Conditionalize content in upstream Quarkus repository for the 3.8.nex…

…t product release quarkusio#39954

docs/src/main/asciidoc/security-authentication-mechanisms.adoc

@@ -9,6 +9,7 @@ include::_attributes.adoc[]
 :diataxis-type: concept
 :categories: security,web
 :topics: security,authentication
+:quarkus-elytron-security-oauth2:
 
 The Quarkus Security framework supports multiple authentication mechanisms, which you can use to secure your applications.
 You can also combine authentication mechanisms.
@@ -96,7 +97,7 @@ quarkus.http.auth.form.error-page=
 # Define testing user
 quarkus.security.users.embedded.enabled=true
 quarkus.security.users.embedded.plain-text=true
-quarkus.security.users.embedded.users.alice=alice 
+quarkus.security.users.embedded.users.alice=alice
 quarkus.security.users.embedded.roles.alice=user
 ----
 
@@ -404,13 +405,15 @@ It represents them as `org.eclipse.microprofile.jwt.JsonWebToken`.
 
 For more information, see the xref:security-jwt.adoc[Using JWT RBAC] guide.
 
+ifndef::quarkus-elytron-security-oauth2[]
 [[oauth2-authentication]]
 === OAuth2 authentication
 
 `quarkus-elytron-security-oauth2` provides an alternative to the Quarkus `quarkus-oidc` Bearer token authentication mechanism extension.
 `quarkus-elytron-security-oauth2` is based on `Elytron` and is primarily intended for introspecting opaque tokens remotely.
 
 For more information, see the Quarkus xref:security-oauth2.adoc[Using OAuth2] guide.
+endif::quarkus-elytron-security-oauth2[]
 
 [[oidc-jwt-oauth2-comparison]]
 == Choosing between OpenID Connect, SmallRye JWT, and OAuth2 authentication mechanisms
@@ -425,13 +428,17 @@ In both cases, `quarkus-oidc` requires a connection to the specified OpenID Conn
 * If the user authentication requires Authorization Code flow, or you need to support multiple tenants, use `quarkus-oidc`.
 `quarkus-oidc` can also request user information by using both Authorization Code Flow and Bearer access tokens.
 
-* If your bearer tokens must be verified, use `quarkus-oidc`, `quarkus-smallrye-jwt`, or `quarkus-elytron-security-oauth2`.
+* If your bearer tokens must be verified, use `quarkus-oidc`,
+ifndef::quarkus-elytron-security-oauth2[`quarkus-elytron-security-oauth2`, ]
+or `quarkus-smallrye-jwt`.
 
 * If your bearer tokens are in a JSON web token (JWT) format, you can use any extensions in the preceding list.
 Both `quarkus-oidc` and `quarkus-smallrye-jwt` support refreshing the `JsonWebKey` (JWK) set when the OpenID Connect provider rotates the keys.
 Therefore, if remote token introspection must be avoided or is unsupported by the providers, use `quarkus-oidc` or `quarkus-smallrye-jwt` to verify JWT tokens.
 
-* To introspect the JWT tokens remotely, you can use either `quarkus-oidc` or `quarkus-elytron-security-oauth2` because they support verifying the opaque or binary tokens by using remote introspection.
+* To introspect the JWT tokens remotely, you can use `quarkus-oidc`
+ifndef::quarkus-elytron-security-oauth2[or `quarkus-elytron-security-oauth2`]
+for verifying the opaque or binary tokens by using remote introspection.
 `quarkus-smallrye-jwt` does not support the remote introspection of both opaque or JWT tokens but instead relies on the locally available keys that are usually retrieved from the OpenID Connect provider.
 
 * `quarkus-oidc` and `quarkus-smallrye-jwt` support the JWT and opaque token injection into the endpoint code.
@@ -442,9 +449,10 @@ All extensions can have the tokens injected as `Principal`.
 `quarkus-oidc` uses only the JWK-formatted keys that are part of a JWK set, whereas `quarkus-smallrye-jwt` supports PEM keys.
 
 * `quarkus-smallrye-jwt` handles locally signed, inner-signed-and-encrypted, and encrypted tokens.
-In contrast, although `quarkus-oidc` and `quarkus-elytron-security-oauth2` can also verify such tokens, they treat them as opaque tokens and verify them through remote introspection.
+ifndef::quarkus-elytron-security-oauth2[In contrast, although `quarkus-oidc` and `quarkus-elytron-security-oauth2` can also verify such tokens, they treat them as opaque tokens and verify them through remote introspection.]
+ifdef::quarkus-elytron-security-oauth2[In contrast, although `quarkus-oidc` can also verify such tokens, it treats them as opaque tokens and verifies them through remote introspection.]
 
-* If you need a lightweight library for the remote introspection of opaque or JWT tokens, use `quarkus-elytron-security-oauth2`.
+ifndef::quarkus-elytron-security-oauth2[* If you need a lightweight library for the remote introspection of opaque or JWT tokens, use `quarkus-elytron-security-oauth2`.]
 
 [NOTE]
 ====
@@ -461,26 +469,49 @@ Nonetheless, the providers effectively delegate most of the token-associated sta
 |===
 ^|Feature required 3+^| Authentication mechanism
 
-^| ^s|`quarkus-oidc` ^s|`quarkus-smallrye-jwt` ^s| `quarkus-elytron-security-oauth2`
+^| ^s|`quarkus-oidc` ^s|`quarkus-smallrye-jwt` ^s|
+ifndef::quarkus-elytron-security-oauth2[`quarkus-elytron-security-oauth2`]
 
-s|Bearer JWT verification ^|Local verification or introspection  ^|Local verification  ^|Introspection
+s|Bearer JWT verification ^|Local verification or introspection  ^|Local verification  ^|
+ifndef::quarkus-elytron-security-oauth2[Introspection]
 
-s|Bearer opaque token verification ^|Introspection   ^|No  ^|Introspection
-s|Refreshing `JsonWebKey` set to verify JWT tokens  ^|Yes   ^|Yes  ^|No
-s|Represent token as `Principal`  ^|Yes   ^|Yes  ^|Yes
-s|Inject JWT as MP JWT  ^|Yes   ^|Yes  ^|No
+s|Bearer opaque token verification ^|Introspection   ^|No  ^|
+ifndef::quarkus-elytron-security-oauth2[Introspection]
 
-s|Authorization code flow  ^| Yes  ^|No  ^|No
-s|Multi-tenancy ^| Yes  ^|No  ^|No
-s|User information support  ^| Yes  ^|No  ^|No
-s|PEM key format support  ^|No   ^|Yes  ^|No
+s|Refreshing `JsonWebKey` set to verify JWT tokens  ^|Yes   ^|Yes  ^|
+ifndef::quarkus-elytron-security-oauth2[No]
 
-s|SecretKey support ^|No ^|In JSON Web Key (JWK) format ^|No
-s|Inner-signed and encrypted or encrypted tokens ^|Introspection ^|Local verification ^|Introspection
-s|Custom token verification ^|No ^|With injected JWT parser ^|No
-s|JWT as a cookie support ^|No ^|Yes ^|Yes
-|===
+s|Represent token as `Principal`  ^|Yes   ^|Yes  ^|
+ifndef::quarkus-elytron-security-oauth2[Yes]
+
+s|Inject JWT as MP JWT  ^|Yes   ^|Yes  ^|
+ifndef::quarkus-elytron-security-oauth2[No]
+
+s|Authorization code flow  ^| Yes  ^|No  ^|
+ifndef::quarkus-elytron-security-oauth2[No]
+
+s|Multi-tenancy ^| Yes  ^|No  ^|
+ifndef::quarkus-elytron-security-oauth2[No]
+
+s|User information support  ^| Yes  ^|No  ^|
+ifndef::quarkus-elytron-security-oauth2[No]
+
+s|PEM key format support  ^|No   ^|Yes  ^|
+ifndef::quarkus-elytron-security-oauth2[No]
 
+s|SecretKey support ^|No ^|In JSON Web Key (JWK) format ^|
+ifndef::quarkus-elytron-security-oauth2[No]
+
+s|Inner-signed and encrypted or encrypted tokens ^|Introspection ^|Local verification ^|
+ifndef::quarkus-elytron-security-oauth2[Introspection]
+
+s|Custom token verification ^|No ^|With injected JWT parser ^|
+ifndef::quarkus-elytron-security-oauth2[No]
+
+s|JWT as a cookie support ^|No ^|Yes ^|
+ifndef::quarkus-elytron-security-oauth2[Yes]
+
+|===
 
 == Combining authentication mechanisms