::no-duration-note[] +[NOTE] +[id='duration-note-anchor-{summaryTableId}'] +.About the Duration format +==== +To write duration values, use the standard `java.time.Duration` format. +See the link:https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/time/Duration.html#parse(java.lang.CharSequence)[Duration#parse() javadoc] for more information. + +You can also use a simplified format, starting with a number: + +* If the value is only a number, it represents time in seconds. +* If the value is a number followed by `ms`, it represents time in milliseconds. + +In other cases, the simplified format is translated to the `java.time.Duration` format for parsing: + +* If the value is a number followed by `h`, `m`, or `s`, it is prefixed with `PT`. +* If the value is a number followed by `d`, it is prefixed with `P`. +==== +endif::no-duration-note[] + +[NOTE] +[[memory-size-note-anchor]] +.About the MemorySize format +==== +A size configuration option recognises string in this format (shown as a regular expression): `[0-9]+[KkMmGgTtPpEeZzYy]?`. +If no suffix is given, assume bytes. +==== diff --git a/_generated-doc/main/config/quarkus-vertx-http-general-config-items.adoc b/_generated-doc/main/config/quarkus-vertx-http-general-config-items.adoc index 884e310ee4..00462b988e 100644 --- a/_generated-doc/main/config/quarkus-vertx-http-general-config-items.adoc +++ b/_generated-doc/main/config/quarkus-vertx-http-general-config-items.adoc @@ -1338,6 +1338,112 @@ endif::add-copy-button-to-env-var[] |`true` +a| [[quarkus-vertx-http-general-config-items_quarkus.http.traffic-shaping.enabled]]`link:#quarkus-vertx-http-general-config-items_quarkus.http.traffic-shaping.enabled[quarkus.http.traffic-shaping.enabled]` + + +[.description] +-- +Enables the traffic shaping. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_ENABLED+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_ENABLED+++` +endif::add-copy-button-to-env-var[] +--|boolean +|`false` + + +a| [[quarkus-vertx-http-general-config-items_quarkus.http.traffic-shaping.inbound-global-bandwidth]]`link:#quarkus-vertx-http-general-config-items_quarkus.http.traffic-shaping.inbound-global-bandwidth[quarkus.http.traffic-shaping.inbound-global-bandwidth]` + + +[.description] +-- +Set bandwidth limit in bytes per second for inbound connections. If not set, no limits are applied. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_INBOUND_GLOBAL_BANDWIDTH+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_INBOUND_GLOBAL_BANDWIDTH+++` +endif::add-copy-button-to-env-var[] +--|MemorySize link:#memory-size-note-anchor[icon:question-circle[], title=More information about the MemorySize format] +| + + +a| [[quarkus-vertx-http-general-config-items_quarkus.http.traffic-shaping.outbound-global-bandwidth]]`link:#quarkus-vertx-http-general-config-items_quarkus.http.traffic-shaping.outbound-global-bandwidth[quarkus.http.traffic-shaping.outbound-global-bandwidth]` + + +[.description] +-- +Set bandwidth limit in bytes per second for outbound connections. If not set, no limits are applied. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_OUTBOUND_GLOBAL_BANDWIDTH+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_OUTBOUND_GLOBAL_BANDWIDTH+++` +endif::add-copy-button-to-env-var[] +--|MemorySize link:#memory-size-note-anchor[icon:question-circle[], title=More information about the MemorySize format] +| + + +a| [[quarkus-vertx-http-general-config-items_quarkus.http.traffic-shaping.max-delay]]`link:#quarkus-vertx-http-general-config-items_quarkus.http.traffic-shaping.max-delay[quarkus.http.traffic-shaping.max-delay]` + + +[.description] +-- +Set the maximum delay to wait in case of traffic excess. Default is 15s. Must be less than the HTTP timeout. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_MAX_DELAY+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_MAX_DELAY+++` +endif::add-copy-button-to-env-var[] +--|link:https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html[Duration] + link:#duration-note-anchor-{summaryTableId}[icon:question-circle[], title=More information about the Duration format] +| + + +a| [[quarkus-vertx-http-general-config-items_quarkus.http.traffic-shaping.check-interval]]`link:#quarkus-vertx-http-general-config-items_quarkus.http.traffic-shaping.check-interval[quarkus.http.traffic-shaping.check-interval]` + + +[.description] +-- +Set the delay between two computations of performances for channels. If set to 0, no stats are computed. Despite 0 is accepted (no accounting), it is recommended to set a positive value for the check interval, even if it is high since the precision of the traffic shaping depends on the period where the traffic is computed. In this case, a suggested value is something close to 5 or 10 minutes. + +If not default, it defaults to 1s. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_CHECK_INTERVAL+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_CHECK_INTERVAL+++` +endif::add-copy-button-to-env-var[] +--|link:https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html[Duration] + link:#duration-note-anchor-{summaryTableId}[icon:question-circle[], title=More information about the Duration format] +| + + +a| [[quarkus-vertx-http-general-config-items_quarkus.http.traffic-shaping.peak-outbound-global-bandwidth]]`link:#quarkus-vertx-http-general-config-items_quarkus.http.traffic-shaping.peak-outbound-global-bandwidth[quarkus.http.traffic-shaping.peak-outbound-global-bandwidth]` + + +[.description] +-- +Set the maximum global write size in bytes per second allowed in the buffer globally for all channels before write are suspended. The default value is 400 MB. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_PEAK_OUTBOUND_GLOBAL_BANDWIDTH+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_PEAK_OUTBOUND_GLOBAL_BANDWIDTH+++` +endif::add-copy-button-to-env-var[] +--|MemorySize link:#memory-size-note-anchor[icon:question-circle[], title=More information about the MemorySize format] +| + + a| [[quarkus-vertx-http-general-config-items_quarkus.http.proxy.use-proxy-protocol]]`link:#quarkus-vertx-http-general-config-items_quarkus.http.proxy.use-proxy-protocol[quarkus.http.proxy.use-proxy-protocol]` diff --git a/_generated-doc/main/config/quarkus-vertx-http.adoc b/_generated-doc/main/config/quarkus-vertx-http.adoc index c99f25afcc..b1d148202a 100644 --- a/_generated-doc/main/config/quarkus-vertx-http.adoc +++ b/_generated-doc/main/config/quarkus-vertx-http.adoc @@ -1950,6 +1950,112 @@ endif::add-copy-button-to-env-var[] |`true` +a| [[quarkus-vertx-http_quarkus.http.traffic-shaping.enabled]]`link:#quarkus-vertx-http_quarkus.http.traffic-shaping.enabled[quarkus.http.traffic-shaping.enabled]` + + +[.description] +-- +Enables the traffic shaping. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_ENABLED+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_ENABLED+++` +endif::add-copy-button-to-env-var[] +--|boolean +|`false` + + +a| [[quarkus-vertx-http_quarkus.http.traffic-shaping.inbound-global-bandwidth]]`link:#quarkus-vertx-http_quarkus.http.traffic-shaping.inbound-global-bandwidth[quarkus.http.traffic-shaping.inbound-global-bandwidth]` + + +[.description] +-- +Set bandwidth limit in bytes per second for inbound connections. If not set, no limits are applied. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_INBOUND_GLOBAL_BANDWIDTH+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_INBOUND_GLOBAL_BANDWIDTH+++` +endif::add-copy-button-to-env-var[] +--|MemorySize link:#memory-size-note-anchor[icon:question-circle[], title=More information about the MemorySize format] +| + + +a| [[quarkus-vertx-http_quarkus.http.traffic-shaping.outbound-global-bandwidth]]`link:#quarkus-vertx-http_quarkus.http.traffic-shaping.outbound-global-bandwidth[quarkus.http.traffic-shaping.outbound-global-bandwidth]` + + +[.description] +-- +Set bandwidth limit in bytes per second for outbound connections. If not set, no limits are applied. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_OUTBOUND_GLOBAL_BANDWIDTH+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_OUTBOUND_GLOBAL_BANDWIDTH+++` +endif::add-copy-button-to-env-var[] +--|MemorySize link:#memory-size-note-anchor[icon:question-circle[], title=More information about the MemorySize format] +| + + +a| [[quarkus-vertx-http_quarkus.http.traffic-shaping.max-delay]]`link:#quarkus-vertx-http_quarkus.http.traffic-shaping.max-delay[quarkus.http.traffic-shaping.max-delay]` + + +[.description] +-- +Set the maximum delay to wait in case of traffic excess. Default is 15s. Must be less than the HTTP timeout. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_MAX_DELAY+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_MAX_DELAY+++` +endif::add-copy-button-to-env-var[] +--|link:https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html[Duration] + link:#duration-note-anchor-{summaryTableId}[icon:question-circle[], title=More information about the Duration format] +| + + +a| [[quarkus-vertx-http_quarkus.http.traffic-shaping.check-interval]]`link:#quarkus-vertx-http_quarkus.http.traffic-shaping.check-interval[quarkus.http.traffic-shaping.check-interval]` + + +[.description] +-- +Set the delay between two computations of performances for channels. If set to 0, no stats are computed. Despite 0 is accepted (no accounting), it is recommended to set a positive value for the check interval, even if it is high since the precision of the traffic shaping depends on the period where the traffic is computed. In this case, a suggested value is something close to 5 or 10 minutes. + +If not default, it defaults to 1s. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_CHECK_INTERVAL+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_CHECK_INTERVAL+++` +endif::add-copy-button-to-env-var[] +--|link:https://docs.oracle.com/javase/8/docs/api/java/time/Duration.html[Duration] + link:#duration-note-anchor-{summaryTableId}[icon:question-circle[], title=More information about the Duration format] +| + + +a| [[quarkus-vertx-http_quarkus.http.traffic-shaping.peak-outbound-global-bandwidth]]`link:#quarkus-vertx-http_quarkus.http.traffic-shaping.peak-outbound-global-bandwidth[quarkus.http.traffic-shaping.peak-outbound-global-bandwidth]` + + +[.description] +-- +Set the maximum global write size in bytes per second allowed in the buffer globally for all channels before write are suspended. The default value is 400 MB. + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_TRAFFIC_SHAPING_PEAK_OUTBOUND_GLOBAL_BANDWIDTH+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_HTTP_TRAFFIC_SHAPING_PEAK_OUTBOUND_GLOBAL_BANDWIDTH+++` +endif::add-copy-button-to-env-var[] +--|MemorySize link:#memory-size-note-anchor[icon:question-circle[], title=More information about the MemorySize format] +| + + a| [[quarkus-vertx-http_quarkus.http.unhandled-error-content-type-default]]`link:#quarkus-vertx-http_quarkus.http.unhandled-error-content-type-default[quarkus.http.unhandled-error-content-type-default]` diff --git a/_versions/main/guides/dev-ui-v2.adoc b/_versions/main/guides/dev-ui-v2.adoc index fca3bad948..44f978939d 100644 --- a/_versions/main/guides/dev-ui-v2.adoc +++ b/_versions/main/guides/dev-ui-v2.adoc @@ -24,13 +24,13 @@ image::dev-ui-overview-v2.png[alt=Dev UI overview,role="center"] It allows you to: -- quickly visualise all the extensions currently loaded +- quickly visualize all the extensions currently loaded - view extension statuses and go directly to extension documentation - view and change `Configuration` -- manage and visualise `Continuous Testing` +- manage and visualize `Continuous Testing` - view `Dev Services` information - view the Build information -- view and stream various logs. +- view and stream various logs Each extension used in the application will be listed and you can navigate to the guide for each extension, see some more information on the extension, and view configuration applicable for that extension: @@ -42,7 +42,7 @@ In order to make your extension listed in the Dev UI you don't need to do anythi So you can always start with that :) -Extension can: +Extensions can: - xref:add-links-to-an-extension-card[Add links to an extension card] - xref:add-full-pages[Add full custom pages] @@ -60,7 +60,7 @@ A good example of this is the SmallRye OpenAPI extension that contains links to image::dev-ui-extension-openapi-v2.png[alt=Dev UI extension card,role="center"] -The links to these external references is know at build time, so to get links like this on your card, all you need to do is add the following Build Step in your extension: +The links to these external references is known at build time, so to get links like this on your card, all you need to do is add the following Build Step in your extension: [source,java] ---- @@ -87,9 +87,9 @@ public CardPageBuildItem pages(NonApplicationRootPathBuildItem nonApplicationRoo return cardPageBuildItem; } ---- -<1> Always make sure that this build step only run when dev mode +<1> Always make sure that this build step is only run when in dev mode <2> To add anything on the card, you need to return/produce a `CardPageBuildItem`. -<3> To add a link, you can use the `addPage` method, as all links go to a "page". `Page` has got some builders to assist with building a page. For `external` links, use the `externalPageBuilder` +<3> To add a link, you can use the `addPage` method, as all links go to a "page". `Page` has some builders to assist with building a page. For `external` links, use the `externalPageBuilder` <4> Adding the url of the external link (in this case we use `NonApplicationRootPathBuildItem` to create this link, as this link is under the configurable non application path, default `/q`). Always use `NonApplicationRootPathBuildItem` if your link is available under `/q`. <5> You can (optionally) hint the content type of the content you are navigating to. If there is no hint, a header call will be made to determine the `MediaType`; <6> You can add an icon. All free font-awesome icons are available. @@ -101,15 +101,15 @@ If you find your icon at https://fontawesome.com/search?o=r&m=free[Font awesome] ==== Embedding external content -By default, even external links will render inside (embedded) in Dev UI. In the case of HTML the page will be rendered and any other content will be shown using https://codemirror.net/[code-mirror] to markup the media type, for example the open api schema document in `yaml` format: +By default, even external links will render inside (embedded) in Dev UI. In the case of HTML, the page will be rendered and any other content will be shown using https://codemirror.net/[code-mirror] to markup the media type. For example the open api schema document in `yaml` format: image::dev-ui-extension-openapi-embed-v2.png[alt=Dev UI embedded page,role="center"] -If you do not want to embed the content, you can use the `.doNotEmbed()` on the Page Builder, this will then open a new tab. +If you do not want to embed the content, you can use the `.doNotEmbed()` on the Page Builder, this will then open the link in a new tab. ==== Runtime external links -The example above assumes you know the link to use at build time. There might be cases where you only know this at runtime. In that case you can use a xref:JsonRPC[JsonRPC] Method that returns the link to add and use that when creating the link. Rather than using the `.url` method on the page builder, use the `.dynamicUrlJsonRPCMethodName("yourJsonRPCMethodName")`. +The example above assumes you know the link to use at build time. There might be cases where you only know this at runtime. In that case you can use a xref:JsonRPC[JsonRPC] Method that returns the link to add, and use that when creating the link. Rather than using the `.url` method on the page builder, use the `.dynamicUrlJsonRPCMethodName("yourJsonRPCMethodName")`. ==== Adding labels @@ -189,7 +189,7 @@ image::dev-ui-table-page-v2.png[alt=Dev UI table page,role="center"] ==== Qute data -You can also display your build time data using a qute template. All build time data keys is available to use int the template: +You can also display your build time data using a qute template. All build time data keys are available to use in the template: [source,java] ---- @@ -200,7 +200,7 @@ cardPageBuildItem.addPage(Page.quteDataPageBuilder("Qute data") // <1> <1> Use the `quteDataPageBuilder`. <2> Link to the Qute template in `/deployment/src/main/resources/dev-ui/`. -Using any qute template to display the data, example `qute-jokes-template.html`: +Using any Qute template to display the data, for example `qute-jokes-template.html`: [source,html] ---- @@ -227,7 +227,7 @@ Using any qute template to display the data, example `qute-jokes-template.html`: ==== Web Component page -To build an interactive page with actions and runtime (or built time) data, you need to use the web component page: +To build an interactive page with actions and runtime (or build time) data, you need to use the web component page: [source,java] ---- @@ -237,7 +237,7 @@ cardPageBuildItem.addPage(Page.webComponentPageBuilder() // <1> .staticLabel(String.valueOf(beans.size()))); ---- <1> Use the `webComponentPageBuilder`. -<2> Link to the Web Component in `/deployment/src/main/resources/dev-ui/`. The title can also be defined (using `.title("My title")` in the builder), but if not the title will be assumed from the componentLink, that should always have the format `qwc` (stands for Quarkus Web Component) dash `extensionName` (example, `arc` in this case ) dash `page title` ("Beans" in this case) +<2> Link to the Web Component in `/deployment/src/main/resources/dev-ui/`. The title can also be defined (using `.title("My title")` in the builder), but if not the title will be assumed from the componentLink, which should always have the format `qwc` (stands for Quarkus Web Component) dash `extensionName` (example, `arc` in this case ) dash `page title` ("Beans" in this case) Dev UI uses https://lit.dev/[Lit] to make building these web components easier. You can read more about Web Components and Lit: @@ -292,14 +292,14 @@ customElements.define('qwc-arc-beans', QwcArcBeans); // <10> ---- <1> You can import Classes and/or functions from other libraries. -In this case we use `LitElement` class and `html` & `css` functions from `Lit` -<2> Build time data as defined in the Build step can be imported using the key and always from `build-time-data`. All keys added in your Build step will be available. +In this case we use the `LitElement` class and `html` & `css` functions from `Lit` +<2> Build time data as defined in the Build step and can be imported using the key and always from `build-time-data`. All keys added in your Build step will be available. <3> The component should be named in the following format: Qwc (stands for Quarkus Web Component) then Extension Name then Page Title, all concatenated with Camel Case. This will also match the file name format as described earlier. The component should also extend `LitComponent`. <4> CSS styles can be added using the `css` function, and these styles only apply to your component. <5> Styles can reference globally defined CSS variables to make sure your page renders correctly, especially when switching between light and dark mode. You can find all CSS variables in the Vaadin documentation (https://vaadin.com/docs/latest/styling/lumo/lumo-style-properties/color[Color], https://vaadin.com/docs/latest/styling/lumo/lumo-style-properties/size-space[Sizing and Spacing], etc) -<6> Properties can be added. Use `_` in front of a property if that property is private. Properties are usually injected in the HTML template, and can be defined as having state, meaning that if that property changes, the component should re-render. In this case, the beans are Build time data and only change on hot-reload, that we will cover later. +<6> Properties can be added. Use `_` in front of a property if that property is private. Properties are usually injected in the HTML template, and can be defined as having state, meaning that if that property changes, the component should re-render. In this case, the beans are Build time data and only change on hot-reload, which will be covered later. <7> Constructors (optional) should always call `super` first, and then set the default values for the properties. -<8> The render method (comes from `LitElement` will be called to render the page). In this method you return the markup of the page you want. You can use the `html` function from `Lit`, that gives you a template language to output the HTML you want. Once the template is created, you only need to set/change the properties to re-render the page content. Read more about https://lit.dev/docs/components/rendering/[Lit html] +<8> The render method (from `LitElement`) will be called to render the page. In this method you return the markup of the page you want. You can use the `html` function from `Lit`, that gives you a template language to output the HTML you want. Once the template is created, you only need to set/change the properties to re-render the page content. Read more about https://lit.dev/docs/components/rendering/[Lit html] <9> You can use the built-in template functions to do conditional, list, etc. Read more about https://lit.dev/docs/templates/overview/[Lit Templates] <10> You always need to register your Web component as a custom element, with a unique tag. Here the tag will follow the same format as the filename (`qwc` dash `extension name` dash `page title` ); @@ -458,11 +458,11 @@ customElements.define('qwc-arc-beans', QwcArcBeans); ---- <1> Import the Vaadin component you want to use <2> You can also import other functions if needed -<3> There are some internal UI component that you can use, described below +<3> There are some internal UI components that you can use, described below ===== Using internal UI components -Some https://github.com/quarkusio/quarkus/tree/main/extensions/vertx-http/dev-ui-resources/src/main/resources/dev-ui/qui[internal UI components] (under the `qui` namespace) is available to make certain things easier: +Some https://github.com/quarkusio/quarkus/tree/main/extensions/vertx-http/dev-ui-resources/src/main/resources/dev-ui/qui[internal UI components] (under the `qui` namespace) are available to make certain things easier: - Card - Badge @@ -501,7 +501,7 @@ image::dev-ui-qui-badge-v2.png[alt=Dev UI Badge,role="center"] import 'qui-badge'; ---- -You can use any combination of small, primary, pill, with icon and clickable with any level of `default`, `success`, `warning`, `error`, `contrast` or set your own colours. +You can use any combination of small, primary, pill, with icon and clickable with any level of `default`, `success`, `warning`, `error`, `contrast` or set your own colors. [source,html] ---- @@ -603,7 +603,7 @@ https://github.com/phillip-kruger/quarkus-jokes/blob/f572ed6f949de0c0b8cbfa99d73 ====== Alert -Alerts is modelled around the Bootstrap alerts. Click https://getbootstrap.com/docs/4.0/components/alerts[here] for more info. +Alerts are modeled around the Bootstrap alerts. Click https://getbootstrap.com/docs/4.0/components/alerts[here] for more info. Also see Notification controller below as an alternative. @@ -733,7 +733,7 @@ https://github.com/quarkusio/quarkus/blob/582f1f78806d2268885faea7aa8f5a4d2b3f5b ===== Using internal controllers -Some https://github.com/quarkusio/quarkus/tree/main/extensions/vertx-http/dev-ui-resources/src/main/resources/dev-ui/controller[internal controllers] is available to make certain things easier: +Some https://github.com/quarkusio/quarkus/tree/main/extensions/vertx-http/dev-ui-resources/src/main/resources/dev-ui/controller[internal controllers] are available to make certain things easier: - Notifier - Storage @@ -776,7 +776,7 @@ https://github.com/phillip-kruger/quarkus-jokes/blob/f572ed6f949de0c0b8cbfa99d73 An easy way to access the local storage in a safe way. This will store values in the local storage, scoped to your extension. This way you do not have to worry that you might clash with another extension. -Local storage is useful to remember user preferences or state. Example, the footer remembers the state (open/close) and the size when open of the bottom drawer. +Local storage is useful to remember user preferences or state. For example, the footer remembers the state (open/close) and the size when open of the bottom drawer. [source,javascript] ---- @@ -836,7 +836,7 @@ https://github.com/quarkusio/quarkus/blob/main/extensions/vertx-http/dev-ui-reso ====== Router -The router is mostly used internally. This uses https://github.com/vaadin/router[Vaadin Router] under the covers to route urls to the correct page/section within the SPA. It will update the navigation and allow history (back button). This also creates the sub-menu available on extensions that has multiple pages. +The router is mostly used internally. This uses https://github.com/vaadin/router[Vaadin Router] under the covers to route URLs to the correct page/section within the SPA. It will update the navigation and allow history (back button). This also creates the sub-menu available on extensions that have multiple pages. See the https://github.com/quarkusio/quarkus/blob/main/extensions/vertx-http/dev-ui-resources/src/main/resources/dev-ui/controller/router-controller.js[controller] for some methods that might be useful. @@ -860,7 +860,7 @@ JsonRPCProvidersBuildItem createJsonRPCServiceForCache() {// <2> ---- <1> Always only do this in Dev Mode <2> Produce / return a `JsonRPCProvidersBuildItem` -<3> Define the class in your runtime module that will contain methods that makes data available in the UI +<3> Define the class in your runtime module that will contain methods that make data available in the UI https://github.com/quarkusio/quarkus/blob/main/extensions/cache/deployment/src/main/java/io/quarkus/cache/deployment/devui/CacheDevUiProcessor.java[Example code] @@ -930,13 +930,13 @@ connectedCallback() { ---- <1> Note the method `getAll` corresponds to the method in your Java Service. This method returns a https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise[Promise] with the JsonRPC result. -<2> in this case the result is an array, so we can loop over it. +<2> In this case the result is an array, so we can loop over it. JsonArray (or any Java collection) in either blocking or non-blocking will return an array, else a JsonObject will be returned. https://github.com/quarkusio/quarkus/blob/main/extensions/cache/deployment/src/main/resources/dev-ui/qwc-cache-caches.js[Example code] -You can also pass in parameters in the method being called, example: +You can also pass in parameters in the method being called, for example: (In the Runtime Java code) [source,java] @@ -1047,7 +1047,7 @@ export class QwcMyExtensionPage extends QwcHotReloadElement { == Custom cards -You can customise the card that is being displayed on the extension page if you do not want to use the default built-in card. +You can customize the card that is being displayed on the extension page if you do not want to use the default built-in card. To do this, you need to provide a Webcomponent that will be loaded in the place of the provided card and register this in the Java Processor: @@ -1063,7 +1063,7 @@ On the Javascript side, you have access to all the pages (in case you want to cr import { pages } from 'build-time-data'; ---- -And the following properties will be passes in: +And the following properties will be passed in: - extensionName - description diff --git a/_versions/main/guides/grpc-getting-started.adoc b/_versions/main/guides/grpc-getting-started.adoc index f4d3873b51..a3a4d78838 100644 --- a/_versions/main/guides/grpc-getting-started.adoc +++ b/_versions/main/guides/grpc-getting-started.adoc @@ -203,8 +203,8 @@ For instance, having the following properties in your `application.properties`: [source,properties] ---- -quarkus.generate-code.grpc.scan-for-proto-includes."\:"=foo/**,bar/**,banana/a-proto.proto -quarkus.generate-code.grpc.scan-for-proto-excludes."\:"=foo/private/**,bar/another-proto.proto +quarkus.generate-code.grpc.scan-for-proto-include."\:"=foo/**,bar/**,banana/a-proto.proto +quarkus.generate-code.grpc.scan-for-proto-exclude."\:"=foo/private/**,bar/another-proto.proto ---- will include: diff --git a/_versions/main/guides/http-reference.adoc b/_versions/main/guides/http-reference.adoc index b263355b21..642c75c921 100644 --- a/_versions/main/guides/http-reference.adoc +++ b/_versions/main/guides/http-reference.adoc @@ -11,10 +11,6 @@ include::_attributes.adoc[] :sectnums: :sectnumlevels: 4 -:numbered: -:sectnums: -:sectnumlevels: 4 - This document explains various HTTP features that you can use in Quarkus. @@ -394,6 +390,44 @@ It is important that you enable all origins only for the dev profile, allowing a include::{generated-dir}/config/quarkus-vertx-http-config-group-server-limits-config.adoc[leveloffset=+1, opts=optional] +== Configure traffic shaping + +Traffic shaping allows you to limit the bandwidth across all channels (i.e. connections), regardless of the number of open channels. +This can be useful when you want to control the overall network traffic to prevent congestion or prioritize certain types of traffic. + +To enable traffic shaping, add the following property in your application configuration: + + +[source, properties] +---- +quarkus.http.traffic-shaping.enabled=true # Required to enable traffic shaping +---- + +The traffic shaping allows you to configure various parameters, such as write and read limitations (in bytes per second), check interval (the delay between two computations of the bandwidth), and maximum time to wait: + +[source, properties] +---- +quarkus.http.traffic-shaping.enabled=true # Required to enable traffic shaping +quarkus.http.traffic-shaping.check-interval=30s +quarkus.http.traffic-shaping.outbound-global-bandwidth=1M +quarkus.http.traffic-shaping.inbound-global-bandwidth=1M +quarkus.http.traffic-shaping.max-delay=10s +---- + +The check interval represents the period at which the traffic is computed, and a higher interval may result in + less precise traffic shaping. +Despite 0 being accepted (no accounting), it is recommended to set a positive value for the check interval, even if it is high since the precision of the traffic shaping depends on the period where the traffic is computed. +In this case, a suggested value is something close to 5 or 10 minutes. + + The `outbound-global-bandwidth` and `inbound-global-bandwidth` parameters represent the maximum number of bytes per second for write and read operations, respectively. +You shall also consider to have object size in read or write operations relatively adapted to the bandwidth you required. +For instance having 10 MB objects for 10KB/s will lead to burst effect, while having 100 KB objects for 1 MB/s should be smoothly handle by the traffic shaping. + +Additionally, you can set the maximum time to wait (`max-delay`), which specifies an upper bound for time shaping. +By default, it is set to 15 seconds. +It must be less than the HTTP timeout. +When one of the threshold is reached, no write happens for that period of time. + == Configuring HTTP Access Logs You can add HTTP request logging by configuring it in `application.properties`. There are two options for logging, @@ -556,3 +590,30 @@ link:https://undertow.io/undertow-docs/undertow-docs-2.0.0/index.html#predicates === web.xml If you are using a `web.xml` file as your configuration file, you can place it in the `src/main/resources/META-INF` directory. + +=== Built-in route order values + +Route order values are the values that are specified via Vert.x route `io.vertx.ext.web.Route.order(int)` function. + +Quarkus registers a couple of routes with specific order values. +The constants are defined in the `io.quarkus.vertx.http.runtime.RouteConstants` class and listed in the table below. +A custom route should define the order of value 20000 or higher so that it does not interfere with the functionality provided by Quarkus and extensions. + +Route order constants defined in `io.quarkus.vertx.http.runtime.RouteConstants` and known extensions: + +[cols="1,1,3"] +|=== +| Route order value| Constant name| Origin +| `Integer.MIN_VALUE` | `ROUTE_ORDER_ACCESS_LOG_HANDLER` | Access-log handler, if enabled in the configuration. +| `Integer.MIN_VALUE` | `ROUTE_ORDER_RECORD_START_TIME` | Handler adding the start-time, if enabled in the configuration. +| `Integer.MIN_VALUE` | `ROUTE_ORDER_HOT_REPLACEMENT` | -replacement body handler. +| `Integer.MIN_VALUE` | `ROUTE_ORDER_BODY_HANDLER_MANAGEMENT` | Body handler for the management router. +| `Integer.MIN_VALUE` | `ROUTE_ORDER_HEADERS` | Handlers that add headers specified in the configuration. +| `Integer.MIN_VALUE` | `ROUTE_ORDER_CORS_MANAGEMENT` | CORS-Origin handler of the management router. +| `Integer.MIN_VALUE + 1` | `ROUTE_ORDER_BODY_HANDLER` | Body handler. +| `-2` | `ROUTE_ORDER_UPLOAD_LIMIT` | Route that enforces the upload body size limit. +| `0` | `ROUTE_ORDER_COMPRESSION` | Compression handler. +| `1000` | `ROUTE_ORDER_BEFORE_DEFAULT` | Route with priority over the default route (add an offset from this value). +| `10000` | `ROUTE_ORDER_DEFAULT` | Default route order (i.e. Static Resources, Servlet). +| `20000` | `ROUTE_ORDER_AFTER_DEFAULT` | Route without priority over the default route (add an offset from this value) +|=== diff --git a/_versions/main/guides/images/oidc-mastodon-register-app.png b/_versions/main/guides/images/oidc-mastodon-register-app.png new file mode 100644 index 0000000000000000000000000000000000000000..7ed1fa8879b7ee79a721b3dcc09af0ad5ec2d7cb GIT binary patch literal 73290 zcmce;cUV(h*FK09E2xM_7o}I}(gg(!2uO|8i1Zd}h;)=kQIOuGgLDE3y$4i8dM9*< zbO;c7AV6SFc;5H-&A&6>TyrkGNH}Njz4qFx-fJDdywX&?d5z&31qH=T(2M6f6ciVw zDJafoU%3qYWhM$z0{pt@t_0G%0$jdVEI$L^={=NRd+0h_d%(@ztSD@t&Q4YW?iOxV zR#10aXOE2wP4d7)oaBd|xmlTe*f~QV=-D}0QRu;}9y}I(pk?9lK;*HA=mTL9X>nm` zF){VQP74Z(2Na;^ihA!-)~4XTF$>eJTh2*%MRmKeSacMR`X@)jGUcatFDaTliQvY6 zbW3^X5*Ya5q57@oR#!i)X(S57YFlSk+?5{4wR1nYa`AkQ2i>nFQp2`)w9LMrY12PD zE@{3*(-Eh9?Yshg3aA68u9A5IKqUo5^~Ho=f@hy79-wY{{QD_SvG3g3rFKPW-KX^JJ4bnZ5SNK(>$)q>&t$gwP z{NM<)mU<}o?X2R_s^tz(j)}C8FpttbbzkHX`4E9^-M1gIvlm!{;NIPQ90B@c8_&&bNUb#S1k`z1s0+KmP< z3qI#seTvDBix3C(zRtGLK%YN9&q`p=^V6Ksol{<^g+tBT~C1TM}E+AjP`c?y#9z!Y{!VyZ-(&CQDpozLfFK1sumG+Qm~R={EQF*i)J5 zB$6t^_vydK06al#YkF}(zhL)}nbpN))nmw!Sz+(O(YtxJ4^-p@OUxs}eRYH_W7Xo` z^$|XBw<{Lhq3*z<-v4^|r*GjAuGMGiep|H=vS*Fc=? zEWl4#VE|87Ke!6A-B!p;3yHDBjD2hQXiC;9ioX)7s;Vp{ADQN?#13gad8&&;*m^r! z>+Q`G&giP?23Ctk^lORp20X|LMOjvEx6L#!&myETjj>$t{IiGV&nv15>KAMlPEM)Q z577 z0w-=UGfU0e@9Ne@Kf6|cBTp~q*tWI|dv?|jD3_PpGId&x%*GNfcy$2F1D|mRE3DV+ z@1D)?^eN*JrR0cd+W{w1ht{}&;TZ!txGsb|5jPY3-e z^uq_Jtn<6q-f6vF#ed(XUIokwaE+<-MP1+s-H+*C=9{>e%)f| zlCmfp=ZRDKdx=Px!(fGlu@O=!f7!P%{f9;biJE^v~@@;zhGOVFjU+!q0-$zZY%znl< zG+wCNZ1dJ#$G*N9e4)0e%|sMmf&r z7I>fWD7gWR$cI*fyrivPc+rKi%thI8DH}KeWbwpwsj1ZwSsj{HRBkfPq;c&aO)dIk zL5n64?v)i4@0`Y_M73Hy4E{AGZ<7)%vb&qBC-( zLBO~cH@36`osKUy5qGTdN%NOfp;Pek0k_8-l8K>!U;Ys8xV=?a)NshbsxzI@k6JPv zbuk2py2-Q_ztT{(zhlrjjAW4bMf$X}I6pIIDAl`qkv#H=5HON=R#&L^4}-+Rjc4JV zMpd4ejGy=s=6!;M?e1zCQQEn=eg_(1Ouc`{OX41R&=2Bm56hrxFm1bicZ@1Z9(s)@ zy$KS~+5^3IRrpDljBSZ=<42|hVB><$LJRHt^Xu&cwB&(LhsgsG{ajjqwg?jWHtDPN z0^7|$g5}nF9fm{-l~)@eWo`n_&OzRL-N{}iVU1oQR4(-*3}Hr9ZXZeg1v`F(eQEgm zcdzSo%L!xULnYc-N<|_T)!u%<Qna5uJ&V#0T@Oa=-;Oa8aTosKhKw8uc5SOh> zVmX>BY}ey$Oqpw7H|{^_n^A>Nc&>}c3UNOfooT@DV<3s034=7Szp;1dOVl=ucEWx`Qm2>6tsCMfu4(?H9feqN8pXua6To_4?K}^KHyO2LU zP1r5m*yzoh3>IbyJ?ybF;QZWFz4wc&hgKSoVpF2OTdBw2^^_W^#gM59bbq+qb{R~^ zxE7~~Zf88d{_mebA5A-$mwtV`o+M+V zX`bNv?0-)4Qjtn`kpOFyV=9y6H7TSx(KzPA2UEQ)Yr^S^)_{1A=Eynw*6>`rV;c}4 zFhx!sxOJyjFD_Zc|7pBUEeRF!LAblR_PYzoqO`RX9yv%DrF{scM1VJ@?S~s`LlU^z zLR-E+3XWLbuAG_&+qR!(7>m?)ja~E^LXn!Tw)#up~VUsC{bk{ z+_Gq82epLI4tCXo{og1^ADE{~!*~b1)#7+_z?hRCLb9W+>_p!ZTGmI(tDqVI{_O zj%ixRpy=Bn_5F-L8p-+Zwr17T)dx%4UXako&ZMoQ4XR2|bV7Bt_x?)pqJUBU%S4gw z-Cez|TKDlrr+Vw&6uVO@8Cav1P}6oub7hWt!f;s}A3JDD1|Bu$*l6dM(;2Icl1Ibf zbAPT;QN;s0>3^hJ@s@}+DtlMTe=n3Y`6-M6H>V{Z#h&<*b8mf2opiVlZq;PgFVo}U z;NY-ZT@*O^+Q>;B$1w zb!#=SJ31HsA{Yw7941X(MJl$2mz?}IG%Pltzj0X~rTxsb9zK{JdeSxk+ry0v8gDf6 zDJUo$2~$&3V`>rMxJi9g0i()+3Fij#nfIk;5;C&vEA6S~Ca1E$ki6zNHP#eW_ZY<2 zT6<6n-&F+hM)#R0;Y zUgf;i*AfyuagK_ro>ogqMbN;Ii9yz;Q)qzv+E(iV>n)c-hmgycaozCg(qN{0p~|-@ zsc|p$Vo51~G#DHq0uD{Nph3P&)k+*@y%)ZI zqq~CTG>{_9e_h!no7XdbN&Nfh_Y!pRg`B;Ba`calJw4J;9-N8m{$L z<0|_cs#Iy~cVWQJziX=6&3w3IRBs*TCkPxjdV3rp!r*=qAk*mY@4bqKud}Iod)HC1 z$``r!_Y>T47!)cv_(o|H3u)Ye5ZN3Xo85GB@GR8-)b#4rtI_OQT3TpX?}{6jgQ%35 z2DAoq9X8ScdX;<|{F5Y16*Q9lP4n6+JL38BM$7`HSlqI6a#l8Hnxz9y8b~Qdl@6;I zVGHOJ71HIKcWG#{J_p@a1A$6eg&>U$Miq`;gBw@Kt|T-(e2x2uajFVS<-Bd-~G`n*$cjpFq*xdn?81d0ODNZ@*J1KhIag6h=F;{mBhu#LO2$ zsX%oIsHxYxcibEt$`}WetI|r(;MPW3Q{FJE$M<7XQuq;=LOPW&ovxf5YHgeEVsHLF z1y%LUmY@1Z&)lC=I8_QD5%buMtABzaTCa%LXxTw>-g^VvIi1M*#rZEW-fq9IaBy*{ zN8?u~4TaF#te`3m<}iGtak8XSM+Jd#Wg1<7{=x+g5DyQ}VQ;7qkK^fydgoWOR|!y4 z4p3^nXa7)p4DGF38GzD_I}nctdn>##ynr=^t%`e2wpP`tB^cy%#KE{9Dg{4$IFH9e zAxUn+@@Bxv#OEBc(2M+@?!H4um)9@UR0P=ewl|NLzi_D*YBl*sXXkb&7xb9IMAjZA z%GiW+YNfCPd%eSrP{I z5d?^)f}5sZAIXJU)oS&J=+@|HtcW!E=PfLiClSMA#&95^G zZVZ|Oqyn)32C1uRHa#7k9RNldJbfC-AZhpgk4BRH2-1|W3aDhG<3btO%txPDS{k3@ zT5J5{P22c-EXrC$YFePZQ`DieJsMSqSDAWbIOBz>Y|ov4+0*ddp&IIqZ=qw7M`7&a zfS*wHY4KAct?T4t;x@|zaHvdx)!@jaFFBsA5d~s#^>bXzM0sqnf~wKs9^B+d@e*Ld z{fR`IqZ0-|tvfaw5DE4#27X<-E@EnQr%~Z$^m^;&%(GyeJaTc0r+K;feZ=->&1+G0??YeORD4E{Y)}^|MkWZgJ z6}rXoMrV7jPfUcbPZq?+-gO$U0rh?@OC6~gizD%PT4iQsfy#3UOXf%W4#QoElITTi zdkoSkAT2EoDXMJ)^$tr&NZ>Unv<&b&++AVn4cPvD^~gG#7HN1mv$~2fZ$?cjE*^cM z!IYRks;wJ8S$!ZNpaJnE7$QH!cRg2D24bcbmfu4~`o@{yDf-qokMpg&lL#ZN4|-UJ9V{XLDgb-X>#0zgk;ISO#ip zYVr-s7bWYu6i4t=Yw4LDi6XdhbUg`OQt~)>BHhfO8fprJK+`9OGYI_ihoDTEvZ^)C zM__Dm4lG%MD!H71p8!wcH;~YMICz4vZYh$;R3~p@VlwZ}^Eoq$#6DB6r1`c7X&eELZy^BjrmmxCzeXxfJ zHE61oOXroTT3xuGOUeRTFu@^QyDcUOoIqOI78c5SV z3{t)|eyFde;PpY*F^s~pq|MisAKzWfTD@Vv|P2O_=D(dORH;BTH7vVT$zy$3sRWu>Pt zSf8k}DmeLiOl(cZO;w`+|F^KPkh4W|lGoPu!pp}C0q6{2=j6aIs>lFA*qCruuzq}B zY$h31>E5at$8V}uX^(NcKhcfpJ~^J(S0qR9{z=5p*`D+fAf!#SQ|;&-%thFhTf4ct z>jJio9K>8g&cP&s=4_j9jsT= zLmzvMCFXOZr50hPpXyAEi^>L%gw(4f%*ZL;z%vU&ch~erb-1d?6~W-o8R+X zc?{w_UDI!#*4I}Ad(LlkP*24wZ5d!%pu_EoJDls-T#rG{CV;fi8 z$AIw87SjC+o*chhSJBne20+ZkZcObM+dJo8 zyd2e$w}~IrT1Q7`_m_LG1Ac8xnua!~qC%{trNxd|X2n1}a0#~Jf@6x4XYR8$9Hrem zB__zmKohIt^g_<@$JOj6w?je0Cfj@=$6RiM$tqr6!0B10zZ5D>(SPNit-fu_ejEkFk{+F5j3fZT-_k!k#Lr0VbU5zt{whDZD`SP18&~_>&i}u z%}N7yksVh(CRIQ8xx9-Fw3RD&O-7!xbp*@vGM5ql>cNIS!pxMWk@V-}u>H2y@~h{+ zHBdeQYr%wWoe`9A9(>xD4{J}BSG=Cbf3f(V*4blkBve6ZmCpWe%}R`%B4qr+kC9|= zM)6k<2ueQP?Hv0hc!rZwSbhM4?2^JaGB>WhMH>53sWbR!ksqWe3(vSvEvDNM1w2{P z^M2C>WE_onJsIk5z-!3`Nezi;pOAJ7 zjpI9;;Ji{_)J?mUt8U0jzDw`r{sl!ZwdRyurx3BIdQSH*@*X&Gg_(KGN+5&kg2TC< zxO6w7ln%em4)P3#3mgP=nX#+DgYK?aBRMdkceO8P%| ztD-6;)Nrf)=vw_5bw8Xwg@-$q-Fubr5o6@yzK}QR8-6e^=Vfw}JkgJ_{{AQpyW!uz z1ZTo;+l(9i3wu&PMLj$$W7>W78d)l@z2RKVX;qBN}4D_%%%YbA+;TIX^BFpWGYaN@3_szlD~?+X{< zerT)Iy2n~}E0beqqasCt6L_wwdh$hmy0CmJfcC#bzNwqjxzvL|78{?B->8M@S*`&a zJv&&JWPqoXFBh}6-S{A*R!_pj9HOb72mFZs7r;aUY`MT=w*)XT&s;5RC@p{KsuYwra@czg$2Vks;Q1!9gww;(O|G7&B&F^#_U9bOV!U&*0Z*FPT@mKUO!As<^ ze=V;_yFK99`&P4~*7KXQxPL2Dba|G1hhqNvhj6AB>RNgs3n`OfiU3&V#MYgZJ(?{Z zqG{4$>TvcDF(l(r@XPoYwTz*_7ORT@ng!XNbxpQCOS;|s`HLl4g z=s306?Io8`PbA9crdMrT0`QCe<}^{-Mw8=Pv!!OJLG(h+oi1~c9F=>XAoA!ynOlmg zRKU$`KdP+I>e+7dkS2RUYKusKrmDW?7F9DOn_H6yzd|B^YixWPySq_ER{|8}a9y&; zwceCG!w-QVfJk7Vnz~lk2-S6X^Pakej^L&1Tas6d8YVkBF@IrJUz7iNa1Q}$r}u!| zdP5#X0ad-oTpM zcEj1ejM$dHS-5k~1=(> z#$obM%sj7<*R-YGOK!zhfiD?ny5b1z{Y!$wXI?t5(jULVKipxE`Cg*_^fKT~f$PU7 zIpB7?+sj}}Tei0%{7B_V@wG{v4XVqBp=a z!EAUMbWP^uf8hZ8bV$UAGGrEIcFt0@rwisLmE?yY@(*NX5*oilb(NGbQZUKh@5bQ+xO&rkV{^|DWOZq zdTY_UL_DZ26WXxLOBJ@+vp7im_x#%2fnBQrn-T%`0T3DO!MT7^LSBIvvP{*#h?a)q zG9;(HA@@Q#Ad6Cr%mU?ODO?uJ*RVNpr$qysQCaLDx>>>H`F33(-sq0ma;Bs`4&fF# z`Tp`=DDY!)3i=8IU=pFOMuY8~#I{tymyCHRUZ+SceE4+Aff*H2h&bT zG7fc09dU8&a$@;S;VNtWj20(ZFhqjgDZcn{wmf2CWhH9HB=lZae;uZC4W%B(ThJcE zX$#yPZ#ZEM^V+kjt*r$`lX-s7+iEvLxH(?w7sUDXR8RTBc|C;nP3ExCM_K*K%rX^& znVY83*&`4iLx6^S$1#!U>_CbDzpb&>akNF2=f-G$uRJ{fazj8md-nP;v9}R_8V<{> zPq(vv?L!B@Uvk&0R9m>QI$a7Y=G02c&}#L|@T;%3B{g+oh>cW){ncsx3HhGfJ-)r| z&@9Wx_n8{Aq8@#+Ux767IQB|tq=_lU@qveW2OGh_zKt3!Ga1B-oLN!!aUDs*er1G> z>B4}M6Wt(I@6EcTqG*=aC-sXgRA4Xc!@|EyC=|hQq$V|4^z;Im%TT}zQI9znR?Q0OUkl$y@f*MPE4m74!p82da-)0`#)d=y^a%k56=AYonSFjRQ@rMp9u< zstj&j5`x*H;S!r|Uy23t@xHz(2I7!AeYl+0>_ymyce?+HRn=lwD#}c*ZgofNk93OU zZfP*>J^!bo);;>EI((^P7wq}2N zA5E1Sp}kYnyzKvB@y&>6-ix@wlFy-jIvig-fyp#w6fhIh%F|S~+a6ls1y>cxvm7DW z3v8bTT6Z5P0wtCKx;ZXx+2aiPcl#PJM=YT(X;!z}{=S})gJybUa%gCmon44lcXEy* zz{(%RA9DC8%DOr`b=N1V`>_G1Swlm50)~X@I{0dl#D3M#fEC}`5=qt~KKE2sH(IaE z5+o-v&lX3`V-pat2Be=@@l`SB6D9E?h!*wkYH@EN-hX$v@ z7?wLxjr|D_zek|5?3|S^GZ6(w7+%6ou10d^e(MQ1dMM+>v<{)U&Ny6evmqaLUkWJ9 z>a*bS-fr`A*RJv)mY3bVy>=O;T^=i`MyS~18?ZxpTGZkW(ZxkC%?<3UH)eHC+;Ee(4nV(N4pL9 za)ZqsF#7FJhK6meN&)8Ynd0~X++eFHX&SKlffF|Yg9QAtWVK# zfjQ&^ip4Xy!h)AX9H57aST|%tDtXtZrec z58y3gPPpgm<7ibag`@9p-@dK%ZU2=Fc^8CQ+9v&EWhP|bp`lrCjfs9qpO$V}I%UN< zWp6b`j>l5&kk16jf3=f+jO_;(i<2ZsbVplPF>>&GrnkWhA_(PEWWPT<)kL>Z&T$mNO`49$x zHwAWs0sU3$G7EF-euI%*qLfrBFQSi+eJkzv7(i9sx{o55J7c{6N3v>B7BWE5#TMUi z>CmA)PA1cFvO>9;#pk(P9lVs1nVOpAfxA7>(=$1Qa@KMhZ_tlw4M*f8sYg%yEWt4O zX8N$zVQpfh8^KRlq#QOu^$|awm0(FTpBX_l zoZD?&>C-E(k1`M!YE%LZ%sh%JGb;8zESTZdFUF0P!Ibt-Pa6+O5iJZ`^ZBbioyC4f&AWdlHW05% z-+C{u+#av73k_#h$aGuiu=Jh^`w(7JbKTpvZSLAs<(c~djxGaBN6O*R&0F$XC)?=t zAFr}BbyvH!F1YZCCf)&3MUc)y2W{osm4_M!*3t5$W5nuofbFXQzk_LG23gCRVdTWC zE3{-)bn*N@V8{P79;$;WxLgqYrsU`}@R!QJcm&1&z7O$}gE<|=UxK-&1ds662mXSB z|MaPG&EXa~Sy=;WeY_W-DYAu>fia?7$sTO@l*vgsKvZ=9O(AJ*f2YO-Jbi`y zMHP>vXp8>+`?{O^ek3Bwm)tA%blP3KuA_VE*_SVLZsJsAZ7$8uz2gSlqG$snRYpvN z;<%Q{-zX?FgZ|AaD4yK>w~>$Huh_qN1V!NBga7vr5&uj~7&|u#t4vfm0p(-W3fE=^ zxzpov04e1wVes4-NA6GiA$}~zWV8Aom@R$RT3N|UZdhDBwwH4zP5D>urX-fR|?Y=(BOyee_L?2;Y zhH2Vix*?HQFF#{>d0DBD+z;tu1_)Fe-37|skq}zGb+%Tk>j9AL&CLrqY*RXEbmo~k zgQ#^yvzPng@pmbA|I#L;NiCUj<=}_EJmy_$0E{uq2=KtzfZcvo55dFOH1F-JAA>jg zsdbxrOOU4x$KQLNGlN^hnajlYyCAu%o0*S4u48kY8&A}J{`{Hff5I&DjFz50(Hz{G z@t)egHw_)~`N_P?<{5Ed>*)YZ2-Yk)RGh5u0tkGqrGic3szN)uN20-pUjT9fk6-k3cOOK#+q5e@c&hc)SH&4k zO2eb8ASp>jyw3oJ&Q%I70s9 zxttH7Pe?Sky=9>zAXUt1{B;m3L;gON6|t{yACarUuu9s;wh!!+al-j~fN`3y&B%Bg zojsVBCE|O!yE4dYRFMz#PZSxfYP5>pzu~=@xKwGeq}lQ(ErDHGHGQx!AReKaI!c8dzg@o2;aH+@& z0_9{5PEPB0slj=9);&qZ{aFx$eY~l-^R#ocqbUs%i9Cc&`^xS1Jq>mMJYBSA$`dDA(i!s%PTrTlh}USp=9Uq{$t|x-Hv79=4Q9J-onQ(OSP#82wfQ-yOikY z>T-ZoBUmuNffwlJQ5lt4CX(tX52ni7EPM7o04?OzU&v zi?pwuG^L@1{h2vfxb>*SRvV<_;<5?*`3Lh=CF__JY9blVo+`!Y#7a(PxgCLIcH2Zp zC;H(-s)F_$=z9lo+gDmLo@*6NRYq|u>(jy;Ek%;Td#tw*UyJ(s|=nvL~R@6QtkF_%C4#a)w+uE?3 zSAo{6(zjHt>apBxppe=jFIPZ9h;*)N;k8CaMoF`Cb0|jDXtj85=>Kg~EnSA?K=GOp z*bjE*U4r0#fkAgtlAI5cG&)vpqkou$j{tf~Cek5hb*?bV7tNn;mYHkL=}p5J2}bxy*R_u6v-)inhQGJSUAuN|V7zh_dUysv zUwYsD;@o_wb5m+Q(o}kNq_!N;?0spEgA%}bBq0Gg?YjQ2_Utjc^D&Ruc?OXo4kQuxs&Tk&9$6@X zwyo9OmHgx$v_I)G2|oFn^mxz5Z-0uN-qdt&_Ief&pRcS!seK-aT6Yb#aee9p+7TCp z%0*?lBqR)E;Gb}qexc4ckJ|>DpY_TgRZLErEX>WNE*NR1$nt=^eMesv8<9{|(5c)A z`9qXEaYMDvW#)qc@>n&DL1HLWNH!03vR{dwvp7BglJ#9JzukVyLt-91FP)C2Gg|6T z=AVdGzwbHfCw*Vj1BPM?2JbTIy>v$J)k#1nv#mPIJn0z8CaMW|Gvfi|TXz9&Dz7P5 z;|O%&GGPP=mz9DjsiT4B!{H*s)xO%t&`B<%GLJ+vzdeP+;~gyz{G`-Tsv^7bNK13X zjX1zg{|O)_j#oNlu|4}_hdm+j-t!>ogmg9R4)CeHd^t2i(-{5pP0h+=Yef314SCW6 z9-qq^kWxerB1%h3ar-|gf;FT>%L4+wRXJlb0eM>)-I|k>bsjC@s_^MG1HA79gOuAp z@}#xv0>^$)4GrjWlg=dZ)rvPW8{YU@8!_9zLDAX3l*pwtA8i0#8xa!q9|$~0+9OPC z*sYDa5^CZ28yFfb*&I#g35Ts&Wd?B^z2D9{d+;G)Z46HjQkAQxzD^K40%LZb9)ukjl3zdrJWwr|~kYEWBO+a7Hlg%HM` zj+5Es5?q#TIFDP5M+k3MX3dR9&K*Qu={~jluG78f7$$1IhB%x}rQ02>K8;JLju@XD z;Zx{9hex2&ld5Zlz!pR3qqNmM4yj^~DXo`9`+5*|T?I@Z>$;XMv4a#j)DX}1DfJpW3|k;iPyq=f z zH==&N>6^LWQ|UY7XvkjxwBb0(ApGazMe6Esqcazbs$Am7J=e1e#aG*H#c&1SR@}sC zBO3yfWar1x`A@z@@40K-MlV$#{Q^4O>`*_anx8q%H@Ab~9LG_b!ifS(#9>nmJmUNOu@~@@I z)Z{$tEq1sTYBDTFb?*rkZZY@dS-SR{NP+n$uDh?opM@ichd}G#R6Q;IZB7ucZez6c z7mo4xiS_93K2z#wmFoL&j z&D)-o;liBjOpD`{R;k~^Suua3gjSOyT3?iXWWAYGHQca*#VMH-jeD*Xvt0OOKODP7 zKkS1$(7tr>a)DY{y~mpk&58SAc%UkLWC_x!OdqMxSB*pIY3Q~FJO~O6y)1u{!XV~Q zEZ_jnSHdI}j?{egKg81{>PEv(gPvi^p1}pu_RD)D6f)H?4i5MT2)05V43^wu5HqQ- zcIq46JIy!w$cq~e_>BG(E_b=Db3#?O(HDY5LUF<_--=dN2sz?89sk&l4DTiFj!oDP zHH3}B0|GPVsOIr2ajXBnp7uatp>rTkEL3^P;`=%(^y1yPgb3&GR-Z#msrN~7@9yt_ z>6r9@z^Y;h2Pi~}F(gnp_ks_6T;@dwxKPkAr+5|2)BRR^KGUW6cn3@` zv@Y}p0NU2yvz2}8Hrk%J(Qc2nV}>zG3=Z${!SHK#IZ3*^y|YAK?c9_PAqgFuz5sHx zKG|RZXhbx7ZB5NGvOd|NHCLR6YtR6rN0e5Wr`ottF5_Dd+UA? z8RAYN1r48;KbhEzmCt$FIhFreH}HscLfxg-64FPRLJ$dpu{=E5TXb_3 z*2ISxw0+jVa(P~*&5??sjxNjvk{@zF7l&}b4{MwmzsQm8oUCTR_4XGP)CK%_rH?dI zRX%@y?{A-txDW2sLs(E^V$P4WbsyNv{Nf^#tRuaT9*L7yUDY%tR*)*)`e@AywLb6K zy1SpPtWH6=<7h7FF}joiI{h zT^@aBRzKS|qbF6)Z;Ggrg#h?aWWZd<_qgVtkV^@%Qc{Mk5lll<`xTYxHWGRHR>62) zaAt_fSHbOV0w&XC;!ZM+>Z1zp_Vbl%eH!l-IXvcn$dl@i_Z>%;W>#`S>3aC&g3yW$ ze!hU=&^B3%bKw;vq%<`6%>&J-GA{UV_FoL2V{ z0KQ!AHsS;LpcAdJP1w^t%+U-A{P6%&IPzLhPz5xwl|{(`0#rX5FqJvacyaI9wA!1S ztC|9NgcYyS3EB3qv0`eJec}Wl#5!Wv;$3v(wShtxwmP!K-cazPE&QVlW!T zGJCJOYDJ~p51;44HYO`nU^2OoOklm4;SAXsC8hM?Cmrq4>O8f$?|m z)XO;1CJmXcLMdgQTy`JIkg=49*oP#b8y6%MC*w>1x{10rbO-5R86>h}A?H_Kk@0Di?J%(x0XA&92cDM*U%O3xI{3+Jh^w2Ql1kl!b;8XJ2H6$`u= zw=!Vt19z;#t~`&9j?v&XEBp%hWA!{OCd^M#z2)PYeADVi`{}As9i5kl4tNj1Mxqcv zUG1_ONP=hk)wk$7G>%+~2^}4!hHz%7{N;SzLioO%J!ZxK5)gaD zv{H3;cB;#1Mkgrz;n>qs$ z#O0=Dj)2!jgq+14Jy8;*`bmFD`n!UmAA86FG({vkxo_k8eEM3LN)~>7()dWJnj81r zQt{>0N#U2d|NN(04SMy`JpiXu`0x9mPNHYW_P;_t$usnuJ)_Y)81)6RaO0UC#KV$?5JtmOt{j<1N0-)yV);<=oHUg z$0_^j@2Zt%1b*hecI`u;-ir9{aPvz5%>4KN1-PR`{g2p#%$TRrY>DhUC%5UtGB3Um ze6mk0Y7ueok#9ox($hICm~Z$UIBgx9tj~r23_5fbdqZtzmgc3SAbF8#w7rbuI?Kv< zgRkd9@}(tuiTUAnU!5nO;^~p6Q%PlIcey`ORoQi+17lJ^%i{Y%s@&$ad~3@e*OdXQ zmz=uDp@8vY(wIQX=>@I`mUkZ>-MI~1#ErIkEYQZtJ2p1fk92bAQGKpcXn7TYAO69H zn|ck5P||QNf=mNx5yK^KF-fwB)9i(XavJhbuOvH_;LozL_qvmTgyGlkc1UDw?DGT# zYdA%$fN|1}`Fmeti{&uNP-U~A`MBzxJVyxKg^Ue#IVskAZKq)Y$!Hl#8V`{`RIVl) zL_WBlP-%_P0sN06acxfb8*5`asIQ&kc%LZjKWRKVHg@js`g+T*kix?6C{oIkvh>8k zrXPdNK^<|vz!lJ62jBc~|o(}|&@las#yL<+BDX6L8jY-lUV^pbKwwKT4`paJh zgXt)E4Y+%WB~SlE_=IwV`ae7vG9NB7QX{%qm4^{~0{UcoR_aGlWK z_4wTOY-POm0?^d4Hd@Qr#9VJTlFLCwWf&AvRcu`LuHCIMMIt6iyl|_<#?XdN%x?0t zP+mZD2gc#uNo`Mq$Sj0vPD zi9!nLu{l$bKS@$FOuv3X0?U5M4Bl>6-59KbsjH)b_fLUt;$IOv_x|E$e@Q~LTBfFM0(@HR zAzr?5`44)Z?R}o6=u8mYZX#E|N*GO8lu41IQF7aM`V`?C)>q=fFofy^svS#*d$x_o z_MBB!631fu#@FugZ~oX&BJ*?JE;onoVYEefIMH^h?vio!A<(ovTI0o+DpQ%Kyu;}@ z-q1aOPxu&`c-o1gxGQM#?dOFfowDbyokWms&+)k>pag>UG(DSiEJn^urFjN-r?-~0RbZ@2knSBfNYr{AKzLtJcZQQgK><`On| z<5H_+NEHAmU^1YoMlX|vL+wPZ&qcm&xy!^Pmz`yQ);>C8FxJyq_X>X7Pv>}Yy zr^@-HIgFrm5!Nt&vy#t?8jLiIjH)}<8V85T8~OU>msKND{}R^kUfx{|s;;JMHe=Cv z@q#<_o=_IBhDX4RROgeRXG-*hZSF2>QAL{%iKK2ZX_#YgsRbACVukstgo43oWB9ti zj1>L5q=SP4M~iWMb!cV~<*N$Y+Y-+0$7yCKBe#G8I6djm_?wOf)2_nrBz^Uj(MD#4 zZpb_A|6wvcGr;6xV~N)G{-`;w^E~=x7ngdJBh%8Ntccg1daHa|So-lpmm-#1yUUG# zPH0K%a@u#7%nzdz6WHnvH>=KL?Tw0s(I%CznM>+H6i;ZF)UXNOrJc@?@-z>0QBdZT z)D$-l2!Ov{{Bhc6-dQRmDq3hzU@3KvkaHGuvE2 zUruJx^t72?u}-^Ay&DIF!a&ftt$^m_B8$w^ljCW?O0cUdSeMfWTC|EJOvQ4Wef=AG z>zH)m{?Q*>0|ChIzMmIfmwR5IBwcXx=#Aq$ngy&-X&^d9dZrg(!@06u0kSpT*2+HH zzo|6*;$PDK^bGK?l*xIj?2=}9I2^s$!@}^UX2UCJ2EVj%;PAvv(tXJ{sJ>oi?$r7G zQjhBPN_Is4yzy4!$YfMfQc^K>max053S%-8<^Tbxl^4>1%WQc#&VA|8>jn?{xoNMM zndZxLfB*h?9~4aS__W`@uP=(7gToNn1mhzjVW({}kMG~e&a>GB((#Ibs+&#|6>pdS zp8M+S#Z98T*?VVnGIY$5^WpY+p#97&ehzqfD`5GE_FtpUy?iT*$<_1!V(+V?qKy7G z2T@Qd1%pNjk?t-P1SJKO4yBQy8wLhNL8QAurA2b2ySqd>hHi$Ap=R%>-`)M4v-{uv zvuAhC(WCIrJMY|kKXISu`FyTRCa?|aeUh1FbRc`1)$otr?Ki$y1IqI4g_vBEKyAFb zN#WkWo7=P#x`*fcPN(Fp-NCpsC?r5lz>miqAun?_tk6#{Hj4^o7Z*G38uorM`ncPT zS=1~&HLb;I?d4oIv^DD{4{}XyzC%h%Y+{3QXa10_$?VwFJ2Mk@8nSMK>K-K@ts|-9 zFznf!V4)UXQNeiEJXcaGVK2CLjR?1XXy_wAQgP#{Qe|aib>4#VyEpul9qsL3%zEBJ zWMmA!%<>(q_SbSCdoSLVtP9P8sB&Ia_AA5DzY34W3^7JJ4f){bH?SRlqE`v~*cDp< zd6DMvik?dk_Fo6Xz0{hGnwt998qGRvd$y}6kurqR$^z{&ipkd_SmLZ z+{oCtf`UvswwI!G+de(lQPNi+Bm*OOfB9F ze$YBFaFdFP%8ziZ?J)+TjF*xLMwsN_2R%KP9eVfn=UY2Pm&v`wTn0g4B0j;_dXj8- z7t>njM`+U7eC_2!Lt?~O_sqNVxV?Fm?l=*ub{Jb%D6((iIN;IA(Wa7`8tMA5ZMxRL zxBbn*z}>~p-Sr65mjy8uhV83^<|xt3b=3i3F|oa^GUV%yUyI#I0{&)7R0z8Z5_av% zBvPi&gH`6P9!E4uX%zRdCPJ^mwmER0UgTGWIz9+8qo^{zuAM|49%>PfprxJ!t;1&U zqd;@Y-x(l9z>ZWAT$i@UIgt)%P12sH`C+}VHk^PK)e05ln;RMtnW3xyGz;Qn27{yb zSv*&5(qj(~JP@~%twz3)OT4{Ie0T_aI}x*-Ty?cL&M|DwiIALJyb!5x?ousk#-3OT zHGYJV+((TiBS&mrAGh;_o|KQmw{L)IS>WXM+xR+QHm+u#kmlCb0oNJskkqRt$Ayov z(~TVYvD{X%$6;Lxol@4*6L0b(yvM^5peY;5#L1bWp5;p}vPL8>ArXHvCL>yE+Xmba zuv@f#8{cwUsxaNn4j=Ct7Og_ah5sct)8C14iVvne90_|8_>F!=+9B9upHk4zBUo3pr#c=8xkrETL35y&~&K~>1 z((q0W!#3}JLuKo|lZQQ|XF@{m${}UCOWsQi7Ap;aA2gkv4 zlE;6Zb0Oz-qUOgbi5mA(UAiDa!AEA>{S_mxy^nVpx|fpjVmb`_{okdvYD*?6=1d0F z_Ttn9e@GUIw=&KfNf$s9oD{xk;i}Nsdm}NCM`+bGbR$f z=~E+JtC!=fiH9qGZ<1w2J!ndI*pBan5`4&-xbk7qG5@ud~xlzZJLh$G#tAOQXB^h{Ny(;RC7y$*21620QG|q#B zpAR^f@UD1$4mXoGJ*`}n`G5~pFb&&fl5;ZklB}-^nj+l!0s?AfyNJ17)H)CWqW7vO zZT((j;22}yEQS) zF|XD<=I@>Pcj3?vKkRe4TH|s+Do3(W4C{TSVh%n$Ju6GfK`AYmD1+@~s~G%#zJ6^O z!YW9xJDDfEL;*e*ztpGpP4VMtDc8$%;muTdK%P|$uj8(8uRs2tUg{fH>vhy@&pVpL zI6mh~_%1e?3Iz?q3ywdNRFvfxPIJi0z0sGfs}5U-rXuOG&ixJRFrP_HS^Kk}dMf7R zfTvE`|H&W271t9&#J1&$;o7HbXxW>E@wrpuyIRjyNH!I^+O-cL{@Fs2i#u;xnpRG+ z)2c|^hY!NUsL7xPi{_;8$B}}`Ia7rqY~ES2QdQ)j2F0U8Xfa z)46Sam6+hp$h703PnxM`h$?uQ+>W?^1U1Z&)o<**>@cgBz3Aa6i&t9e5~I!F+T0?e zdnxwIJP!Zcv3H~yU5*E8CQBurWsweI6#lS~mp{}ZuORB~p*2V$Rb@ZEI`%!@7%Sy$ z>-*}KFL=!*k^>P z6tOQS=}%dV7USw_aP`{P*k%T`MJ4Qx&dYxa&3N>c{>XZMV@@8nk?Q%$Bt2`s&eJMn zjhU%=eqk+Uvpf<(fR`3Nnh57y4yd6BPK)GoIV2XT6%uk)p-xV6-#q7HZzGgt;LJyf zR2uwyg7HO<{@Jyqcbe~>99gSZ>SgGyvN15=wx5|wG3!lW#Y~BWdlK3ZzoieAitgsHU#Q9q(|V)BoXEYi`~s zZf{Xeq*j(uC}Udr0SikAf8=UI@Sp9H4DI{8WSZVy)F{SO;gj6=NQL<#JLe-eJ1U_g z>Y9Ls$E5Sd&y^~afDK(E5PfHRASx_UWn!sbXGul8F)7o~*pjVPawqprPlavI7c&1< ziG6|3F%O#-36`-A&6%=vrp*%5F+AK<1Oa1>h}Uw}vbjZe9uDX_SYg05?w!t6q)#gM0t^SLe@ewM?rPi~cf?H|oFrl&r?2Y` z&puV+i`SBb3+9PBXBk8er^hQ&lZ+~;sWnOu-E_b8{JH(;nAmHpNOLZ$KVU*Q=1r+! z>FZQ6DOuFG+%vJjRnz# z2R>}B;_;B4k(qhPolaGg%i@9mAE&)gv9Q2+{TAm%`^a*KRF91|B8tN*X6dQre`1wq z=NM&D`oTW_eNmFj0e(9z?RP9p(lL{$IsS1W~Mp0Zpf_b{jJ& zW?tfOIO{1aB=kHsun8FWT|NwZ%E{#Pdu*yT>Q;SC>$==AOG^|42AUw6hzz!~1KHXMFU@#Z zdj0W=%vM#J+a|wkI@W-&Y1$FWca?-Vy@}ww{FZwR8O|xl7w+-gk9mrOe`FE($XY`A zqR!GPrZ=(UYt2N?L^e~1asUOlNf9&GJfjh#ilaJB|SP}UCRK%$9OZ7WG zHH^(IOWB*N^Zw-?JePbB_p>;@DrZnSUlSv1|LFKN-gpW@^f&!E%8NJSo!yxGoQ5D+ zZtC5h*QAStDcDy2%fl*C^@v1`zNHCQ_l538Tg@!ZKBYi@Ki(RXe=C38lvSf)HndCt zWVMch3ok>~z4=VVGk@dvnb^75H(3}<*TuH!gn(9R?^S53tUNVIRCL5Af|oW^ss`g0 z(wpV1PGdR5yD2EhgIlFq7vy2kphZ1dk4mPQ3d0^EwmbcWruZkJZi%{Oq}N8Pl0kY# z0>k@f!I&-wft6>9pN!jDUyY8BsizqjU%$oLSSTdPD9P#f{$rrd_~zu#gzVf{2ZWUZ z#tac(!S{fa&U3F}bKYpI%9$oB1ik!rqE7x(U`tESc^@twE|YxhvYO1Xgw^=y=*+@g zYs^p}Pht&Z&~~9ODaqi|IQBXIDUu-%zGw{ZR0U-OBZpWN{{oooTlHjehZe*oz9g z9nwLwZlgn2Dbl-iZ4<_Z^9MWy3-X)ms;YVw4g#8Q&!>{ZjM`@|LiMdMIPlD#xE5el zJBPa_heCrE60oswYbG{#+&iXzFRo4R`1rjGXg;!_2PSIaLVh9tNFS3Gj zznPQh8yh8muF~hWA?eUmdybC=;5bAJ?DfS;^RnQ`>5XXw=31!YpF8rWNz2e`>v)K^ zsU$V`^xOs<5u`Jgt*a3&b;F4lQkS>BGEx?sQInX+hU`h`jjwNl>Xk)^mROnPl>KF> z2p<7x+5wCj2@)RbgDXbC1A7Ru)-5v`Jc&+{bpJHOc1OL=K)>riQt~5u_B0-lLG|!d zy7{)6kIBh2(s)N@>;dSR8aNg#t2iXY;&ppwgiP{L?Ij6+9MJ9xb`*_wSoGq4?mLl^ zMQ-nJzuswd$70%=gXW~v)Sb+9H7a0Vj^nm9Rpwr*Zv~*J-jL)fATb=nAKpUG?SVez zKK1I4`LhjUw`!An57q}@=pjX@we_(js_YiK7R0xq-W8EK2;fhckU6Jr8JY(+dapHz zvZ2&k?06$^6~caQ&19&Y7;km7wXpID49AYWeT9bl-)TvX$pWJ!tsf66YS3pf50n=CvYk3P< z>WzP@sK}mX2q#eg9^iZ7uZ4KaLNie|@6=E6KUkM5kXsMKQt=MfxDRp*L~hxU`|#br zPc7-NQIzt|ze)`IP#qlrk|S*D?F~VWSiAlBJG2pEe->ztdesB4Hp*a!MsQ&JD;!J>t7~e6?-UB@o&$XkSeioA1S0KESO~jtZ=k=!sguC$6@c|L?MR znv`ow+^80$8~&4m--+@0^XD;EHdFEs7$j&QksbT(UWq+sU|nnvi*1>TcyEq7Qwl)0 z+nxE^+z24}_?}%nAo2C}^(y5l(5`w%L{-+GzQb4jJBt|s-b7LO>{=lpCU|qHPe2IKxV}o|>FMPmgi)9?-4p+?$ zakx=P+e_Q)bI5XcK0g*RX70n_fok;0!x#?jdO$z$#4EDv)+QWoj&GmDX}aa8sDS0V z^WwZGNdR9=OzciC=H1OEf9};t6734;&4cx!`!n0BSlo7lD$U)in@#a}M&E#fC#byK z4U%sddTFL2KiRFQZEx%?7XX*Dvn?c(&v?ir-D2&xsyik{5YLp97TZ$qOgf8qbd;gr zo(KW9DC*t0p+~mopXeA~{T1wkXtlMDwPQGSA17*XfHr-cMMd`eG{QkxpkESt&3?{4OUiCf1Nex0JuH)G9g8 z1qQnWn&6rDrJOsVMpGnfJnTdt#w~m9FLuX=d4^c77T^BxG1c@pTN7wX;FW#)_nSi&(t8FpicMXqXQ+%^uWIQMmN<$y`TTTK&ZO{FG@wXjQsF$pv znxWyPHzfhdRxRKO>E#p_6;b~wL$NC&IvZVg@AmiKm+PC@q@ur%bo8JQD-s(5AazOD zT!zyF;JVdYoTlLHBg&)Jqo$RR@|=^V>InWiuTC-$jb+d@&8l=z3ePQm%vJ z3P#I@*5D^G^@h!HePhf-q z3VyKSRu5mSh+j?3?5aM*2Nt62cK2aW@BrQ(vM~U_#~Yh8 z+nie1@r1a!-F8dA*uA^|Rbi`PW2!U+fT+t0;kf(c$DO#yW3?I^2CxoWchSh*^WWFN z{<(BR-Cl5?pQ%#=Qa{iU|NiM`)!s77FmxulO2H+tgHgxsL4R9yzaLB8JO52mgmC@x zJh6A|1gMNTn7UrRM(wM_i5b&Nw#cik$D76MNj_D$;k9`ksd64h=70FBaxV}BJiRDE zea|AVDTk$=IGMNd@}=Vtuwj1F^D7nX(#?U&7i?$9V7q{Hk!Ulg_c}Uv{mUaBWswWmUIN$T)@GAFQS_XtcZR*MWLt^yGq~i_Uk+as3 z$O|Q~B~3PC+vo(&wLYpM8aK)zb1Ztw??Fy5>%v&U$Uh_YrSD zAFqjkTJI|W7xJdkc#&;k4+j7KF7#oF!4*3Pmkh;^te0s>>O01610?!$EN2@)XrBRG zH=*OhfQ7HWCXV6*GOL(w<5Z*{)GJxkBMfV+V(2>^&jVyWT$z70(?|3)E#L6|c00~5 z#RpGR=-PUw$bbuB)yV0n=pX!mkM97k_CJJr&hS;H$;4j=&}O0SsRy{2(@?mN2Qvjs zO}H;rVKLzV2#%W3{r3O}GFsl9w)+?zhCn5{(9c`tgUH~N|#C( zpv=v?XoMpy^`9SgjkHqGRHmL*d7{UTPD*;HmwuT;%!L`4qxX8O@z0|B06GV7={AeT zXP=r0z}_eW!v}k3@xsF(mFbRRIeZ^Pt{CvA#ngep0j)hvr?n+XQQKZYy?5dvq@QuT#o`C=4*eh$s;Vx#vI@EyPdeR8~? zHCD2C1og_u%Oau>DJ_yIx4TvLOS(wPIq`%@RJzQ?#5|MqCxI2<&*-gKf`?HIC(Y0}>Ig8dLj!*0O{3YO%er{}E zA`S^5sV+-D7M`rxU0x9}sj4d{*PE0mh90lZE?QUAc^bqL^fBF+j2UbrDY9Su20b9S z%@Mwc0F+5b$MYXL{P=(i1AZ{W6LYisWWNTgkn%UE$~dr&#NCsyg?PzPls@7? zgKcLl`n9|notljn{AxKK`qxixF&!@qoEo_DzNT}gDr+39x(Dbaeyfpas)3R6!?p); z%TL~CzpNn!SWS3Jj4a?I08sw9rUq9P{^23e>&>ArxaJq;J_GbBYC+f4D-c9(0^D2M^o2P@!dLrCCHaFCNJevJR=y9Mg35Q25#+hHduRhu8 zfbAakGYc0dIXbwQj#AO_T6I=|sF|{FSM1im#{pJ>mw)ILUi1EzmZ^pIi{y+sB^SgXB7zE*Ke~t-nw5<(h?jw&_*`25WHA_4UgGI2sbu$|0=o6-`w$@Kj<^ie`b zbBeXq)zM}AM*x9b8TEpIMRAQtw4u^e%6#JWXvan-l#476=;<4M-*t~& z_bkmz1LV@^gjgZ^s0G9Y$Rn`eEC(*!0ndnYT8c1VANLFy=;(;YDL6}1nWmM0*Z6c* z#Df1ZGqGy!V?MCh3eRH4^y(aL`VKrxROV7cc&lUK|`HtT^CCNtbZZ&qAZGCH~cPsh|%FPM$YI7H3S5FkV=rS z7*^o*Nsjmf^!K4oF=3wQ;p>ZyzGoF)fjA79o{Ud+U5P%l&4X2tYxX?d#|zdvuBhjO zg8EvuGrE+3u}C$_IQIA@29j9mg8RnDV0J;~7=3VZcI9|={W&92{@e1*0N^0PX{a=( z_dFox=9;}p;@zE3ky0m3g5)3=37fLM1Q|s|sKFnCx%v9yiCH@RZXHWc)Mwu`hLq_m zpK4v=wNpcwB@Z8%vS~0Kn(>1q7%TlLaX|83@}|;^Fq3CG>wXTV zdMEF2S+*KXHj}`j;Qg$S*@cbIAdek-E41KNZ(yTW_rwTB-A1yR0n4Bip>+f?&;QV- z%|xDQqx+h8H7|1EWu7v_p^ahN=7KJ81{ zC3%E|Dp(LW6tz;L+g-Jf0G2wVF6SV*Qn&FU3hkHPy)iP>d(t9v{8oG}rH? zz{J!FJhKaO-PlI24?T*aUov~SL`x&fP!N)+_(ZSUc<7J9x=0qllZ_o|}cXVnF`V4{sLJ6TbTdETrY8zCw%M*rOjbbe?3)%y*%i z8_)SNF2&oLdGu#~4Y*dcFstISPBZ(9nVtm$*ymXYT~ntQvVA2Q1RTriC9mAgQpa`#d0tfZ$sTVydvH zC5Kju%%}DBU;ZG>rwWmzQV=2f#R3-3W%0`@Eb zGv?E+n#*9D(eKCqgMm+{^h*h{_pBbk556p)y0)FUs`qD+KUIiw-}ozUEP8<5&x(}7 zF4)HmPL!}=Ge$jN;aoevF$l$WHae1esi{AV|rJt#=qJx62S((x#MnV zS&?`M81RA2!N4H5bt!V|AnHA&Gz`+re}dAa*85AvvH!5baxy>k);3M%jMBg^tA1br{hZ{lR_2GIjt8ZE(LlN90{llIb|8RpMa&g~ ztA=IK*?$IWK@#Nb8yhsw6Ubrte8|KF~bj2YNZ4SvKz!k&i3unhqJ6|0eTnZ^5HqwOH|r=pp%by$etb zHNcOCPfPzvQYDIg^;6p01mJcfZZBCyAd}{q5&P1Q6vw1rew+G)QVXhijh|sR71&an_gE z7pHs4ze@IBMw>$EUM$x(>m@b{GU2JdO=Lp|k*ky|7X<}{_C;KeS&%G4jbBjfVAboG zQku#mz`85nV$+V%Y*lJ}-Cf-x8mzOsJ3+VCS;vgs>5h(?nTbmq!c#*ePWX0{Rk8uy z3L(-hHD3@*<$im13v6MZNXljT!!FU2I-Lm9!S@>?Y4ISmv?#sWTaSmnzhZA2FSVAo zv%3c{+@Cf>5i8kUFTXFG8q&o2`r;0##!?7ExgoxIME6A3czb($F+=u~eT8p)$LehF z-sMU%#nkE(Qt&?1O@tFsHO~5+WA9r3)r*iuRJh9>RLnh4K8u@gyYxwzuG8T;8~V8ZzLm(0Fo^rMvK-V%05@*i#Zea1^l8~p`EHi zHqOk-N;enMt05d$jOA4=slb|m86d;a-fR9~%L?{x%i=VMcFgxNWUonE$PYx-$&qIO z7=ZGsszn{CJ}G1{IHd*P*4iPU?~rdan}#uOyhC0pJfceCw2q430s?yVn4F&k6Owa( z;Lt7G8Ow?Ud`M`9QYbAKxBD*h4`g8g4z7QpdzYYOGH>{Dm2=5Y^ja?0%3u}qU?#k$ z{|&<@l~3lY5g%Xv&}#T)w!5IRGMELrdZU>6TaH+y^$ckqlNxEu z#ADTY>|a^yk?ePQV~^p`%xS6oaO;crpdj^R$rYb@9M9*U0eox&F)?DVwe9bc%}yB$>a8 z+8{~#sEdM@yM6vej`OSuKUbUET_wMQ9W6PbpB!CvJBHiS6aRtA#fSc|!OQsgyJ+*s zqO!6yH73JvX`F*;Z3Lh^A|9-f{jDR?`wdygU^*dJNyM5qY|SrmoA*Lv&P(G+q>iOR zXm^(9J|e(+4!v~cy4H!ua&i&1n8#Jm(;p2cpl4#Xe$|7nn7l&j^+Ub8oCej+;S6$H zB8O+_J-+osiVuEC4|wT=4Da@2=~WbKk4LeqzDG;-EkchedM_uxUK$zPK0GWTO+$O0+&aNjM@75voZa~R#V@ZK&!EtCnmyj zp~ri@V#Y-!B{jrRdci=#^ zFkFC12Gz}2pT$>~;+K^r7bD0ZN60+WFUcw6hp-wEOo3mB+;h}c0bT+IyS}%({YFMk zKhtSdP2?g3v<2#JC9*1qt%_gZAN?v(I2`jO`3~ypMZhHPH4;o|{oFR^G!X78O7kb@ zUuj5u9|-)sR&F(kXv(Dk`y!}8O`IiNXwTW+KqBm@W$K97Zf~0&z)peixZcpg3*UiO zzf%1Y1Dyp`Lh^nRTQ06?w>^$K9D3a|4Y;clM@)@PeZPKcvkBTxKhe?>R!S@}0-{H! zwKM8e?*s}brZrsL#$;Oo=3Fc&>b-_TrlLa z;6b1Y+Wmqnh;|PT6a;`Xp{S~)%wiTzpwX=8;@1r-Nuo3|7#!btu`T9l*u22ByZMGh zsziN}aoaUQ!kVzdxPJ?lcm*QDOZTQP21a?e|*-shdPu*=3}BwQ%)4o5-} z3@x7^X!Z2v%UgBlrAe7RI-oK%gW5|@Sy`F=bW;;_t8!bQ;fitx6HG63L<5NJH_B{yO*<1k`!XuMKrSqGx1`DleBZC;RZ> z1F!elDdh5%AXCSzB#YQB#Anoq@0J6i+nym#iZ6$g%o_hm>0gN zbe-zRR!ys-NE1sJW4f$*lc)X(ob~hP&-CP1ui}04x%X>oil_2TP=nww&C$h0oL(FQ z9`ya*IZWJ5yj29bckZpM$GMEK-MD;@hbLTH3iBv{v_-^u&8gHV*H8+gt4n17_aX!o zGIX+>g35{t=0y-05#calMY4_Zq%-+E?@#CbO+LEwjCWnGt2CYu{*zD_XoIe_^Y%UW z@Q^L;7#1|f5O7s@cSb9WIdvu7llBugwmg+3WflVZi4oFank<8dp$zxK0)^dLPCg-(dZ)kc{6&3v}Xzm%=Em!93-Xv z59^jCJc{91%H49L7O{vPMYz(5mD-jjskopHhzz|BI8v3`-Fk&=r#mYU%vY~wcLk6! zBlMWD=|eT=2pP?KY){riWZ!vOlT>fAxO|?65{2MfcBI#dAQoI0?oF}5O=)WAh_`BZ z{6k-KtF#S;EV_ADhy-*SA_KHu`(oe^ZSf7VOS&;o;%nFLrEAn#*bMUHO$k22NsX=E*>Gv6|3LdKk-#^!r#>_L+@4k`Te=seB&88qGGl zxfz_C%mLVbp!y0+O6mq5={^T!DW`ct+CSZ{$%RmxuJoI4Q98PyR6%ww?6Dum)PZB- z5mT(&N91oK(gzxXf@h#TMm)eK#kR5Q0U>O$y@=Ptw-UM<{#*z!_E)MgZJ>5OEJz^$V`T1{QL`!f0WqR){=B`z{ z8%y0m#(v}u-9V|e)ijkD2<0Tz2UC&m8Q(tDd;cJS)9e4j~0lL8Hx2@PY0cREA zzP2?_UDcYX^RQrK&U%rrr=7BajK#rCHA3%3W7Ey#V5*Vr@!T}>!*07SJ*q<&keXB! zk$ida^*z7Ei_n3B+LS!U@<^%?&_7)&hRYBbbguhOi{{k|k6;^pG0?NE=Ohaz6g*lk zoI)uccGr*^xW0#jb*UYihF(^y6}zru6>`{(%s7&iibSn%N@aigPm#s$H$4@nN3zAn z!%=+~0huxjQjLRypbnX;v8l-i9*>3K{aALCO zE#TieBD`ILxvGx-z=^!4DvGjL>^-t0D#O1mxPtVecB-X?X|R+kH}*0f?X1gqsU;|@ zq)!w?>UE@P_Mv`gReT0cWP;YQsnmKRN2la^%jY{KP)BFy40l8(bgYudN5AUuMUBp@ zYFi507vE&;FOh6zxojqYx=Ukg>txH7ryvs8SG5&Jdv+*8Q-d&Jbns)^cCA?xu*%Oa zPA`4e$TJdIav8bM7%4CWrRWV2+2vnh6~&-P{RRca#|{%C%mpsL?J&Q3`~xLQZH=E5 z;pOG}60w|S8)6O%7Kanaa%E+wJ-VrY@*~cfR;JdKIK8DMFE^;M}zM@m^&KZ1xZl zO$r)VwCfQQXQmro0}T-0ry5@C67=~ho$^g1FCnJb+nedwrgMb*nq1$2r;6-WY~bZuV(OHtGn)m-gPfT9@bLzt1>a*B7~^UhFM4iVpx zp<2RRP_g9Xz|Ngp)1#!$#REaN&!scLK$p$&-DWcDx$7U)uj>XzALd7Uzo3)!#}QU1=73$@t?o}@?D=7E=u z>!#F&8#PxQKWY0)2en*+$QHS$2Su&!)o5dRIm(ZRrS z8w#`h`@cN}rLQ~;s(hy-K>;ecFLQ!YQ|aIr6)W!wrjU91W$&<2_dwI|SDxx^bAa^D+P94S_9!ux48az|5h1Ui)lGMpPU zG(9AIS*p1jO5m8!j^8=){x40lXtCH^hkO9>O?MOT<5_0V<+CG}jQIuVcM2(mjo(iV`qoxFaDXvr2pX|k zh5@-BP_PwwpZj^X-ln5dX;ao0p?3SgReKy{Tbm*Say9D-ml@DS;ZbXP*ru4%eSZEZ z7NmEJW@H`Xw%xrc&;24sO+P|+zj_8a^vt=d`{CFd#bX#fXo=9!u+uv$pZ8fY3-^Ze_1kofr)QQ^&D6faL_CgA zeZasu4yyN1THYsUa8R*FKq@>T008uzke0r-6`dRFyH>X3a@9h`jd<2~UI9)xx+@#@Ja?@{aM~CiFQztppBu~Uko{OEy-^y|i6dYs4?DuE6IXsf06nJYhb~sOhBy%`m zwXH?Fa6V*alS?suhIYK#?>r5JSng%pT)O#V|J#2o?f}Fu<&~9^ zP7?q9d$lt}0|LKdcd@Xv)MKSG>OU3R;c`o|5%b{W2#`xiI(hw1*V{96+`Mx~cBRB> zp(}Rl>-x)Y|0!j=urGTc(%97a(D3V})m2Lp{Q_s=W^7u8eMMN8DLCj=-2v@OyQN3+ zXlefb7~qf<))Dh-0^jHv9=`ZeFFjK5-^clk0Ts9K>2o?b!Bs{^556ME@AS9sQbxvM zswRTkA2&2C=5X852|HsZfhEC2mLl9dVSlFa>}ay`!$zK?!(_q&H+lChmNoGE9_f1{@q57zCKKJN|MJ6}Ge~DS9A~fGNLzhqe1)eFU_^`TF9G zAxKYUfx7t0^*amuIqJe96%sFX{T!mtdPHssfs&=xJh39{DTnI4yXgi9=7(#VctEe% zVKO&2Mh4ZbdvDbc>+ropJj-o$7t|z%vVe|(+0q@2J(ZpP;7`Ie7b05KB5qu7fk zVaE;bcc-qB5pD}8=q3&A2_4N}YnqH=iwyTbo3P^}oHx~6thEWuKs)o7N4C%Ahm$P_ zGq}Fqe=PIC-z->(6N`70p zO+OB;lI;=bka~p~iXGPVL9>!okGjn#qaEiPyM+KQLLKr zzklBv<~UEj^f6Fvs_tgyzLSfsejAW3;(#Kq^jBG+%Zql%?wu4NZuW>lGi-L5EcmL?Y>g@$jp1SJ6AuM0 zy~tE^rYza;X|OOkrlKoy>m^iZob{6*I=^Nyj%P)c$R0pNrK_7zx+x$3dFYw4yvfn9 zGxd0lfWn3=tI+naXEbN4(1%!a6aEDNR|Kwx|2-uKYSy6%dGagF5C5fpr zFI*g@@fY0%(9$))Iz<(z1&$3$wt*T-&-OqlvYZsr;WRR@!G8R)->2(1IfP}?*C1S}?>9yZBM!RmyvTa&D0)EAiR!V6I~fzZ z#knLma?xi;Z$}3jo;s}v#I>)#f$?1^!LHxR?CX!cDhfX--JE{*4fG6%Pj9|lxlbhv z_UvON?nFapRBDy5+eP&_<=5 zUQ#<=q6ajcB{TP2Y;>YC&RI*=rVhMu0D=7>weI}G*~icQ#{E}AXeOnd7McpG{#g!2 zS)^+1^H?_!(`qA3XtCNwP%N3A$!N|R5tAUV_C)+JBxLOSuL9`PC!B`&BnACOR~|ko zz*GPB5{-YoKt8x~W2zQ7s2ghP5o3jOB)fMx-(^Ax}M^Fqi=jJulO1n z5*(HP;dOEW1yB3Qy_jK)1I{h|E?tdDm=RyO=Pv#9t`P&g3Neg1BfN@H@*BRWqjcrPo|{&3+YXpabL zB$G{3gY!5R*+#IHp^VH-X3b>fslOI;&Au~KE!ucaq3r7**jvgw@IGGd1G=j~|FS-b z^*7Rd#MKyuA1`oIJykPbLm?) zn?@#B>Y`U`=cmMmNq-#Z;^wiue3oMjH9#Dv9Eep;iU=~BYX)g(?8D8XOcNVkw?AtZ ze^fD1Y9D)g`wl6g<>c;2xp_x+=o>*WY54Dq>dJW9x1_URE)uARX8)5V_x*a<$r= z26SXNzO`$*1jtBh5DIbn>Ovv|*>;L};uKfMyeonOJ~t0dHSM|rPm`3yw`OnW)VmaK zx^l9B*ch))VA}I;hVt^fKDKgYr@BkiQd-g_>|y6R>{T=%EIMU4Ap{CeZ_>pM47NZ8 zL5q=&gTmZLt(WszIy$hx?;5Hj!!ZlIK?o?hf3EaL0t4Jx-dJ_blahQuDWtMBk*W^m z2O_)pNU3gKk&V2gd7DMlqRo-QKL_RFusDJ|NGMtCm@T;3|C8vDm_qs`5Oi9Acol7h z7e-FkmQwd%pgIvi#|}H)&p}HFb~uPb6>f)@qracx+DUA%W^}%41wCBondH^0Uy5|? zu&{IpS5>|_8gYnw=UJwn>&*uy2xM4aRdYdWg}T;~u&yI#Z@jddo^o=EtE-?KPPOvM zDZyZ188Q$wA%tXUzn>6R1uqhi8F=39>*4GJFL z;fl@)@r+hbdfqxUNML1^$iAGQ{-2?|5Oc_olj}$Gf$$jTp){dZ@SF-X$osuvq4S0DmbGJl$jN<9YXj8FNZOD;uKg7i1nJ3C2P+jOZ9~v z>B9oeRdh(H;I>Eo)0?1(cF?-sQCL{Skwf@XiNZ3DokgGEq(n8vStAy`xmxRl%C{D) zs@&P{+PYNeJjL6^%3>9Jp$zoN?r#@#f$|tgrp+l*is5atdXwVh{Bue`RB%6*tJrKu z5Auz^z!5k-+*G))6#T!j_m*K*uie)uCJF)~ASxwFcSx6lfYRL|-Q8``B_JgYQqtX^ zbcb|zcQ>55_I{rKd*17OJnwZro%O+M?****{qB3-V~#oIm~q`rstRuRG0?Ow3r}rV z`5r*?OcOKtJ4w-^4b37)y1;Q;{hd}uC1qustpVwy?UC=KOI6`qg&w#7Lz1(q$oJh( zIQy+Q?CSorI_nywazj0Gt64ZXs$`%I!Y`c48&tl#Rt2$qPT$?QSVO-@eZv!9GGdF6 zy*x`{gA?3!V766eyhI_zt;L zOAvxp8F}XuOv>>-i^&&Z^j7Ms@O=YOQg0IzP<*>k5E7c58YZ~q&C87V2+EY8hzdqS zQ^c&`JL^Pz5Z%=OLI3}cwTX#J@p@ZCi70&KuEOaL3=BJ`jHViwv~x@ze?7sok7<2+6V*VH^hBn+IZE|M z@m2tsGevImzGP)xllI>Kje@)1&{2iteQf5D;Y_8FB>*r#vOBIlsTJ1Df>k;qwHhtf zYPt!_%W}F!Syj3Jm#ii@=m1^X)qskt=um2*BmqtC1&q>BVrkxJ$C|{6R(L45)Zr<1 z3da^=UzP}>t`=RY&$an-Z^s$T?64KORi`_+pP{*g-ziGlslz?XH`zD#sy;zyEybAX zm`hk#l>H{#g8m5Ssf4qNN@*~l{)#7qm(*&-B;h7QE-U|hOzAo%j)x&|lP^>e3ERRG zuu~YbBl@TrE%Gxx)yi;NVJPq9R;RwH>89ae0UOS*Au`C}3GfsO>0{o1`Ef(s=x-Wz zLf!diy>WwSdi}j}>D%h;XurdHY9&?%J3t00m12&CH04}N4#cYi@3pTUs(Z50damOl zee0>La5Rq@e}o1W^rs}+p8g6T+NU9tt<*aw?|-aqW_Ig$vplLYlY>y&yx(^U@nzly z3b}#c9TUYUu6g2#W`#CnLe&)APz8~hU+csKWUjx4+Rg6)f^H#4b zlp}&fY&Mw`o;N}WsMSm#tVdpU=h9}~fXez(T#v`XCT0z|2q4dl_7Pdnweqs&UVK5X z@sg@?N5#h{SRGh4>RAc_b)WX1xCun2(PqVy-wumIy0U$jqU3snh_KBze z8RKjm?v`4`pVzPFSqF@I@lEhl>0&v$+dYeD6J92Ku7!*nUb4x@x4OG>aUbE`frOKF z-d}8{h))oA|9)-jUnjmtPCN%e;&y91->t(2n|JT}E^YML={ThC%qN~@hEuuZ{>$zOt0(y;ihuz@ zB|i}}mov-r=R@LhVmAG!+^u+SW@CI*1CN#@9@R|D-mmGJgdN^_XvCzX@Qy*v-QDrQ zX`Ra*7#d{UuNtjQ0YYpCYDkH9>vJxZl1n&okuno=SA*Dz8aMh>)DjJxzX@XD~M9(%J!^ zdiT%D8+Oi$odHw}s1qs;+Rs=nqy4GL`%+UbP2wxIJ+*#yd6MK8OxO zQX7MvJub~cw|PG?-_Lkda)-;_dCj{W4heg2%Rbo>?Qm;WvoXm=k7V3~O+?B;`KQnf zc1d(QXx*c!-z*n}FCgvg91yc|GR+&%6P@w$pdbsAb93+OQ5`=Y?iv~jGSDPwfrKdP zsOg$Qp^*EFaJ8VEu45XB1R#H+I^OS(^r)CtPRs69T9S!|F5A~$Thn~eboBpHRc85N zSRV-@na`ILW=)TayU@B~OLW2=C`JZ}{k@M>io8R4O201>>S|0TSuXITtK6C0FWq1C zh0GRj^v1w>wBKJgUrS{Sp&%HpzC4 z`TJ1ZIfFrS-13srt7RAd&#DOUr!N_U^cseVWKJe>@JXJ2{rT0=8IAD$q)-k}9!~*X zEN!&Cyx?BM68WC{dYhQuYW2dX_UZLq9^}B8_C9M-4D{k=GtZHz{l zln4|F&M0zk*{3D(J4VAkfy(n`Xf2*9x!U!?W$pv`7#$NaZkNx1WWGg2 zv~SUxz`>hl>uJp4Y+mM1yK-TKa`re~H(Df?!#xUCTnGfmT+iExt|Ktofvt=<2VX)I z+Qf^PKEj6(6SX(08hdZTWOND8@8Yu?G-qaK^r$cWIJ75R2R4gShKG zYPvMgcMCH4l*H`@ad)SzTUD%>uB)cac9WGqKG!w@N#S7@$7%nKG9id~&w0dbeTQ;I z^qlaE62tly{cahPie9nwWF2Eqz}ZK;4)T$9dfcNJzhelFE}#z0ayg(8b@?+A0pTMRR5hq{YIz0y}5=s#HM8l0-eQ# zqJqLwvJGQ~X%CJFxKH53Gk-E$<9Lo;xov}BPt;=+u$~f%X!COe{!UU``~iBJw7HEr zFN9x?1i@lVux8z+EBmo3B7$AT4S;urb>|TpHTe4?mN#UV_)}GZv?h@=OIx0O?S8~B zuMH?+kSm50@6tRo{23l5M>_(uH=9o~@7@3$3uB67qV4wBpWnb+o@yAzW6 z2gj6@Rf}x;MK}*!{lJPtnM~c*?znn==VR3_Y*`-Kz^IIS9i{obAGoXCkQk!>TJ7&7 z+azd}yEyAK2c$b((fInr0&(HjXV_?{7uaTdu0gNd{inkl5$NhiWh*R~981TUQe!fn z_F_BqxVrLO+0AJu8%|cxuZ~8sEouyRO;QsLH{|JYlELvtrLbS86NjlaOw%$=4>>Zl z0%6XwC46b!VSu~?4!x?pN`P;^<%>=t;_u0LS?@YvSj4KU`T7QZRefaTeSF2@oAKwh z-L;Thh6 z&ExHIGoEAFe=j+(@gb(~-}$tdGR>}Rgc=Rvz_HQcA7fB^u`yBoLp%$2c5799J6(f> zlJOJlAdoPf9`!RSSDqRO%V^&$Ej>P#Ig<4CyEoq(PkX_1Si}{-wGn^ zy!LkrJC)~V^0-;NyW9j-Un79ErIpe)V z(HhQGS~7F`RtUMt-gasdc(>C+429Aw55do`0*L6t!Y_2=e>`6f9Viy5a1(vt))AHfP0V0DFtW#7T5;K?s^441<0q@ zR{XU|l+NnrKHXSX)~F5?dMT8G1AF7v-2fqK(erZ$)1Uk-9td~VK0{By-_8&4KV?;= zFP;p1$A&-${Z5aCQsmRzFtAkN%)Y-{09XY&LO5Jrd_x&rvs`r*3Jz*GF9l$S25Y*d zc_`wnYi#nUvZCB+r*p;XdyO82w5!?!VT`Rb+3lo=*>}+KrF9&^g2c|wsq^X?bR#x& zPknl37c;Xd`&-5XR@7_~F#t2@dKNsTD%qiyWfUEs9nO_X<7a_2Ze?%R(!O>D7p`4# zF}iP_=`a!Dxdi_;Qmu~(-B&g91@HyG2vrN#q)Fi$S5uwrX=FX8%n&_l$G^HFA|JKlW==#j)>t?$MV|y zOsZ~QJaW!zT~DGpbt4ndbjA&9Yy6}h?_&mwX!6H)~7(t*DI z0f4YOWCRkF0i z`)zvPsn~6Foc0TIxG*t@j+;F0NxCk|+wCjc_YJD<{@&AUc^PqEb-SsdKStYK&&tx8 zj0&7h$#N>c)k$HF9X}C+!mR>&Zp}zr52f9 z1p_d7F+RMotw49-`FPWX@uDP{LFFlj^#|Pbh->%hL;SHSG#6yyGjz8*!sG^kj+-W; z!)Ehzmn@iTf0{*J0o@P|b+e`G3tBi%MylLydHS8~UaS*gVG*>2+^PaB5wpr{$CVyT zP+uoat>Nl&6RV}Rvoj`-a!E4;$pd_%N?8?&cif4Zw(TX#v=D7 zqKNla7+a$vP}i7)8J3#0=Nq|tP$DI% zt1JnCiJi{I&(Uf=ao=AI>BAA`fEU49zV6;*T zC?>z)x8U;r>NBCyEYplpdVnaiztcbj*S!(=nvMg+J{MUl%!mfF&~PtscG79s&BNi6 z3B?*L5?G*naQ9ZJJ$gh>0Q{NH#804yxE1i@)DHIkEi7Xoc%^?IBt269Q;Obu014Os z(WhGv-+Du#K!f*Aeqm|%X4-#VeSwcou?XYvM`=@?6*aJe0QF3jYCrzIhWsmUc?Nfdb*2J8h{*uD)*to$>`FoZ zPgQ+^k9znK!D80H!bGMH(B)p=5>c~NSrdHLli*~VuU)r3K4_loh;hAxGP|}FjoP>L zfZPE0=8t0c0WHKOgU5xz;#e;NI?yHX+1Pv;6%&&q0Z-s#b;ZRWH*RlDeuB6gZZe=Z zezq9lh6uYB(*$))IPb;Z&(3V+Y)llRAZ=fG8ury9^Lo1a1_tTwuQkQ;Slvc~Uosl` zb<2D!{;PUT{n;XFxjpHc8AMv*%fa;e7hvi+f{1Bp4mu#R^Op%N*Z>BGdd75z9|e zu#-Pp6l@@aVL`13E&BF&HzK!{%3-}b-<3aZyXxI%*fel|dvE+$Qzp}kZ;@*FHynSU zxLxe@ZE)S+jmg$5{YYMk20i;&773qiS9qe#)+2ViP8e@*O}{_>)Bu5|TR{x^k@Z^A zs50xRf`( zYk9cWWI70gCtd(u{E!Im*6WqQ572Ge1Ert>C=lz8`gO)$5L33j|4Bk#u+}pTsW5;A zRDB2*FQd9306{5pNk>mlylKr2%GI|Gf{<@o!of);f1IwCx`sbevKY?@^I2OSU02Aq zWXMhOx#0e{GtOE*mxS|ymp84YEaXZQV3`2yI(n;8?&Fz>%oNzPP&YTV{hsRDd)oiB zW$>3U5Q$M;5pDno?*49T3e51y7u$R*=rzB#6<(9rS$1K_r1fg)jH(8)!{HH%R#92K z(Ev5zmh^A*%;bSZra=5XaJ;euKXBi3>X6xmIT70hyXQJ{GAVt2BP$s+`=1u*)xM9c zyaW8Qv(p}Flu+f(1`q=215+xs(?88e0KMoBl^hIhuh%^r3dhu zcY?M02DTUeM1`k-ODW9#DR(>~DZzV{ZZuAZeMsHV4pNNGc2dA=751b)UOAk9%jJb3 zzfsz4q5rChdgJ+p%DusL)?~0(sV1@5!F*mG9AGPsP9T8T1umD zPfCEe6TV*mPdfuB+2$WGVYZnW8Bqpv-u@>9g|vK5QX}=)ukrV7ou^@B+>-Ww{?9$! zQ|diI`R7*vtuX&D`46`M$m{-n{GWR|#MH*xdM<}exX5mvN`i2*#g7zqWg_!31^wS* zTx0#2G@{X#FpSKde?Kh{6x>fEKhwbw5vF)siNV!M?KRv+?MosLv)~#(}-}p zgZlWxnL`+dwI#WWgZbQ-0t*99M3M)YHQqm~%w^yWxb?jk6>U3Yg|So_N(J13cteOO zQ9sjCt#<24Khq&&xh|q0b;Ypg|HVzPX5XQ(@z8v|ImWU&S%kO0MBfOegQTd-a~m6- z#oHdYKfr{M#>QsrnHjBLa=Gu|a)O$6E{3w-H^?{1;FvB-Oy7QEA`oid5shV?5(D{&{F?Z7ChEnki8w`(06^io$^%EIv<5Tm0k zcHGFfyfO_Uoazes!nJ#JR6kty5Q(qrEd1`_t&wtbj_s>$@gO3;Op<@(gsmRm{;51s z%2s0IP=D81KZ^V6>AAm8Uso^_END7f?zc6`xj)Dz%NV^q@rH(!6ep}LAUZ}bpgBM- zD?EJAEEw8pZv6hhpcM4%)dC01si)P0euf)SJ59Q*W>X?CpU-eGnG!ky=jSDP4b~2b z2$zcgQPC}E3PFL7M3qX8qNTB?rN736yrZ=7CkgyDO$|eLJdf}wQ))qJcWY7vrMe%C zyi3jXFq25&{SqD?0`uQggYwj~IQ#k-)zB)8N0(-1kaS7dekta`B)BB-O}ANtt{gSB z*wG>fK9{2{MDK0Ua<_E;YxgOSZQAUd94Chj;aBEE5&O&Zy)~-KYISt~t|-So-JdU< ze)BOtU4^l5MuUYMn`5PEhM1b|5wu-CvprH3GI#VZnY>~A5*7}QV1mYEra}%1?Br_J zGr{(7+AiF%+S%UO*JlT75*-m;Fq}}Y_qY2iW2J=cw5|{5-IEb*?@We&eMtV@or`oVNV3Q&DWkho%VbN%j5v!;1Uyj|l`2h1!|HzUYs)-}VY5h4 zDWN)8@Ap?J`Bh|pDKvFHqZ1k$YI8aEZzP--$jSw2?DfDe>WbCoU(}b#yj??PT!eP) z|K1AvR7BDDpU3}>twBHAc5AO5IAX*jBsTGX)SRIP6#rw|=;Q_U;C~xDjYzOyG2S4lc12lo z90yaR>dVmwGkt2)0Fn3ixUjDKScwc+ZvBA590}(E{zZmBMT&ut$LoSnJtDg&9Astj z=hgOc*7XhU=>bpn-=hoJToWET%*E9b5r)T}d2}|oV@#a!knL%vKr*5$T0~yiSGpb+ zQHM*n))GS`31Z~t!p(|d-o`w!rm7+4l~XoKnQFP9W>(7+yyDfreEqB`eXZjOUHKPI zW)o}&c&sRZu0IA`e?N3zYceg<0JE=AfIsXVJpSe=D%vnPZFHq0Ga^j_g%ST*lx*a?ts=0a<)*MK7@|VLI z&3*RM7?9A(zoA+kg~1v=N6`Rgm9+Spoy zC`tQ2Vi^$E#i!ZOFL1&M?>7@Ttz%M(~!Jb;{gt}&g& z(dXr(8(!u?K=OiPX|IWSfqKRt{9k}H2OGLiP@9&nmUHS(;FU;vL3*$1nV7ZA3ncra zpo1supJ6Hvmg_41zQ!q2yyM}+n5o^_VH8}GrEW)*aLpiCv_KA-}suyJt4|Fw`q zR}y{A7wYCq%2d1_-H~eX~zx|RpPv0 zP*lG2E`B#YUo7bnh%9CDj8uUiMBkc%jBEc>K++Sy>wogZ1OpU=6zG36z`M5snF}^B zZ+DuCP99Ug2X@NiiZ#wB-z0kNkXkkbrpSPSK{{g9l$v<7E9Sn}*1id~-5GHFaxkrv zO-TBlrG|wBLV?FuoV5KsHuhF2Zar^+>50hjVNjqw3kQrF3WXSFbmvdNbxMKo6-MmP zfOi_uLl?;ZroGPg? zwtMzBLr*x{%#;JOJb2K5`CG(~(42iP=MT8@CWGnkW9R@HfN4|DP>JXb3guiTGtT1% zsPkb79~l@O+xKXLXrS0|_zOrT!(c!~cURVEk)2tDj`}1IqN=`!OT+)xkwSE-t9XJ4 zk?2llV$hk#tFha}rq*4*=69VS;7f6EZr(mp{sj_YG*x>T))oODt#B?_c~nHD+{F=5 zo-HUUT3&P@+grBi=kPdFYOX0NTnay~)jcZisd!{dh^NXW6dc$2U2^&bOe8DqF@7^W zXG_Eoo5$P!Botiw1m7xk&;JEeRMT3CFdGv#- zXR(X5QzvCRUR;+hRt=lHRUisO++Ls~%UySAI^3^ARx<7(;%KxVOMYp=p9W^4H@Ff- zx>I5@q09*l)00~jn}4^TA`~CPOM^(ZE_)mZMl0TIed{E4x-Bj~gp0>ph&qdl_uS#k z;Z@Z!2I0o(O~=ayi)hYSg5(zs2y4|6tLeSf@rEL`>APLyvgul)kl!%X+?(F4uEcmE z@%DrTs*gVD$6ebk%CdYZ`mbd{c#NQP=>tv&_5!9Y({;A(#kUUdr)jV7%%K2WD^Pe& zGeH}Vw{=9IR%T^#^I6#+L%oIGc(ZKvBd$1SjJCbe3b0o2z0sg)Fp(v&b;e_$qk|~W zQOMV#5dXm~s7*B(3fz{;bG<{MUQ1=;5%u78j&m1<#xL#;+zVZ!TU!@AQt-mAC?|!E z=FL*yf#;Yb$ro~C*4}c4h6CkY>Lj(!w!TY*|*(=tcyJ7jRzTt^ z7k(L(wUP6m&NF0~XM%Rep%|N`!K|J95^Tsiiu1HfII$_@0^ZLH?ROO4e`Pj~hG9X} zab=?T`9%K$4+-SXXdS4naovoGRwh8bFN3H+XE*k#?HbQ*7vvT(vxrQkIF%dXh#Q*b zwu=ttCy7zhU5x8}A;XBm5=}HSbN?8FOeN%0>2ek|wv z@88|4Ii572aD9o^jkL`SLQMcAo}M!K1$Q ze!rE~{;MC?r9`za7DjIH2N7f(%j8^7il1!MKYF zQ(l*4j?lT3rwp#HfrnvpFO2%ekTYDPZ1xQUpl(lr{mNw2YvF_<>|7^6CUwq(sJ1iS zjE_NUObuvjIK*bBkP~KFYd2jlhWaz)sLs%ys_IN?>7;8L88sEMCFr)Km59ai4(sC1 zJ=Umw@RTPS&4hQcZoAH>xy|!W3R!fGhq$UUqwR*=P>x!=VnX%%7IQbF&G}$Bq{6mU zU(e(woM^XYl`N^Ns&23y&^==_Y4XF+m^+7gw>*|4yjO9?*<71{$bC3%{DL)HK7U=Y z6cUfUFJ~VU&*VZ}XEy!&FWcjg$e6C3-F~F`<%|MW^9{AX?3~OSxh^M5`^P62HMoWY z#dpA^nt6R>Nmp}ry=Pi5i*|OtES~8$2U2@Shfgp{irH)2#KQE^@B`5WT}{SOg)S{q z%}z5#thAm*kulPU+5(@9{10SmJc=e<I@Y09cPb!M{3n*C97`o(1LW;{RqiSW|9$iB%X z`()YpS+?KgXS0n_98g9ZXbGQrhcOO_-Zoa!U7q@iwQMw57i|6_>VV%$kle z-hVj^#L>-T%@Jv|HSCeDJiVB>IL#Fcjv{{k@5BR|+EUL1zQJmZ4~)So_8?!>(|a4s z+vY3a@&E(r&znyRi~3>FR?(dSqU==zu0F;S**L&Qk~9fp54I!G9}`&T^E&_k$`t+PYC^; zx}RBGJ}cVh`TcgSX2sXJK;1|wvU9Oh^wtqpbq*sd?GzqXEJe$@&tvuE zz*)OHo)zCBuk?mms#vt#h zjiB(?IlSJdNEUVIjqyC{2C6LH1#XP#>Z9PcHI_~Q05qjKI{?0s(L^=Q5NoMW&wE+( zMc2cl_1F4B&q53&q!rTUTdxS%Ijd&f4^c;&2Hv9V*-+9$VQF@HXE)EuTuv{0vRT-B zS`TUezgmF#(VrZp_D97Bdx$;1XI&JS#@4Ka$2f|Bj zi_JL>Yn#G*7#s?zx#HWA9LK^s#;U_gaZ%_CSD2+EB-QW*5k5Y7l1t>_dPN!CQR@wb-#Fh;7c!-_X8t1iIm~8 zif<{}I#L)Tlfw)yXxL(n<-WkHBN|l|HhVHHj2wt1t55$nFYiJvQw9^q{@2)#Cc!%o z@EI{JuF)yNsqo{}ef>FQP3SyNokp?xSk7`4E${YO}Mh>(~g z10HVp=(irxzHsr}(h+OB%hiPm$XVy?Tz ziYDc@yrVk~5<}3FGpMAb5?$hf{>)&k7>%K`HBXAdmjlnQW-Mf4qcdho)1@SB%$Z{} z`nK(={L45`PtxN~C;Y$^=EsjCC^9C5xwu&FR1A;5(|SW_AVJVn^xh@~u}$317G_m? zQtLl+v$_?<-e@3aFly$0(G#mZO^;{ctZ9NpM9|&1Y6C)q^gvBy)||@;UDX^D!X%Rb zbzJ;c5_YB3p!xfba>rj&S;eek>`&hchmoF{SuqWpO-*_8RFbpHUq!iZ2{Cq;t~ts1 z&oQ`4yoPu;%N@Gsk-o;WH=cf9KX%dCEQKJYy`fxv$@RC~h&nm|V&(L9;{*iC``?FY6$++VKq^#-H= zwG&1LYnWa24av#I1ZKJuo-pY%VbHpVf38+Tzc`bP>(St!Fh3+*S?Mj2EP39NYSTu6 zjq;4er0rI4jZb_1=esU8eNCTtOL|q! zn){ZJ7@{ULGas%q7^dCxH_1eks=cGFEtl(~leoJ%Yw3~kcPbo+sz}8L#vP|}`(u$Z znLpK+<43YsY&YyLBXjo(3ynXa+pt$TKXh8c{?l^PYTvMPLpXj}O=cs9=k|>|rxhC` zCw3+D_u1C^JlJ6|?sxfN^oARwY0??buWX2Dy>Sm*geV7AFEUCWs&U`CYoMc}OL#GM z5(dUd%YBo49jT$e>>;ip@z~xz9D`r4@^6-&%}bWH3#)Qi_}DlL{VCU$kF@LGiwEh< z1vq_=jKm_ep4ixonwwb>gS94-8oKb+a41hjpXqX>?bwExB}9|eEwDB@d915Dl`hSM{D|~~naI4W34&&@VJg&$+ z>%z9S%KEbFb0k$R7TGP$cV)E#>{f<7;@jJSwy7$Qbb9_;tf*6b?7)@DFH*!a%YsW! zVSK-SvUQ{uqS(-AE}YGM;j2n#XUWg@zdhk17Znu^FyGeC#T{N))RjL^RZEhCug$OZ zhL=v>Yw67*OIpVB;GgC1cu(qt(K;@9OFnPt ziCIfpI~)kd4|U9lxfja&_9n{tO4Jj$V_xMw#_nUUK&Y+(d9sxdl~8u}WIfJjAmilz zdezXJgp}OCZ%kWNaQ<4*i33Hi3&|_9%x9j4lBe)oCrE@_URr#!0 z`vA>$&v3U#YFj{Y;+Z^=aNTJY{Yc@KXrgs}naTC>?z(0Fc>MLj`U8B9PaKlfjdQ~h z3|h@<+|Sr_j_Q|{F4i8U^{AS%8(nhQEnl^0e3hxGbBUC%EE^#R3s&cmMiEU9j zXcy)#U(vhZQm>2daodw`mWb=BU!G2KnI`UZSz}Q-FHTwhJv+gZwG_qdDf9k%cHZ%z z>3U~GbemDXou+}l>Lq#ChsMU$3AgD6?p+TsWdFlF*vweE{n!6gvaY)xcPeR`VSZkR zHYfWDhZSdV-39M{f_t0<&-txz+%&;F_qY9777d2uwWz^02ZZ*<-hA@Nh?i`?M2+5W z6cvl*$m`~Oc#RHAu^_*=@o#(k&bRm{xW1BAL9wDiRhecuIFBufS$5YJoJCx3aWY#q za~E0oY1D4^tsh=2d!APBPpC~fnbRfI?9+&=mS#RSWf5MEzkJHK`3BH21r<$VwwU*t z7a@fnC&8H?N~}81n(N0vZX3ThDP&qE>CHnDT|T@0z3iNdqB?m)iNovCnR3O(^TI_6 zQxw?4W#a`VL^L!syX(C;xNMRQ^al1v#;&(2v8#68o$vC6^R!OeZqfD^~&v>Qz1 zV#w>q$mR7!_smY?bPXWGo81{8sCDU-X{P=6!KJO=!D`B8zbq{G;$m? z)p(xinCXZnyh$;!O{xniut$A}Yj>A^8mXAH$?IcT=0OSLkdRnOL*g$mXmnCW+}V;y?~Q( zFi1RnTFI%i#`}p0YFfK&c)_}?oDxHv^HED%6B=X_WD*GmPmB#WY7KIue59O@h=TYt z-_9@a_dnJsNuzGA=i&UIjea zLq7dI8fOeb&zr41U2pWXKJh1kP$cMaj@x<$53zZ$^JZUPttkD)m;(#7nQ}Ot4_m`v z3TDjE6|Sf#by}BtW8+hs(Tho3?4@PKttpO!XY8MA#yxJs7@lzGWC*k0#lMQHWOg6> z0w|LVK);yV2V!Y0V$(}^Qo_I=*2md*;8eoXcP}j|F_?@LrJ!jgXQ%k)%e)+7KdT1A zqz<1ke2&nl%|1Pd%aR^!g4wL!WQD1#6wXT58<)0gpRcD|JmETYcgA?ul&3m0JC#A% zKrS{P309roe!Pp+xD~i{oNsmf!Nj2Fm!3uP5IfUmlAx|y?eC@mlAt?V+9T?+r&e9o zcY|wVZq=DHzP-8@BPg$An_J#i4248;Z_hf+?)eoD-A@vQb^Ex47;$@jueK@FW>es$ znkSjPc`bs-;6iUJ(y^Qmh7eR9Ep=w54E|kS)W;&S^Md5*A$EEHhBf}^IjT-t=Th5n zgmhXzru7BVa#knX&2V)#0SSEV?s@wC%Scf%b9xF(@`mk7Z{c`1yi}1kqB@l_f2#+?vVUpOJp0HL7X%}NtVlPL+b&)LYFujQVX!+&@fw}Y1CpM_LA)j* zefs3<=L@w`_qx!D4Y3J4mYkyay!U?o^=yen#7d8GalFRMCd@O^k#$OlNQa^HF~=UayTm8yZq_fL8W^Dg$(gU!>dzw{c~#3S_ySY*N|~ zlZO0O=VJsy2OPkkFKrlsKZNelRVqoNrS7(U8ecJ@IWBbW#eEE(Pk=WPJd~Oil!Mj8 z6>S3822B0Q(YOC}YjnNrsrhpA4tel}&_eW@Kq}w@`|Ij>%47Psnn~mfjc;I2Dyb;T z%BVF;PG^4@_!$jWm|;)ww4w&5M-V_GhBMNguQ0MgvervP?+svD_qwykzDYW1FhtE< zyXQ)4s32Dyk;A}a+^e7z^>Hjvkd*vX(p*pt)SIQtGfTAP4NRL#zv>>RU`%N1S$ z3@O=T9vghF9qRe5=!WF$b01hAVFCv)8$S1~ilA*4P{|&D0#c67_WeQu?ld_UbJtE9 zp6sxL&RS*gQ=ROqvfT5}@0p3xroR;|EXxxP`|Vl(C^cy{bKA~a6-36(Vb~iP z85S9*ycszYn=RI0!epUflo@f=(9%~O&L$H62vGZdM$BQXC(-4t-JQPv8-vdvJt}(4 zt)rACMd4F%*73PE`SVQT>*h%=Z@0RrpysJu&WHT>h_`OT$#V99P~256%Jn`@S!dH^ z7@YLDvSGhyBacYGKD-t?e7r(YF(!WU%%O)&ETPIr+~gYdH?XZ)jHftKIumDRDN>16 z)=3n67;(ASB`INAq2fs7xWlUMIkWjyX);N9Gw0!=ec=&Ix}Cb&W`T8EyFcoy)$qHb zL=&I$;nryM{OFm=IoxCx3HO`&B5Vb*s#c(7Xa0wy!0>>vxemcS;;#=K>fsFqHfLHf zviNHI1u?HbC_gpI)-1_xX1Hgh$$xLRN6sQF1em3;1XZ^Ol|@;|%u9St0jH9K&lY-D zMJ$Ze>MCHKm(k*;w@hlX>h>GxFA4jB-BR(B-8MD#;MuE3;Ub;}^ZK@HQ#}iBB`alU zVNd{zM#%jSCV91EvI2th`m{!i^NQ;xI2PDgR-m*PpSM4ZJGvq;@wj%5mJr?; z-A9>_H8TMM^Ryvp5gx9bW~&T!_x&Bm zXLX$I4KN+1jmv5%oRj3ZlwG$b_JuiG_H}sqM)L;~)pr%$2O?+QTRuTbL!ZI&f^TMvC2oSSXK2Z{d8r5m*)Dt-QLwXU$=I@bJFx zZdrvctc0t!pTgb`>uG-6==njgfCMkW-+vuFuJi&H!nN&}GYlrK)*Fd^?0>5aw*P$= z?b89={V2iIqv}&T^A`*+zCN6r7EZCcJ<~=`#6*2bo{(LU`P=6qzmG@y_)tni^AP&s zU`!~JYTPt`a``ZVz+D=5i9PYj&Lx^#euJ?ibMTL!NzDwcF66pfN z?dG1#p>qh(N7^KK7$^TFO^(WGEim{LDrFU+?yC~G!uN`*dH>weloUlNKI2lyhHpAY z)RvcnK}7GAkV-_q+}Z~|h4}A!S{Y0x-98~dWjQiOs#Q64$}xhjcg$?a*I(rmp%O(a zS}Z>1_o)kW-tOxwaM2X_b}P}z#NuvHtflC9p`wZ7QjR209~0J2KT3DBx5DzCU2SoE zV1FjOtU49{Fxh?|+4#wViNGg?o|n_n$FIrYI{2)?u!qLQj!5O*CaU_EFF5Qkz+FkD zXsD}){y7*KPXO{W<7`PgS3(c$c8jWSg zX^}NKvo^S>I0C9vg@^DaFA=TLdtuJVEuc56$Ff{-NB zi&?ztY8Cl&*CDt5dlzQN(lF#`qSlxA3$nub#Gf}^k<`4ToG-pka+QLLFjA%CZ?O@U z1TxWLbb5S7>BX#*&AXuBnHq=bM5BH(uUS$Pg&c;T0HtWu7$Rq|ynQ(E>es@rnkOSN>G5 zQs$c#-f^MFwNz+12n5)^YxM8?IRJgVy(KqZ) zUSQsaU5Tj$owv5=8fn6*d3P)Y&0L`WQzc4l5@XR%?JFB&3gSM)Yvt6u;b{twT}KAO z>itk^+d6N|bUY699gbk)<;5{T#UWxnTsRfVt#&WiQyJ)P{?ViQYH9y~#(w!R!&KWR zkk}r|n8R-Lkc^0kpt-ia&u2Q)sF+okRK9R_Y227kTzxr|RlW0fy^)+`=l4c*_O&_M zE$@J|;^Oa^4PHBc_a*m7k_~(V{SD?$3S4)mgJA~xgUEiW1h+`n9l9yA>ZtP_9Y`wo zXU{E$RnSqxQNY$7ETezXY8KfOOy^Cv2CN=iP6xO=VcXR}YX8Me&&O?nzQ5c(TY;-N zTi+zgy}vLIZ_1LgT^X~t=jWVBF6*SbykL21{cLJVqp^wnVQ+Wv7L1{vTc8{(HtK2? zS4Dcl?0j32-aWQSl21}wn~B+AqGMR|GV0pRX)wA36 z7u=tZwqIRLmh?P_Sn@HvMBFTExNW@dC7(xKXi3L(1Jq0|IBiMk$^BvA;O_4By^qap zcNC9>8U^DSvmHn;A5l+vJk2TnnlqiZurON#L=Rby``7)p`xnPGxExN7^jHR+4eeu< zL)G#T5w6E|!Akq9Rpl(kBEWCmxVQ4xKeq;XZ+@*uX@9iJ@s+X2ajn3|_9Sj~XEa>| zwpskk)*FG%taWx6-9!+l#$jcNkrh$<$5)_^5!euro(;9S0RG8$=*>4CjWJa|CcX3u zN`3D?R3_)mfAN&7-fsj`;cH$x>H3mOp?N$qIxC9(SDb>`mynswOanagRcSS_;{^*MrzD=$ZHnq3=Quh6=uvsihud2d>(JG6n zic`;5M(#_*ayNzQB@C)~eIKwX-ku0^xZ0O40WL@n`!P;ZKPU{7@-uwulV22%tv4tT zDlZKPNfsBQnoFd^YX2{8jV?T5cX=~3v;8AoPbHub_ zMfs?ZqhdWfWdoqo0>YynK~WLVHt~0=pZ%I@AmKmC@F5NjqiPQ z(fMbR&*p4FtMcgS+wDIoQpy*n=p=PSQ=)G)=$tA>)x^Z>PuHlMq0S9N>4T3JugM?H zzkuR>%!I|5#pn9yP}Lrz3Obj2 zy!IcV68{|=7r3A2y#H5mZxvS6+r0}flaNqCT2!P~7|@?WGmoR)kF9D-l(*X8InA$UCFv6^j~AOS7ZELkN92qggVrg`^0 zk1Qun$fJi?Nu-G1AU>sr?F=vu??;Kge8*HMWiV1RaGT@Koj;?6kC+p7ss^Jf{&B6whnhImeRJ|dVzjamI`-mv?5kf!zDwk9l8uAw?Lf8iB0@T=C^dfZ(EFx>$a(&n>RJ%B(!Ap7J69P4 z)w9+gYKaB?)L88Lp4<+Mv9l&at-VX=7)Ztysff0^EG|J!(<{@il@HEi$%2WH@FKMilk*v!57}fs(z2O9K3i*`wf>$h;4oz@hT{L4QBl=pJ>=Cj zr_nO%(_K^oym)a1Wv;_g&Yj%T{Zf1I;~Gc>Jnur-zqIe5;W8g+_z~6Z=UU6di*LUv zbC>c&m5z?&Vz{uSmF>A|C^6oMWjxCnOdcHU+zKgcahRR-bBNP#k-s`kyiXl((}em3 z3#ivrUvnnlGvo|;)$O(4)60U--Fbz zm~jh05(m=o*QlD>AH9e1o)_DWfmZfh!|#7cx)>T5cvh$gy>roMe?)_Ni;xn}Z)f)h zJwsFHi=4rNg#z2=*5 z)6?>WEt1Qtv;W6R>>!r7xPiW0#p%zs7x4I((l8s~dmK-2P7bE3%SCf#t5OsEWgFF0N9m%>mDE zeJvB!Fc9L`u32kT;pBK<(S;-|tv+;@zas&skF3Ljh7UmU=R2O>&DcNlzpSnl z=QP=Kr?ch7Gnci8u+rJ=Ixj({!yWEe0kShtHrAfZRMUv@fuAc5GNE1*Y`Bo`Fb1$1 zP!FrJ6CylPfRVM+CS(90($y`j+JCO7;#c6$6W)>bfuH=Eo5l^%yTmv?u$rA8$v9o! za(LddXB#jX%s>L)9~gb90MY?D==z6);K^mS_cwuV0=YJT#-xWbNWgpZ*_zUZl$+nT zPf9zM1q7TH*CQ2sUjDXvfM+Z7cj`ja@HMfz14ebrNL1hV62s%LWvjZlbB{;b6a|Zm z`yiU2TI))`+jUSj4yvA`yc2(6@JO8YG+HICJmEr9y_l@njgnVQsXrgZOtU2+x7@ux zj^W$N^s;4mGZk%eZj!s`ciEC{gSp#;PmXygzF(X=qVI5Ug6(1E@z9egON_1bWjB% zCM`V;ff50?&chck>f7RZkOCX7Nzk@t>X!Z4;5)TD55==z84mAKl;4_)Q7&BQPqJsR z*&Jy(Ty>orKMd=ON@aJbh+|a9UhrIud(21X;UCVh+c(o#5);-@=^V-z*>A`e7Z+Lq zTnIXIOUo3g=z(vB5?rI{4$W^S{$8kUBc=brA*M!k2we?=VFz>^0Y-k#OK5QR)Yg z4z(|sRlQwOms{#~#Rn8q-`#_Xt}VxUyyrFjA-x?T6+96n@`Iq zhhqH?7bNYGpVg68X`2`|emfZ4wDL3&@DUJ4`QOR`O$W6Tc=Jg%?GwbU!h3!GDj}Y_+-6)ZtfYE zjz#a^p}qiD%g5_HgpNIh#S~Q_3T!3ecJP_tJDJ+pFjY7Kp^=W^*4UgMa@vzSDJUjfw?EN$c|IxrO`M#x@{;|*hUpXXw4I|Q{g*FamMuF&yserDx%5np)T!Oo zuE1+#4S+>w@9*X_lX%-)2DqkeK;@ZVsDx&YWqw!HSHM4768QwMNpUsIM)x-RVjrA) z?X3G@u9`&8OlFjnTuj(N{^GBU*rm??Kr$Jy5|%#9@=<4Jm^`?1l??kU0p@ceYnBs^ z`}Ys9d)RkVM*lK71wSVD(S3?9<((n$OR?|C1skL__)i;}YR7co}B=Jw^}Dy#s%zSeqT-Ln^#Vs+ixyexY54z;)AuqBpSelpmrBc%sd= zWt@<734X}O4XQ~3)f4`5n(_)hWq z)hlyv@v9s+T~D$Q@^`pq4^4j-I5MF8)x+2wX{oY8_K6C+xlgs>wLz-k9srt@l_Eal* zPRLj1ThRM6&Q<>wAW2j~9j0str9Tu*&aRMHXh8!+UENWy90-53-x<_LG#6}bb_LGN zJjOUHi}dNjzRE)T@q36Q%Tse%()c*@aD3E|DF`#cXR*KEk^LY>M(pikYT?|1&Q+YB zI&n#L#hgZfyNl0h@ik`esjdh`{| z?agz8^phb`_;;SAZJguto|xi@lY^7aRc40d*6rBI1}J8VXE-A;@UK^Y2L1pK_jYTr zQGkY#BPOAzXtJL1WuC>$xh?a<>$w2QT|Ih2f^sH1@yISqn#==eDKH#}6mNG6+P}v+ ztZTbmyu+pTWfIwBOI^7Ft=@N+(Q_#iKxsi7&|-l<>+kBladxz?kKo-|8zmm9@Qm>3 zWi^~+G6+8E8;sA%)3nzK}bFT>i zCbE>aYb2bi45=%Sg6bNpdZpGa3+D~d5BZO7st!0eH=6Nz0^_UVb^zjSR})G)2{EAi z`op;=*do#qLH^N{CTHATKvWyZwhP83JtJ*bJ?+YH6aezX|4p#J!Qv1CwC1+d!qzJo z(Q1VW!2wPZ!1GWO0Z`VpqHIkuK&XMJ3bG)UOhJG3UCPB4C_)XAHN)-6BL|WsWZI4M z4QG=5fp-Pv+1~%3q;|AtytOR4P_JEARE#zgptfLQ8khiHx?IDGM<=_s-G&lJM_Fkv{rt;Q9RGWn#uI7=KfSE- z=ZVi|=iC7<0)F?kE1v%Mqn8Lkj9aHGMwNF?uyyoPuh5oVOt-s&W7n>5gtII_Rj}_{ zpg|xBDA3oh)}BjSvMp9AF}(SB@xTLoJIel(Vz2I9*QzgHk&bGA@8KJTR470Y%o@1s za&prsyz0&~V7Eh5D6Drv4y-`XI>@A#(iEF~gF5PBWV9?KjFSiHY(XU@9FLh6*5btuMH|ANF|xFI;AAPwDqQBR++XI@7i zt1Bhkp2z5WKwwnSTVNGHtDc$xjrP*-EgJ(sErTEo%>W>EP4$iHdP^~{c?cB{T}D$) zhPu6f5q~|QSO@YQ+~P?bXPHS!*Hc>T0(iN3aSA=KZ6}KnzyXtfa1l5eyp|Q#(8t7l zSQ7Dr=+UQinh%RIkS2}vzF#E{$rB`(bKmkYV`A2hUj{_az_MPGrTSJEgU)8ZnLz`- zL(w($+`K$;E(TPJNT=>k7*lmF*^}Beu&|YkgI!;beu+cZ!+zkTHBFNsx{%3vTsp*Y;8yOZu!Ju!FyHh?33(Upl>TsLBY86`x zwiF7Q?mciIc3W$+avHJz1GF{pDxyQZD@Ly2phCKEy3xVWX_hlX(G+lCherBoql2}(pLh1pD+7W{O%zukq*lJw7kM&T?DJ(3jd5uKrXt!rln^uRp$?W)lU zL0?i%7q-RB!;vpqbXh;eqLC zO0!AGec1Uke||y7{8*3%g=yML_rGwrSfHCIQ#d(ngRZP{vVqAUp1f9aRol$h)94*uX>wIV-EK1Jp;M|MNc6wqD!HY^#z z9t`yGp%NRerTwei>;F#PdgI`Uj}5!PLh9m`Q9#PpHsq?a$q3oPXi8005nxa>ZQqEI z3Cbyo%h1+YEBUOzR|Ts>ly#->3|Gq-BUpFeK^3Hgiw1*g6*w98Tu`=kRn)YMN#6i{ zBf*UR5t6~LIP9aKc>FDueiVO$BxM8(l->VMlUh=(S?j6-F|C>;fxU_#V`linn4T`AXAX=PFZT!9Bf4$?3*>us~ z(uZB+KR`kzyeP^m6q;QVe6E3kohl$d{Ck$d=^`HQ80fV_74wcGHcKr&zP+ozn=W4- z7$N~h$~w*eKf(8zNuOgd2Kc^`k>|*;+pKg(P^Kp?hz260qp$aL|D)*fax^Z4bL}H~ z;1F}GQ{#1#7o2iMCR@kj2gW_3Ni~ERnLZDhsfvK>sHFl9%X}2mp>CD6M2D z7@F#6|Nf*7Xj$(rdUGtTCNa48*MbWR(XSGmTJ)y159K$r2?8VU{n4M|Q>508Voum_&6o0AzYykX3dB|lfpi#CYP;>_>1VTx(`x`7 z%@TFpa&u#-SQ>GBD3E;-z!qQO58QmKO`f`360^&ov$J#Y0R~shPKtJ@76{Fidv2^& zK5cc+rP)nl$ z+WE+Bs|Da>;o#wZi4U(0si^A86BQ7O8e5|UJ%#iP1i;T96)MXcx9pp?JwV#Tg8Y-x zbKO|d+^HC7o^bGd_0JFk8;t16Qzdl|CV5D?iV70?iCDl#=J)FS@%fepc<9Zo?F(9l zSRIOk*#Ewmu=PH>RZ7Cc;G?Av5F1N?N`z!30{q;Elq|_3Pocddhstr$?9hdJ@wadw zDSw#}{2$KYktA4L%L7b^Yr5Yh9^JNT0Q?_#&dfawGf;nK75f89_Ncyz1FZn9^`ffc zG$?2J>;~sWDVd|$qk{>@;Dm#T%!BtCSt;p1XkPe7z41#un4lGDyIbe;P(jBh>I&skfg6vhA6?|+FU9|s_I{nwBEpFB?_s~> z<0=;M*65t(i#8ajL?RKm_!PUU_&K%z^>;f0_l?{5e#1jtU4@q)I_yd28v5^;jRj;? zkYPyM+u>WpAC)Mn#HFXn zpqZqleoyF6t+e|n_^~jH&(}PPqcZJi2){gd<5Kke-v;^jZ%`1;}V-X zcg$e~m|;dhERG&za>A2%(t5sA$Gaet2$J>@s!CV{7szhVKj*-7drC~HiRcZNVGHI` zPp@yF?*fcfP~&v2`>@dz*IrV*RPFW(ick8+sw~Om+#gnVhCe26(Ic$bE;G8YvYJ$Y zxgOQkuQU^7X-civvC@Lpm||oCf|H&4M}932#DB6wcVy3^Am>^R#3pg6)MsL6O0k@L z7on_#b+Pq4RozH~VnG?_(Db<1>`2(gD0t&iV-H_4PHS{0|Jp*_wX_7oWtV zleh~eK8>-pY;D|$$D6TTrh^uhS_g-dTJKEbG6EIoqs%wjn6i)J-Zd0!YU}8H)1}jt ziF3>86eA`fVJ6{VW1Ei7p`4ywuiww)|9Nb}^}-LQMZTfC`(r3=*oV~<@{Ty}KT9FC zvNV?`BX2VMB_ny`GAk$4w)twyNvj$M*mskh0twltjzXNr&`bW*RE%b*Wh70jRg@K? zRNC^%9cRc<g;#?h(s2CEJ-n$HYfBjhlA%Xv9}ly`ITw{%Y2`1_IX zdGDI`B3{K4v_wQlGR=suFvoZ zLMu9`0%qF!I*lZU$&Wygh>Hn7mzU3$|A;c%h~E(o{Q$}R7xJw~rTI5lB1%d)QSoRZ zbcyx!QX`_G5)?9+Nk|1uSqly2wYxq~|61-Mky2AjJ?^6k{eo_!7?LWLtUajV#AQ#z z=V+z-tZKrGc~Ux7lI-xd)5-9AhkXL!3n%+y^A5DyV{u&CtyM;Ur2-dh`Vp&{ro35W zl`6twj+n1}rftaOLGej&r%>*x1)sVLSKW{g5{&kSE`SR6Aa%w1O%!CeKC<%vw!u*KaH&H{^L zt%EhbXZ`~u%K27YlP)ZgC;Kai4-Kbuy0m>$yC|CX@bJuzIyO1BF1Z z!hvZqgd>LpwgL5|KUZEhg2DP3#N6YfICM`Y)_4XN#;OA}fCi9x}RHnodqFBTY; zu2;9ass4ID@uZcL!j&&JC$0Sg+;Ta8Rsc$ma;;>NU~@B9YXgA*J35NBxsMqCdxX2zsX|oX_cZT_Su{vMA{317*C? z-X2ceI9mwWX6ART!7?03Z>YX-j^Nj}DLS=SKanz?%p-D(ELi9%aK!V&WAvLWTzy}t z@=JvtrdcmpEqf`&E0)MUXE@Pl*i>m)3PJf=nJPBxMTO&sci{>aOXy(!dxjTGa+AUr z@G9NKGe2r#LR6lcveQR#)Ks{r2NCmhuw4@US|5r%J@mMyROEy!BtRgXB96;BXOBZk zDH_FQB6+BBUix7h3t_p)sI{<{!T1Xo>%`3>)UbR@tvLvm0cf}%EG*h~%3=O_Lqo&b zSYh~*ekU@D^E2qgNEmqAZO@7X#n%@GR$kXRj@3+;eg1&oscsuP4G8>g$L9R+-eIDP zk%G?V_zWr^_HcQppU%~XL9>!B2qWl7lh2GZ^)(G3uwI>nQp5#%PC|u0LSc%8U=};` zlP3sNJcg!uT9?R`{?wET*07%%BJsQ!`g`e}?+3o$3knLN3MG)!Zp3z}t06r?NVAgB%{>`Xqr?+qKl5ig~J29x2J*lG849yt7gU485#ktp7 zS6@$XK|)F@<4}e{L=>&47BbwUTeZ{Ld522<$CET^N6RB0JZO~akc@w|=pUAQLh*tk zBO_mzE4`|WJ0sVWA~fSPHPjOPc>VZez)hje)N$p#Ud)pDR!GeJ>FK%7(i`xKz%>Zf z>0`(=uqr=|oW+KAgh(Jk{BntO_;ydaES1u1p1ZaNr9p2cQFmwD zwt0@J6SJLL;!j{Ct>gLzt{ojjH{(!!j=%8mx_9z0;PDGo^ES)PNssn{^YUi<3Jo)* z;JIT*m);QE&K!ds?nTC<*PRtyQv8NKjvfwcBY7d#s~o%M#*vkeKQ)nnm-#hK((w_> zgYz{4L@ZB{cHdSa8WGcd0RdNFWNhzq9ji45Y`&|w7=Q9KpO#O((dU(>EVS~Ba_aj$ zE#&=Fcju;q6R+FU)Mw-Vd-t}#DVXrc6-%2CmJKeZ*%u&VV5Ce|%ZN#Lxcm_Yhm2DB z3Ng*GSnN>u!=-hnUqsXYrcP_GI=~2J}`B)IWXV2fkEQSHt-4k2tg%eYy84OOQn5Npm~$PmzZnB2(iIAsi%lo5J*1%_eAruVaL2#RKU+`H!UC0of`XA) zkqRf^(utLUL3(YXAl_V4a^`DdGCp%UDKL32)9FF_KLe2+8&)2R+>a=Zw&qbHZ(x96 zax?xt#bQ(FJ9SujYPuyb5x=~C^-)VuBYtmEzAuM#<{_+s!PWn=$!-%1ELrNO?zJzOJ~_) z72Fjpzr&maJ{vuu6dhE4(<$Y0j}G!WpRhL04%t?J4XO3s0fTgGx`6rQ$&;rJb5CCv zsx&w=`KE=0zz18yT{XrN`LP!BEl(|u(%{SxtteF)+;OxqPI3lu<(hf1t4I3k=lc-4 z(P%Dbn)T7bnPk0nW+_(`RE(>p%r|e{nq69|KI#;`fp25R<+6i=Ny@L)@pG9@tsISq zM-`ldj)g29gim09u5PPMs?4b$m~(mfzgx#aES)%prN2l7czC z;J$3qjnaIc3=~4L$#<#M)9W}f(uq+?NqU=j9igPE3P}3%?j+A^AoY*<)V;rcB^ww} z7`n{cH+Cs@0(rbgl=+C6*>7*pDpm4<4Cq|_j+m5ZAJ1@Tl&W*3d*e;V%K}3}UNvmc zq;*WqE%|gF`y)7cc$i=Vue={w*{9a4eSeyUe5O8k5wBZMi&ad8x}$X;TxZ~qf6hBHM~l8cvED27Heao!emy1 z1)aswXvdIlj_LIcp-9F&#UM3<)v%zP8d#?rl@Jqq#Km=MeA0_d=ERT??!0fLz%;$f zM5kKmS6%&ZXRi5%4jSo3zy95Yg$1C1hI;NU=9-*lOB$IWKgJa-FT|W5 z&UbD!rEp;jymszj*=LEVE#llTC|5ft@9z^A*F_% zt<+{e1YuSRd3{yo=YR5MXGm9((7)N(Il?c1HUE?U6wZDGHs=4$rIkYxfWCcf8?$7Y zMyyFc2`0W>Ui01LA%^EMOMlTA44ohs`=-Y?d7x(LXz=qr5(rG=-ek-NReY5wYK>M^ zVlr$|>oZIq3^N(~!4mE)z112lH$hS7DxC7VH$mA^{zpKJLtYOqOi{o7UnDezsBTElZMj_D>j(AGf4W=RpIPa_XKOasT-&9nu{jmt z-NHuR4bN^S_l-tT?y}MYlydC%??;Cuf4_>D zM}k2JVt+^l-gYj$;q?!AmMGuz-CB{RKV3$!+^g1+-JEf1J>OY~uxb7hksj9?mIwGhSK>A58&dF+3;ES6PUWQu1H5gZD zta*3`5(xOb3q)!=3zS^cAMfY~nV&R0xOyXx)OA@R0?XD*EU4msEEO%jUlvF$mv@^Y zRqvC4OZ9B-T^M5PA)e9zGV;fL)BJ1-W5kBY4U%BCrYCtuvpGxF+&@j$m%EIR8M2Rk zg96@ehV=tC!2zAX+cSj?Wt$KNSGvV|VE3=E>#gUL0(G0!U_2CtihcPK^QkkVR*lyZ zXDY?{imCM}B@}(#0qsxLTP7{-B+e3T`ozOcglwLQI^=PD1T*Rmf8yx}ZQOXM`SJ0u zl`%Y3M^VUnXUrlYT;8Jw(&Z9af1Hh;}Q;Qr{pm7pH{T-ZxM zZ{pXhn`*l$>ct-seKux6nW~TOy9#{di&p5aYWx6!(xvtN z7JfSd9wf>ct@yn64R-Du<4G=Gix5B6w&=H`@CWGQ8<)u(sbs(33{Rs`qi{-m# zr0Ph>zWFx2vAaIhS(R_7xc-J)`SBe~<4c7wr%UpM`wGza^&9;I2_b`yO0YFh zq*@U@{n9IXxYfI74vxzTyJ2WXhw4Q*jH!XE6bKwz^*A1m?DBq=KYv=HChxabZ_Y#- zk1PJ(@Zhx8!L+O*Xf8-cCM;fQOR;Pmt}rKu=gd7iMPZ}|T48DIldBC60Dk}nl^la1 z`+Mq>0@Gu)>)FRzrte;WYY6w?fcQ~ukKfDaLNFpC>Q$v7NqNNqw1R#K$2+)Ika|lL zYgPtR=(=*17K51YcAb%yJr3a~56cGmkT3H;X4VViVUAcFzkSn%Nma5e71f(;R7J*^ z1!bL^@Y}>Ar5I9@to7odlq&|D9On#Q!cyn=@|=f;xMt?oPDW05_YVZIPXi#y?Bj3( z-9FNc4{I`?)ESj5t$Qj&w^XPO=C&tkxIzDH%l#RHt3>dZn7VC`Q5N!7?i&+x-5w8X zS;IlY^4jBzgN94^%~9&OOVgS3*k`Z~>pqrGtOpC?H%Hb?ekXO;YAKA(O*GR?aSBz5 z;V%n^9>q!VUX~Yq@1O(suE^Cn9u5ght?wDRFCk%cmUA?fXGigQJ9cStRSLFqhAr<% zeJ|B+*$;1&~+GWvG&oA+t48Eo9l z$-HGR$Rtw4_VbjOIvmrx;4;rWFqB7z{YNR`H z@vZ5J`rOh4{m=+ck~|eYpRPvgPM89_lJaOzY3I|ulK^Eq=u7~rk|k6^JRt3P?*Yil zgOt~vfw4DiZ=AUW7(6tO!WSAI9n3j1AM+E%bVq9>_0|n|nLeCAkk^@n*0|42VxHHn zG&-U`i*Xr6o!+}F`$MCRt?DOczB0W-EJh0RDsd4g!r)qW^my$gGN$5OVH2IRk*3Rw znXJKO^xdX@L$b01(vO9KB!-3eQ1iE=B_viQ&+&KZ{PIJM^z7vrSAkg2gpqST`o1q8 z`-Z5iR5?W$G__6ib%rU2BrhbwQViF<5L7tgrjsQBp@sC>$EeH~zsbG0zkL0wk$xC< zNiH6i6_AlZP-Aq)>?`C9 z-V854K0aUMdM_upG~oJaS}lg+HZ84c+zS!J)Y^)OmJ_jgl)jS6Fn){j=!mwlu{#At z)a&_7!XVmj;y;bo#C(ElAMufR?yTS6aZ)BdirI6@bhyUq>Ns3fX!`^v^Rk+(2xQBF zJ+|CZf?fX9b!z*eS=CL$qfw76Odoaudw)+%gw6)zNkglD@!iLZ!#wjftJO9z)kv~A zKXj?j5g$fxQ1CN&fx4Jkw|*#h43lKBiS7K+t2$hDD~it;drx~i0SK5s*l&eVWdz%l zg&|C!VvIF^qlJn~0kZObppr6Lk?}KN>IdmWc<{xn&833FV@sZro} z;V6kFK8L}R@I#k4hu+P{8|^%A^-O&uOUb21Z2%u)kgK>KHULE)@-(=f zeqn#W*5ddDkEJxjB*JtQLdY5 zHcmhruldXb`Hb}5+*@!8;&@TXxoNH!yVvLD{sJ;oU=QvO-POuM7{tuYnJAy3F@nTZ zbGgF>^Olu1{|wdLJk(n+b*W#>T9MBTe9Fdl!?^)D`bQyA(vh~XSd@alMp|u0&G3h| zyR9jfeP%uP_GplNk@8yK z=|Y<_NS(+v<;^00Ky=X+m=r`h@)5weQ6m8<6QaYkw5Y|@Bm_W8pMoj` zboaiMe!4wQzBOPCcoz^+xt|pr@DVT>U>K;-d)s7_F`wNFnf`F`ozmIM+1J;X8n1(R zKEG28!Jeh^5{A;fA9Q{SmMynln`vqP=ETn8yZKXa*P``bP3MeX-;z;;5yiS`{OSFM z9kHByJ^Xg6m_i$~)^CZ%kpk+*{`ie@WPh-l94P)F7ajE{QJv^&M5aS*oCH7ROEGB( zDQ}t>qJ}$3_qf*S3^2w=FLTGs#Q|Q%Y;}f)L&fQO@)V3i<#!;594*>ppL$|c@F$uk zE7Tci4VSvyD%-OHcgGU^J{bNQSn7%U+}3Qyb=doR-OVC9y3`lm8dghOpPGCq*CrQ2 zbjOQxG$}M|lE920K%_gi^@SB+O!Ux9Uc`XYI&CF^M?Dq$s zJ=HyuXuZ=2Zk#Mf~( zm*-G1xDf!hW9CvO71a3E)$QA3s5ps(pUq=<%XxYkuIe86(U`4Y_^3Vm_g5YXd)YE4 z)xyH0y!O?|fdM7+>a70>rjWPYiKVPS_4i~iK9rP{>|VBl9IqW+oM)adH9gN^gXQAw zFId?5>hZ}1wC5s{I^6*%@8tvnK8eAg6rW&!ayrf}XYYT@H2|1x?iLn}ZOGc%KbTqQ zZ&STVNE9s#0$hep+&nND_9fzO_}BIe%}_c`&n<7vClGi16XiL%S+I6PxsOm?@>7H% zn{kk3oD)G{dZ1gtJ;HIMAe~k-3AEF|szAUlUsoxs0z2FOWbPhB6xbI_*ANR~3cr@R z{GD$3W9{#ugxm{eVrPFhc^^}jDqW+P>5XA&GK@mryC4Z#9~FUd-}9LRseo@9D>0EG z97XYN2Sl~W^foYm*u$aAGND%b^(6cFPQK;1UvVYUe;#ly#LnUAS{;_MaaNseeA*+;yccV8x+ zs6Z)pe}O)zkgfn>7g4TrJF`Mtw1~I`7Wni|CegI6QPN%G(Q2I5@?ZW#vZzB^iY4dP zsPCwWgjlTd4T&!8;KQR0`i)yhU*p0WAbt{l!J8;w+5&!^-#5C}NbOTGaUV)Jhql?8 zOlqny=G>{%;U2*@J{*lk%#CVtO&92AJb5ti@8TnGKd2}W7G0sej~QsU^BLRQrt;1C zeFgS9VS#olx&`GY14S5s_$J9xb=3*$J7*Q5GrbD&>Ky5l$C{nZEh=!$jQF2hxy&yS zk~o}eUQYb7xb{O}U?KNc{=2EA90al}eoGNs>q}{Ir_3T&rfv{wU2Z+2#g{rqWH7g) zd({ej4!z+ZiUop!A{(zx5s?NUi+;VER@2sYJ!Pi?&FbF28G$<0mhSi^w!H2+TBVza zSZQx|wp;LW1|#x_2Li}?tD6E<)?aQ+E%e{PVbJgrtd~fZr=eC)B<#pOE?IZIrS8BD zh_zg?m{D6B{RfL?i44>?=z}MxaVaX}4e(gW3Pjxr$~-V+1I3kCL|%sz$P6E>Z0aHM zUD+qpH&l#{a?h&pc=z$mf5gLy6DOsmzptuN=|E|CsHaRqU@cY+(Up=`;Itv%CnDn1 zS9S-a^=s754mG{&BDB}7x`(aFxl!m!1R5_@Ht%(x*#HKQqi9lc9B_FsYKw9pVqo1I z!Up4Hcb`DoDaPv;Yu3BLP%t;IOZA-L$x-f{z?^!J_oMK4)lc)h~ zUpAYhdwS}dcS9D>?25u?P@GPk4;KA8GY(0@?rwex_&2NLgI3Dk4dA-(Rpjv3S3DNV zj{QgH!6!bK53bPEf3FQ*;WYp5z6JXK*GosF8*yPTO39XF5%5p!g|u+C;9K|q1r#16 ANdN!< literal 0 HcmV?d00001 diff --git a/_versions/main/guides/images/oidc-mastodon-registered-apps.png b/_versions/main/guides/images/oidc-mastodon-registered-apps.png new file mode 100644 index 0000000000000000000000000000000000000000..a0205a4ceca3a258b019aaeca6f86c28d144e676 GIT binary patch literal 13470 zcmeHuWmFtpv}F?@gg_t!_ap=e5+t|>3GNVFg1fsD0TML0OG2>VZcPIrxCOU{#5c`?WA1moPW~ zdom#x5a=mLK}J&BH*0^vY0}@(T zgXeWi>D!`TDy8*}RMi69pRg2$u;%t|Zv~<2?q!OM^XDgsK8ADnsL<-t2_)BzJz08h zHX)JtG11)-@2Ki$4Ep!>sU^G$EHf&}cqu%>VaEE)(pN*DD9g+iCyL z-s6h=@-%8xzs6ihNr!!F>bvy*3ER70f7B9#tw+Gkrw1plbSZz0f;n^VUi_M8vA*hb z31tBn*u_ib_-;G)qi}EPm+=B*DS>p5^5}HJr}PWjKrG<=d6f*VsF;|adk4tK$mqC5 zp5Qp(^3ICuxjPkM1@!Ic&f9tW`tdd!!ih7w-NnIMVIh{UloN$F`&Ot%5x>>XH(tuh z_&Ym0K4%y8^q%;AZ?A7o-u-(ESpTIn?e@`k=`zFCl>3jU@BOWi#tFXkdxDFLi}V`M zEq-%G#Rs3LwHe-A?T-5Ak=n0Czow<>U0+}8HF(;YkZ)04wgui<9vy^a@%8JBpzrMb zG;Z}HMoY8u8NFt6@Kap(}DI9n3Mp_pfQzm&Oi>T(8K_=GBxxdu%-wV)Q}I6cYuWmm^S-c!(bE z*E}9u6qo(RrTX{2hg{xWa{~-no*m0)H*JZ2i$|UiA8%$lGc}d$7ezK-BtgLwzM+&lS44j> z5y6Z@09po2cM6|>6zU_}E|=Zng^|YZ#X82UHjY{m$4Ysy-iix*?QwNVos%C?#Jt$z zlW+3re$q>gdpi6OY2M3^N{~)X>hv__x{GJQaV}^r3 z8Z)!Kw9^Th2&#q%|11zh!ZtW(P-W%Lr{r&^>hBrm@i#KLmAwks=W4`^`_bA zLXH)#kO5esT1Bb|+gu32;35>d4XtNW$>b}r>`&0k&K4r29=xhL8_E*T#v|ttEOV*W zvz==p9X71X3%oogIXZs+?AeE)m6dB@2YwMBIOxu7iG|9LLQ$=6 z=&`P?4uOdWU*F;&4?V80y3MQq{;*P-uXB)VKHfMwI$9ntP@ndnBTqF^y&mFmE3*cP`m5v?9FTE>uci0sVXckyH%MCUZ=<@`vUcq-*vWAk==OY z<7?k@1dU@a5eUT4<-S0~{;q&yN7amJBMu&y^J-~$xF#QOQcAfYxB2Xm!@cQj+od02 zU2jOz1-=e4DyA&w$4Nj6M^&mrLGxa=YPDp;enH#nNcfUP%T1pEtYdh1SbX1fGMB@+ zRkKvb$s~9s%s~qGP4cgIeup>QdhBE<@L&7ypLOsyGOH~vosgA{o)t4|TU)(papEro z1!v8IOY)v7Vq=eit?*3zcC5_J%|Wg{K3myihi+(0Lcy}by*;J2tFscrN;=}67z^Z( zzK?cA)`qXmX#m#!`@%z{824G^f0T+LZ@fmHshQ+9d|b zHaOzLUk7gr*var1V1b`xW2j9%OuTld3se_dhENt9rh!QPimX%sxz-_*+F#m1*}|PY zDv!x+ASRt3kB+(?8<37qn8C!;#4$NcJ`+lCZN^a8l`Yh>dBQ=`5tQ|88v~t3W?VJ| zLzyA_5NYY}9?UP_JxoY6>m|s)G*x^ksz;p@Om%xbVXI317*wR%mBccqf&&Y}$ufR_ zNLQ?ZnU!s}CY#1j>pn?6Tkn7)*3vawX@>Hy(#s1Hu^q<(w>{%03r2Un#0hO}tqzW% zT3*5B=H}WGm~F$!K@%D^ckiJoc%AMYg7H3?hW~oE(w+L01=q+pdQY>6faE2JS+%3G zUDCIy+G(+cYng@Nec0zWuKI!@bcM=cZ2{=3_Cwf8g|1YNs9S=SQce3@NU<(wU|^u_ zLPd7aQeD56yh48k8@v85k}kREDx89$A>~*aAt|HS_9NDJrLW;`u68D7L&?#I_Y4F2+axbNg6N0Mm5K?EUY!7 zw3N*Se3K%r9vK_UbhWO4@?7~H=I1kH3#>sZ=ZH6FyDu0S-L{t{BdA^q2ne)nP<;Mr zwWov3v#g!d;|dXn#pZSZF~7g(35S05Kih*<4gC|9H8s)8E1UOc0;s;0;(>*+etqt! zv8v+0|D_vYlgpQK_$b1>J30@;6&=)bh;twitXus48uA3+o%P+oHvPt?b&|!2wJnr_ zZg;22WH_VB|IttucGz|Fx7C&SHn64-8Fw%JXs%bp1Qq(~Dyg zjH`$vR54TiNh3D7G|$zH;mt-PQ-V*MHEuKk>XkwL@4313ym3h|0%?eR>WPHwZw_bg zRozwA$H8QV)uR;$WVQLF`%;KY zUCuy5ZO@IMgImmvY5aZ$FU%fH9_QDCNmg zK$$`HlhE)OD(>BKfoeT=5*E$Rz{<(9k!o5o*E>Qh;%BigpOBc~>fy157Qgwdn9PQ$ zUT^;n<R(O-Y zumNit-@d2Km$g}yX*$j>p0ej%#KY&6QqK=p|1L@+W{;Kk8LJ76!SF`=rORXmO%&K0 z*5A(+d{0L9_grlcn2PVaB5Cg#8OO(Dw%Q^T@&gV%uYFcWaaaZyh9mzhxVw1Yejcl$ zB@7bYeQ$rEYiHtUZmS1LE%2KylNAGic8q( zj;u!$B*<*qvDeCKfTA6BE)eW~d@hi&KIbUwdxZQ@$D1ZX=r4wqlOxLm4noBkl$BGC+Fur+eIY7@3O7^{e^J|Y4V)K)_NePQ|O02 zPq`7uUU7U5-PjRhVPb=Q@klbZU3DZ|nact*QH&isnV`k_q&G{`9iP;L5rn~RQ1y-9X~DeS02d#BJ>shb5hZ2+(qiiz#7TsD zx{{fX?@U!y4hXG-geKp7*?e72+nH&%^udidv?)_pKXL4!xp@rrb@9vm`z(2B8WVMX zJfhHr;-KT>mf-fxZ;$i)7joLToU@1$!olXJA}w^N8fs{d5zC2+iEWDBp0a+L z=-dO<@84w~gWv6>qExJmr>0=5Skr;ie-3ok_2Wl#MS8((XU?fAIlTR5G9n-sdisbR zti;ZRwYAm#N-=l-ZSdf{&vu6ZanA(ALhhp?&dR|-?67sKooUft^_(Mt!16((ud`4l z-ctWrALXe#@>y%VVlpeD>rd|XLM44N>$~5BgLqNh$ElT_F}^6@1=Gx1<3BcNV<4Sa z(s;Ab?n3VpO|kP=w90d5yzX!|p2#J7b&Dm@ZoF*Abg3PnK2YPq6l#_JirbuvC>CmJ2jx^JZ*}bXHUvd%&rII$+G3K zbNdP-R6im~V_-$9R-+#70|Xk*&a(O(MqC+Ni}Kgl`7G~u#^*lt4-Rh2O@W&=qO`x? zqxl-@wHHnGeW(;Crb%JB1*(!g_{a;CAD8MP$zZwUa9n1MyS$z3-@T`d`NEj5CA-o^ zvcmbEK}TumjhDH(W<~O$_XYXc)@7SPlBgw*M!l@W` z!wz|_ZUu#`2nX9NBF3-|Pj}$A^14y{_X!Ja2=iguF&VO2jiopq&M*up6eE+U;|cLI z8#R0Z0pAVMwb?0pu8is7bdM8{hPmjx>3kgUktiJIavH{JOqIgHlR=Ur;(}FJVH~sP z&ImGT4r|erb8AKrluQ`~3KQQsAaUL;H^*T^qyo71tjW&(_kpv5NTlD!z*890Ip zXz}p|w5DxS$G!An(3P#iJlTx70Z59eX};;`Z*06KU&O~YwI>}u#E^}S+nbQf3jtzM z(zoA#hhY?J)(`LvmaaDu2xT%YagOb1X;TmoB?+T)+YjHS26O06On9 z-=J|Pax}})h~t}?{mqj^f`7j7MPugg=$B`_FUO4UT`sMbRd1;=w*RFOrvq~q#L7M36W=({w|Yz=7^dk@!&$s7z(=ysoU=kw;tS34!z}uV23g)+^#ioDxh;0i$$|dhIzD zaxr5^ITS}pUGFi>_M+qaUi0uYd+t10N_7z01&G2AY&-xCE-o(q=DFoN5PIXdPlE-8 zgfuz^2kBCF`I_oierEE!^dxjgDagwM=~+xK-RQx)w3HOYG$M5f`4rp@_r9CIuwuapP5}36H+M zK3K#$TC8d-umb@^7xHkyhTaY&~@YBTPl ztUYTh;{Ye|wq5STk`me6qW;9;xN5Uch{TDXrqQ|AOt1*XP*bK`Wk9HK0~qAYOsWf0 zH1q4%PhcOh_xbQZnF3DMKCx~DJ_oaAg!*T@Gg|;gevON|Bd`RRO6%c4LgCj{dhCH` zXL{a_Fv&OX-F_MI(fy37joJ}sjrh#vH?RHU$B&o5`j7q4Qh?K_#kb#!zDXo-{lS$O z@})jMwWQ=6CM7_BxY7P-V&~4=Ak=J)A5Xpg%>Cu=PR@y1A5P7LL>6iqM~RUSHz*;` zqo*SyBSv7~F}j5NgnnUwjJ3LXARCjxM|)q{)w@49Xtl}Wuz!p`@QtS@??jPueZ(7{ zC~}UUhH(c#f^1%`N5O4Rq9%Gq0?Y%TyZknRcx;UzP{T{f&K-aTVTmvo_Bz1tQ2K;J z{6sS>EzNcyiDm65Z+?HF0ll#X;MW)VTX(f+1-JD+B5|4%NRXa25R$I0RnqFhuFD|$ zSjx4k#dU>tLHrG)GCgkAcNLBy-yEEUfd|Liw82S~3d5TKlKWrUB~m&%DblrXOkobF znNV)|4}cz&%&P1CKv5%J13(j>!Uao9%Wnw@Qg@O-D#t$8>OxbssRt`RGInIIi~G>y z#q;0dK^sCEy0IRcr<6-KFcD-;AdfeD!=QymOLOyBv4RC%nHCN}1S6<^X3Z=^n>~P# zS`yzsI8X&1xQmY~F(Ki1CWD;Nq!jl3`XDg=pC1!bJvc1_)QxS(D9mHy4{hz#c)tg++R!4f>HsQmWt8eK{ZEpeS95H`neRS%?%v4q zzt`ubFh&3IdB|iLLZ@sR8pL0CEn;b1SmW+BEV2}5|BuA~!Zb3kbw*YPDoBe;) zetC%J`mEq<9<7rW3ir7FA?1y}YPaSZ&VS|g{!|W=hcN5Y&*a%ViK&cxu(hYt@mlL=; z2Ih#o^T#hxhGQ!||MPtf8WC^=j>F8gAyUHWI1YS*>=T)nYj(HtyX@Y2NvDn<$`nIg z!{W$jHJH-8cKr3rb>hY4)$6N8fjNqXkDpc+^tgP;_U9W0_RN7A6;vC7r*v@O?70KQ z2wiIPzkb!L2eza%+Y?wC6Cc3FIXR9RC3^fA^v2SX#AEB#I()9SSwn^>J|ucn;wF?M zd;a810ESpyo)PqWol)6-{n_7(erWH<-JR8eI|FM-&%#1fSX9b5#K{2+2Ezvl!d=#i z4%^KTA7Qht9t^Np)IAAPQ&3KjHHZku8*#hcIM>V<%~wh`QLiL7VIjKIPQTddeXj%1 zdcI4WSl`TVz~>usM#Y2a>FHfSqGF;K?}yN{^-f|Ujo}D{Tt4E+b!!JBj%Ouv6yw5a z+7hs##xDt1dNr|2iUP$Htfw!2KH(`;wM6HXml^TrLI@=+C2rSq+bu@mEP;ZXwBAmJ zqXSkaCB~()2d2tEQ7uoWoa(ySnwFSZ#cXWV3M_cRr&Fmf=juuciX>qfn&p(R?oIJ> z#5e3z;uLj&A!QE>1g?}pwo^YSmB?>YFAj!>(vFEY29mKm?7htY96fVfY|0Q5;Xm4M z;(V!7x4qa*0YH*kzmM6@iiy~4JNjvE5Q2}6?f{sRB{RQE_fGIxJ2&`v{s9$lac|#@ zX+3AHLH3uZs3KD|27IYDHBN#?WhYNlKy>M3RBX88?%fyYDK0lfc%7l40&)bH?`Qv_ z$4e|kZbd8wU2a`?7h60n|8_8^a|5&NyC-IWN)6{i&A@1p`c-*^iOj(ft*s)Q;A>Vk z-3sf|R+sVWAZnEGIZQW3t4NIpekOo8J$(T>ohY98Ny@F4Q@mX0? zXy#nA<0MK@;MpZwBmW9BI&dxI`e^NiNiaglAGz(XbXYKhQhrcw5awnYqUw7QY!bNh z4k{)}A%Nt`%F5clQ761FI+yDs8`2jl$*F$x0p+)~PvqzBBqQ@8#A9Ud-nw?7=VL-~ zy{I_x+bm2RLbq*KtTy^xGxQs5y=r^DJpspic|d}ey3l45(ienURLhEsTFX8c{~5F} zU1vL%6o!{-be^`@>SeuClYA}c_8J7#54B&K5`?m7*>HJXu_O0IKpjzNKR`-nC8iJg zFsoIB0eE;gP$m+F*IGqcld!J$5@Y6CY>h0k8#jEs|7dr-Rab5El^%Y_2h50ziwRB) z+wq^z_UDUlAV4+r5iNhDbOgc4HUr_w?~wb|9y4^}s8t7@3Ii3yD#m2FR;B=q&M73s z)7|~~t5^FeOG=gJ>3>^weSl1q^6HBE=g*%BIq{u;=zBD(rG%hjP>g&l$qUGh=k7e7 z%~s%<+e<)Ml7alvZyA@f>;5%Ga&&4rSCb6YEoXi9ELnL*!t086Y00Fix!JfDerm@s zbV1JI-eo~X_)=C`xh%+k2+#{5eF=b{FZS-E^h@aG$yVur0PdPj`G zyuL3%uMBzXL-a}2*-=4FeziT574Oy>U`igrOftQHz9l8e^m4S>&XnLdiFg;i%~W-S zHig~YC#3WFF0ZX>V@?o@W)oLFENJhr8FUx?g91~O!x?;?u=WS0v9zPRe0%T{Imj&) z5UJ)vIJuy|)j@_0&I=zJ8_5CaHXk`Wp+WMPUpxjJZYY$Qo`HcU(P~g<>8PoFIDOD# z6h9Bf&?e+_AnFoJH4;nPs@G)8A}+opXqerMhS(?JaY)a-F8CT7i*Z-GO&y#FZ@Tb} z2;wkBFc+!iu4FgL9e3-l6&sf_C9~=*PnqQ(TnK;t0#$k*OVc%23UZ023I{Y8bG7Ur zRwsoZIJ7<@ZC1;1wkcf_Gk5tkod=7At*1C%+V8xLFkL8MLg92#r|nF*9E$L#OVs)<|Mb{EGSlCt#Mh5L~6U054{s3hTDk z&dklyFOF`dXFA@np&x5dQ34Ur2?KABA~tH^Wz#L+Y&%Dfnn~F0>;ztgSjfxEFSkpF z6MJ2MZcC3yuZ9Ii0jM@AA@BfLHgw7^5;a^PcpZHLODl`$nAH=(=qUAk6-iI3#{9!`HcfVV|=3c_Maw;^YDeX5B^>bTV5J6w`6K< zqLCayIO|^AGPhG%CoP~@c5S?U>Er>iqtnx^-`y|053=O{j1~A9S1nBcn4=g-a{gVH zZmggzx?fc$v;3*f;RIX6`}R+Y)7tGZcjQ%sX4U)05d@q~6RQBD>+?!tH;x?|!Z%ly zncpHkWm6toWfUTToU|+?6PC!Pip$RS4-BnKT?-+dVShI32m1#G2I`MVSv7&I(Y`8R z&!59MdbIu~QeGTSiLaFKr&JiSOkX6U>4JfTQz!fWS;WWguU{CVJP`6JM$nm8~m^M z^+WQ4nZ(hx4dZWKgXC2!qtvkcGSm7mJk?`K4_K9MHun*PFFV1M5*r4Tc$ee_CbbPT zVqi5hg%_zCnN{nntCIEhaaEp|4q4GlSZ@G(`TCQ6zrs{|;%3P$F3z|!WkDu!3r!mu z;sw$9`C^pnwDDsm!Sr3i2mpyysBsFlrfL zL4M4p7U6B7U+awD`&@Ud=-gVunOIRSk68VBL+hVT) zF;jji>}D>O%<6588lmqS7y#vk7D*H+PB-Qn3>7x_FL0T3mdwuYu!xigSE@Y@oY+|$G8n2 z7@~>#S=>Mu?a?(=b8gJr6bzko><3R94d_x zQBZU&9o>L0ktiA=`#=ZuB=ODmxjbhe-c^-@kDv=!EWEF84TSG|tU$cuuLJ)TNf_vpjjG>S9 zLb$}&SmDUhOp#%c(>$rZo1cX*Y8{j)sC76oGKbxm$?&|W>VNuY_uO^X_;Y1homjh@ zmS6GOO<;#YFmY<_S6m#8+aukRrR^qv5sPEvxv^deDxuRxE^CY2(f7VycWq>fD}~{` z``y2)tUN>(amj4aaOVIVLeB8vrY7IN)r$h~Ig#YA?RD>AA586*PK~p&%8*{rMZDKG z2gLA4xz4#;YsMeFoy2WUQYwYWns*B~94B3|#<(-nFO=}6oi4sG#lU`q7ParR6pg@{ zUWvtzORB(6Sl{hRO(ML0{F-mfBLi;J-@OPy!>%j)ZpPc!TpDa#Qb2Y_AC2a4c{cCLd2bDAD!s_a<40uE6 zL8Vj4IG z^yHm&l*Y5|Ap~c8kD7PtpAa?wkc~lI1|8h99=Xb9eU^N&T1zNK*rGi|X z1_9jJcA`Z{`W7YHuAI}Ew{@$euCB1;x90`Q;C1d``-JXlsfvldT-E~Awd7tKM)ZA$ z)X}YuoP7{5XLe(VX94QM!~qG-6CvR88(L^9W@z4WB&cq0Db77vN}u27{(?Y7p=1+*qd*cztC(j))Cf}v2kLpQ7H95#lXjUwBZqZt^{7FA5XCPVXO)Xn@Iu(uz>BP zB@X2Z5s{OV3!nQviP|`*FC)4v>Ju>QA0CdFtc$X=vJxIrYc^tA-P{f8+UMcnNoxh* zk|E`Ntrd}*C2mE9iLbvUPI?e3gn=88)RxlQwV3Md1bKf5Nry{Zpk5^dmyoK({cdVS zxgW2~S`Y0?D*p0IZk*cffdthSKN-gaF*CCzvw1THqS=84Nt8bh;iygj@w1?g!(wSI#FpS2IHVds}k z4+!Wolw_@0XO9ZGJF^P#~Yq&&PZ~UqUXu0n| zGMmz+yVYF1NLKI-4r1*Oi{m^vMnbnT-+kjDsLp9IO9>YjXx2cn8`NZRLNZ(v^CO`` zhB{;?HaE(DZp8>r)<&|eH`Oc@R26}VWn?tE*U?oA%E1P+mXwT4#?e`??H0gcZOMy6YThq%D@SHPQLvo&K2T%?5YGee$d6h{XsF&>x$MO9UWou zr4N&psE0W@Z=1$BcVuBdlJK0RWo2umU7OQ^s4DEiR2!>5k({+WLBQYb(8mMk&UZuZtt$ zD!E#vo3$jTxT_amx%gdf=1+Zda&C>9Jb#O4$HyzXANzsZBG-0z-%6Ro`OHWT zxlD9N;XJN)!^6zk?v*=ik1>5FVPs?^ucU&V=eqLy&!4R4Vq&zQg{k2rnOmmdu*k>i z&-=`B)H*69mOU!3E zS4HT%eC9y~XSP+U72HXrr#% z4~quZ?W21}#%;FhAuk{85nA-uIAnG*zWB3j{Io-S9}bU=kTXk27y)`wKSl&Ro7nsI z&G%vED?H9h(CS(oRqq*xg1`ThogEedaQO4*jciPtBnk@sqEHu*zR=Q;g<7`t-wCz9 zZH97J;z(Z9IlcM%k?!_%JtnAVH0!&f{9AUisE-LyzOYCVfb4LpcMLud+S##dYHBj~ z@-FnqElLyF$9YZwZ|*m#c~|T%0n(5oa7TO`^S9o+dIz6t7=x(F%3kp;7=s_nX-eH2 z+#GRD%Z+!2I2#yHX+dtV40Vub(nq&X-BHIXJmAyQ7v6{IQu+70Sm@L-eSAy->Zo{z zlViRRdx#;gC@k&o|J-Vjw|8nP>f6BLe!YtG0X7C6zabMHU05;II59{mR$NK9)pzH` z)+oLC+9s#n^o0|25oi>-xUfhfu#b+4!s(8h`Dyu8xCg>cHeY}FQIWJ2M3#^^VpeNq zzScuOzk;&SDv^?lywc^SZ5{z!9wzA+{vDG)YmTiOBDJ%jBRDh zkSr7+b_8TMD356L5nCG_=4 z+=Y(ie#?2u$+FU<-;vdG2J{Q=9d;1F_pDtmJm(uPBg@J>f1eMp{tlBD6?-Vc%gIyg zg093Ot5iq~&({MxKFDm0F0e~%^j%-U&JrRXNv}m=Fle(IBU!!n@Cy$@70s7R|+NE-|rgHVaf_5hM2$|FzMmwcX+&s<-o%Tjuea;#Ay-^!fFR9bh zci4?@sbZ)gs>8dOU!x=jx@lC9zxe}YvgbJw>gSY#Li$31mbjUXfnE-1S0EY9|!Oe7)U=++0qF87H6t zxqThcd-b={h4a>kIAx~jIr^R%8<}Q}r_k%yJZWCdapOStF}Cvk77JU~vj1?xxh3vu zcmcp?g+Qp#ZyomcC-WOfD?A&t)Ed9BEx)e?8hx+|Nf-Y zcm_{3vwpoT0f;$2)*XHnd{DUs&C-k!t`D~pv<&K?QvyYj~ zE#rS~8@WYd`uX}U-tr#=*V&5S2UuV8Np1t-(A{xfIM_n<7p}FqvI?Ajs z>x9kmZpZJ2$EOmsR`sg3{T`D3%FDYe{`fuL6V9h(dHMDF1VC`!<*$!`O4cPF1Xb+} zY~#2qWvsizS7xsKyUXO7^zJ^xw!Z)5*v~J&{&%;i-0hlh7QN89`y!bajm6ggLwjHT eyEPUBTH2@`+jsa@3fMaYQh2K>Qz7;K<9`5@lT!)+ literal 0 HcmV?d00001 diff --git a/_versions/main/guides/kafka.adoc b/_versions/main/guides/kafka.adoc index c827e550d1..01c6215374 100644 --- a/_versions/main/guides/kafka.adoc +++ b/_versions/main/guides/kafka.adoc @@ -1245,6 +1245,66 @@ Reciprocally, multiple producers on the same channel can be merged by setting `m On the `@Incoming` methods, you can control how multiple channels are merged using the `@Merge` annotation. ==== +Repeating the `@Outgoing` annotation on outbound or processing methods allows another way of dispatching messages to multiple outgoing channels: + +[source, java] +---- +import java.util.Random; + +import jakarta.enterprise.context.ApplicationScoped; + +import org.eclipse.microprofile.reactive.messaging.Outgoing; + +@ApplicationScoped +public class MultipleProducers { + + private final Random random = new Random(); + + @Outgoing("generated") + @Outgoing("generated-2") + double priceBroadcast() { + return random.nextDouble(); + } + +} +---- + +In the previous example generated price will be broadcast to both outbound channels. +The following example selectively sends messages to multiple outgoing channels using the `Targeted` container object, +containing key as channel name and value as message payload. + +[source, java] +---- +import jakarta.enterprise.context.ApplicationScoped; + +import org.eclipse.microprofile.reactive.messaging.Incoming; +import org.eclipse.microprofile.reactive.messaging.Outgoing; + +import io.smallrye.reactive.messaging.Targeted; + +@ApplicationScoped +public class TargetedProducers { + + @Incoming("in") + @Outgoing("out1") + @Outgoing("out2") + @Outgoing("out3") + public Targeted process(double price) { + Targeted targeted = Targeted.of("out1", "Price: " + price, + "out2", "Quote: " + price); + if (price > 90.0) { + return targeted.with("out3", price); + } + return targeted; + } + +} +---- + +Note that xref:serialization-autodetection[the auto-detection for Kafka serializers] doesn't work for signatures using the `Targeted`. + +For more details on using multiple outgoings, please refer to the http://smallrye.io/smallrye-reactive-messaging/4.10.0/concepts/outgoings/[SmallRye Reactive Messaging documentation]. + === Kafka Transactions Kafka transactions enable atomic writes to multiple Kafka topics and partitions. @@ -2261,7 +2321,7 @@ See the xref:quarkus-reactive-architecture.adoc[Quarkus Reactive Architecture do == Channel Decorators -SmallRye Reactive Messaging supports decorating incoming and outgoing channels for implementing cross-cutting concerns such as monitoring, tracing or message interception. For more information on implementing decorators and message interceptors see the http://smallrye.io/smallrye-reactive-messaging/3.19.1/concepts/decorators/[SmallRye Reactive Messaging documentation]. +SmallRye Reactive Messaging supports decorating incoming and outgoing channels for implementing cross-cutting concerns such as monitoring, tracing or message interception. For more information on implementing decorators and message interceptors see the http://smallrye.io/smallrye-reactive-messaging/latest/concepts/decorators/[SmallRye Reactive Messaging documentation]. [[kafka-configuration]] == Configuration Reference diff --git a/_versions/main/guides/security-oidc-code-flow-authentication-tutorial.adoc b/_versions/main/guides/security-oidc-code-flow-authentication-tutorial.adoc index 3d7e1a525f..c34a0ac07e 100644 --- a/_versions/main/guides/security-oidc-code-flow-authentication-tutorial.adoc +++ b/_versions/main/guides/security-oidc-code-flow-authentication-tutorial.adoc @@ -8,7 +8,7 @@ With the Quarkus OpenID Connect (OIDC) extension, you can protect application HT To learn more about the OIDC authorization code flow mechanism, see xref:security-oidc-code-flow-authentication.adoc[OIDC code flow mechanism for protecting web applications]. -To learn about how well-known social providers such as Google, GitHub, Microsoft, Twitter, Apple, Facebook, and Spotify can be used with Quarkus OIDC, see xref:security-openid-connect-providers.adoc[Configuring Well-Known OpenID Connect Providers]. +To learn about how well-known social providers such as Apple, Facebook, GitHub, Google, Mastodon, Microsoft, Twitch, Twitter (X), and Spotify can be used with Quarkus OIDC, see xref:security-openid-connect-providers.adoc[Configuring Well-Known OpenID Connect Providers]. See also, xref:security-authentication-mechanisms.adoc#other-supported-authentication-mechanisms[Authentication mechanisms in Quarkus]. If you want to protect your service applications by using OIDC Bearer token authentication, see xref:security-oidc-bearer-token-authentication-concept.adoc[OIDC Bearer token authentication]. diff --git a/_versions/main/guides/security-openid-connect-providers.adoc b/_versions/main/guides/security-openid-connect-providers.adoc index eb204a6111..71db935f2d 100644 --- a/_versions/main/guides/security-openid-connect-providers.adoc +++ b/_versions/main/guides/security-openid-connect-providers.adoc @@ -114,6 +114,39 @@ quarkus.oidc.credentials.secret= TIP: You can also send access tokens issued by `Google` to `quarkus.oidc.application-type=service` or `quarkus.oidc.application-type=hybrid` Quarkus applications. +[[mastodon]] +=== Mastodon + +Create a https://joinmastodon.org/[Mastodon account]. You must https://joinmastodon.org/servers[pick a server], for example, `mastodon.social`. +Select a `Development` option in you account and register an application, for example: + +image::oidc-mastodon-register-app.png[role="thumb"] + +Select the registered application: + +image::oidc-mastodon-registered-apps.png[role="thumb"] + +and note its client id and client secret properties, use them to configure your `application.properties`: + +[source,properties] +---- +quarkus.oidc.provider=mastodon +quarkus.oidc.client-id= +quarkus.oidc.credentials.client-secret.value= +---- + +By default, `quarkus.oidc.provider=mastodon` sets `quarkus.oidc.auth-server-url` to the `https://mastodon.social` Mastodon server address. + +You can override `quarkus.oidc.auth-server-url` if you have created your account in another Mastodon server, for example: + +[source,properties] +---- +quarkus.oidc.provider=mastodon +quarkus.oidc.auth-server-url=https://infosec.exchange +quarkus.oidc.client-id= +quarkus.oidc.credentials.client-secret.value= +---- + [[microsoft]] === Microsoft diff --git a/_versions/main/guides/transaction.adoc b/_versions/main/guides/transaction.adoc index d545d48acb..df905edadc 100644 --- a/_versions/main/guides/transaction.adoc +++ b/_versions/main/guides/transaction.adoc @@ -369,7 +369,7 @@ In cloud environments where persistent storage is not available, such as when ap IMPORTANT: While there are several benefits to using a database to store transaction logs, you might notice a reduction in performance compared with using the file system to store the logs. -Quarkus allows the following JDBC-specific configuration of the object store included in `quarkus.transacion-manager.object-store.` properties, where can be: +Quarkus allows the following JDBC-specific configuration of the object store included in `quarkus.transaction-manager.object-store.` properties, where can be: * `type` (_string_): Configure this property to `jdbc` to enable usage of a Quarkus JDBC datasource for transaction logging. diff --git a/_versions/main/guides/upx.adoc b/_versions/main/guides/upx.adoc index b973e0f6d9..58a3bb855c 100644 --- a/_versions/main/guides/upx.adoc +++ b/_versions/main/guides/upx.adoc @@ -3,9 +3,7 @@ This guide is maintained in the main Quarkus repository and pull requests should be submitted there: https://github.com/quarkusio/quarkus/tree/main/docs/src/main/asciidoc //// - = Compressing native executables using UPX - include::_attributes.adoc[] https://upx.github.io/[Ultimate Packer for eXecutables (UPX)] is a compression tool reducing the size of executables. diff --git a/_versions/main/guides/virtual-threads.adoc b/_versions/main/guides/virtual-threads.adoc index 935347f703..95223c68b3 100644 --- a/_versions/main/guides/virtual-threads.adoc +++ b/_versions/main/guides/virtual-threads.adoc @@ -147,7 +147,7 @@ For each of them, the object stored in the `ThreadLocal` is created (often large This problem leads to high memory usage. Unfortunately, it requires sophisticated code changes in the libraries themselves. -=== Use @RunVirtualThread with RESTEasy Reactive +=== Use @RunOnVirtualThread with RESTEasy Reactive This section shows a brief example of using the link:{runonvthread}[@RunOnVirtualThread] annotation. It also explains the various development and execution models offered by Quarkus. @@ -296,7 +296,7 @@ Note that all three models can be used in a single application. == Use virtual thread friendly clients -As mentioned in the href:why-not[Why not run everything on virtual threads?] section, the Java ecosystem is not entirely ready for virtual threads. +As mentioned in the xref:why-not[Why not run everything on virtual threads?] section, the Java ecosystem is not entirely ready for virtual threads. So, you need to be careful, especially when using a libraries doing I/O. Fortunately, Quarkus provides a massive ecosystem that is ready to be used in virtual threads. @@ -375,7 +375,7 @@ mvn package === Using a local GraalVM installation -To compile a Quarkus applications leveraging `@RunOnVirtualThreads` into native executable, you must be sure to use a GraalVM / Mandrel `native-image` supporting virtual threads, so providing at least Java 19+. +To compile a Quarkus applications leveraging `@RunOnVirtualThread` into native executable, you must be sure to use a GraalVM / Mandrel `native-image` supporting virtual threads, so providing at least Java 19+. Then, until Java 21, you need to add the following property to your `application.properties` file: