Sync documentation of main branch

Author: actions-user

_generated-doc/main/config/quarkus-all-config.adoc

@@ -21448,12 +21448,16 @@ endif::add-copy-button-to-config-props[]
 
 [.description]
 --
-Specify the dependencies that are allowed to have proto files that can be imported by this application's protos Applicable values:
+Specify the dependencies that are allowed to have proto files that can be imported by this application's protos
+
+Applicable values:
 
  - _none_ - default - don't scan dependencies
  - a comma separated list of _groupId:artifactId_ coordinates to scan
  - _all_ - scan all dependencies
 
+
+
 By default, _com.google.protobuf:protobuf-java_.
 
 

_generated-doc/main/config/quarkus-grpc_quarkus.generate-code.adoc

@@ -40,12 +40,16 @@ endif::add-copy-button-to-config-props[]
 
 [.description]
 --
-Specify the dependencies that are allowed to have proto files that can be imported by this application's protos Applicable values:
+Specify the dependencies that are allowed to have proto files that can be imported by this application's protos
+
+Applicable values:
 
  - _none_ - default - don't scan dependencies
  - a comma separated list of _groupId:artifactId_ coordinates to scan
  - _all_ - scan all dependencies
 
+
+
 By default, _com.google.protobuf:protobuf-java_.
 
 

_generated-doc/main/infra/quarkus-all-build-items.adoc

@@ -5843,30 +5843,38 @@ h|Attributes
 
 
 
-a| https://github.com/quarkusio/quarkus/blob/main/extensions/oidc-client/deployment/src/main/java/io/quarkus/oidc/client/deployment/AccessTokenInstanceBuildItem.java[`io.quarkus.oidc.client.deployment.AccessTokenInstanceBuildItem`, window="_blank"]
+a| https://github.com/quarkusio/quarkus/blob/main/extensions/oidc-client/deployment/src/main/java/io/quarkus/oidc/client/deployment/OidcClientNamesBuildItem.java[`io.quarkus.oidc.client.deployment.OidcClientNamesBuildItem`, window="_blank"]
 [.description]
 --
-Represents one `io.quarkus.oidc.token.propagation.AccessToken` annotation instance.
--- a|`java.lang.String clientName` 
-
-_No Javadoc found_
-
-`boolean tokenExchange` 
+Contains non-default names of OIDC Clients.
+-- a|`java.util.Set<String> oidcClientNames` 
 
 _No Javadoc found_
 
-`org.jboss.jandex.AnnotationTarget annotationTarget` 
 
-_No Javadoc found_
+|===
+== OpenID Connect Token Propagation - Common
+[.configuration-reference,cols=2*]
+|===
+h|Class Name
+h|Attributes 
 
 
 
 
-a| https://github.com/quarkusio/quarkus/blob/main/extensions/oidc-client/deployment/src/main/java/io/quarkus/oidc/client/deployment/OidcClientNamesBuildItem.java[`io.quarkus.oidc.client.deployment.OidcClientNamesBuildItem`, window="_blank"]
+a| https://github.com/quarkusio/quarkus/blob/main/extensions/oidc-token-propagation-common/deployment/src/main/java/io/quarkus/oidc/token/propagation/common/deployment/AccessTokenInstanceBuildItem.java[`io.quarkus.oidc.token.propagation.common.deployment.AccessTokenInstanceBuildItem`, window="_blank"]
 [.description]
 --
-Contains non-default names of OIDC Clients.
--- a|`java.util.Set<String> oidcClientNames` 
+Represents one `io.quarkus.oidc.token.propagation.common.AccessToken` annotation instance.
+-- a|`java.lang.String clientName` 
+
+_No Javadoc found_
+
+`boolean tokenExchange` 
+
+_No Javadoc found_
+
+`org.jboss.jandex.AnnotationTarget annotationTarget` 
 
 _No Javadoc found_
 

_versions/main/guides/grpc-service-consumption.adoc

@@ -204,8 +204,12 @@ public class StreamingEndpoint {
 
 For each gRPC service you inject in your application, you can configure the following attributes:
 
+=== Global configuration
 include::{generated-dir}/config/quarkus-grpc_quarkus.grpc-client.adoc[opts=optional, leveloffset=+1]
 
+=== Per-client configuration
+include::{generated-dir}/config/quarkus-grpc_quarkus.grpc.clients.adoc[opts=optional, leveloffset=+1]
+
 The `client-name` is the name set in the `@GrpcClient` or derived from the injection point if not explicitly defined.
 
 The following examples uses _hello_ as the client name.

_versions/main/guides/images/observability-grafana-dashboards.png

@@ -163,19 +163,21 @@ image::observability-grafana-loki.png[alt=Dev UI LGTM, align=center,width=90%]
 
 === The dashboards
 
-The Dev Service includes a set of dashboards for metrics.
+The Dev Service includes a set of dashboards.
 
 image::observability-grafana-dashboards.png[alt=Dev UI LGTM, align=center,width=90%]
 
 Each dashboard is tuned for the specific application setup. The available dashboards are:
 
-* *Quarkus Micrometer Metrics - OTLP*: to be used with the Micrometer OTLP registry extension
-* *Quarkus Micrometer Metrics - Prometheus*: to be used with the Micrometer Prometheus registry extension.
-* *Quarkus Micrometer OpenTelemetry*: to be used with the Micrometer to OpenTelemetry bridge extension.
+* *Quarkus Micrometer OpenTelemetry*: to be used with the Micrometer and OpenTelemetry extension.
+* *Quarkus Micrometer OTLP registry*: to be used with the Micrometer OTLP registry extension.
+* *Quarkus Micrometer Prometheus registry*: to be used with the Micrometer Prometheus registry extension.
+* *Quarkus OpenTelemetry Logging*: to view logs coming from the OpenTelemetry extension.
+
 
 [NOTE]
 ====
-Some panels in the dashboards might take a few minutes to show data when their values are calculated over a sliding window of time.
+Some panels in the dashboards might take a few minutes to show accurate data when their values are calculated over a sliding  time window.
 ====
 
 === Additional configuration

_versions/main/guides/observability-devservices-lgtm.adoc

@@ -145,9 +145,9 @@ public class TokenSecuredResource {
 <7> Builds a response containing the caller's name, the `isSecure()` and `getAuthenticationScheme()` states of the request `SecurityContext`, and whether a non-null `JsonWebToken` was injected.
 
 [[run-application]]
-=== Run the application
+=== Run the application in dev mode
 
-Now, you are ready to run the application by using one of the following commands:
+Now, you are ready to run the application in dev mode by using one of the following commands:
 
 include::{includes}/devtools/dev.adoc[]
 
@@ -174,6 +174,12 @@ Now that the REST endpoint is running, you can access it by using a command line
 [source,shell]
 ----
 $ curl http://127.0.0.1:8080/secured/permit-all; echo
+----
+
+This command returns the following response:
+
+[source,shell]
+----
 hello anonymous, isHttps: false, authScheme: null, hasJWT: false
 ----
 
@@ -263,6 +269,12 @@ Your output should be as follows:
 [source,shell]
 ----
 $ curl -v http://127.0.0.1:8080/secured/roles-allowed; echo
+----
+
+This command returns the following response:
+
+[source,shell]
+----
 *   Trying 127.0.0.1...
 * TCP_NODELAY set
 * Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
@@ -444,8 +456,6 @@ Next, use the following command to generate the JWT:
 [source,shell]
 ----
 $ mvn exec:java -Dexec.mainClass=org.acme.security.jwt.GenerateToken -Dexec.classpathScope=test -Dsmallrye.jwt.sign.key.location=privateKey.pem
-
-eyJraWQiOiJcL3ByaXZhdGVLZXkucGVtIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJqZG9lLXVzaW5nLWp3dC1yYmFjIiwiYXVkIjoidXNpbmctand0LXJiYWMiLCJ1cG4iOiJqZG9lQHF1YXJrdXMuaW8iLCJiaXJ0aGRhdGUiOiIyMDAxLTA3LTEzIiwiYXV0aF90aW1lIjoxNTUxNjU5Njc2LCJpc3MiOiJodHRwczpcL1wvcXVhcmt1cy5pb1wvdXNpbmctand0LXJiYWMiLCJyb2xlTWFwcGluZ3MiOnsiZ3JvdXAyIjoiR3JvdXAyTWFwcGVkUm9sZSIsImdyb3VwMSI6Ikdyb3VwMU1hcHBlZFJvbGUifSwiZ3JvdXBzIjpbIkVjaG9lciIsIlRlc3RlciIsIlN1YnNjcmliZXIiLCJncm91cDIiXSwicHJlZmVycmVkX3VzZXJuYW1lIjoiamRvZSIsImV4cCI6MTU1MTY1OTk3NiwiaWF0IjoxNTUxNjU5Njc2LCJqdGkiOiJhLTEyMyJ9.O9tx_wNNS4qdpFhxeD1e7v4aBNWz1FCq0UV8qmXd7dW9xM4hA5TO-ZREk3ApMrL7_rnX8z81qGPIo_R8IfHDyNaI1SLD56gVX-NaOLS2OjfcbO3zOWJPKR_BoZkYACtMoqlWgIwIRC-wJKUJU025dHZiNL0FWO4PjwuCz8hpZYXIuRscfFhXKrDX1fh3jDhTsOEFfu67ACd85f3BdX9pe-ayKSVLh_RSbTbBPeyoYPE59FW7H5-i8IE-Gqu838Hz0i38ksEJFI25eR-AJ6_PSUD0_-TV3NjXhF3bFIeT4VSaIZcpibekoJg0cQm-4ApPEcPLdgTejYHA-mupb8hSwg
 ----
 
 The JWT string is a Base64 URL-encoded string consisting of three parts, separated by `.` characters:
@@ -459,15 +469,19 @@ The JWT string is a Base64 URL-encoded string consisting of three parts, separat
 Now, let's use this to make a secured request to the `/secured/roles-allowed` endpoint.
 Make sure you have the Quarkus server still running in dev mode, and then run the following command, making sure to use your version of the generated JWT from the previous step:
 
-[source,bash]
-----
-curl -H "Authorization: Bearer eyJraWQiOiJcL3ByaXZhdGVLZXkucGVtIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJqZG9lLXVzaW5nLWp3dC1yYmFjIiwiYXVkIjoidXNpbmctand0LXJiYWMiLCJ1cG4iOiJqZG9lQHF1YXJrdXMuaW8iLCJiaXJ0aGRhdGUiOiIyMDAxLTA3LTEzIiwiYXV0aF90aW1lIjoxNTUxNjUyMDkxLCJpc3MiOiJodHRwczpcL1wvcXVhcmt1cy5pb1wvdXNpbmctand0LXJiYWMiLCJyb2xlTWFwcGluZ3MiOnsiZ3JvdXAyIjoiR3JvdXAyTWFwcGVkUm9sZSIsImdyb3VwMSI6Ikdyb3VwMU1hcHBlZFJvbGUifSwiZ3JvdXBzIjpbIkVjaG9lciIsIlRlc3RlciIsIlN1YnNjcmliZXIiLCJncm91cDIiXSwicHJlZmVycmVkX3VzZXJuYW1lIjoiamRvZSIsImV4cCI6MTU1MTY1MjM5MSwiaWF0IjoxNTUxNjUyMDkxLCJqdGkiOiJhLTEyMyJ9.aPA4Rlc4kw7n_OZZRRk25xZydJy_J_3BRR8ryYLyHTO1o68_aNWWQCgpnAuOW64svPhPnLYYnQzK-l2vHX34B64JySyBD4y_vRObGmdwH_SEufBAWZV7mkG3Y4mTKT3_4EWNu4VH92IhdnkGI4GJB6yHAEzlQI6EdSOa4Nq8Gp4uPGqHsUZTJrA3uIW0TbNshFBm47-oVM3ZUrBz57JKtr0e9jv0HjPQWyvbzx1HuxZd6eA8ow8xzvooKXFxoSFCMnxotd3wagvYQ9ysBa89bgzL-lhjWtusuMFDUVYwFqADE7oOSOD4Vtclgq8svznBQ-YpfTHfb9QEcofMlpyjNA" http://127.0.0.1:8080/secured/roles-allowed; echo
-----
 
 .`curl` command for `/secured/roles-allowed` with JWT
 [source,shell]
 ----
 $ curl -H "Authorization: Bearer eyJraWQ..." http://127.0.0.1:8080/secured/roles-allowed; echo
+----
+
+Make sure to use the generated token as the HTTP Authorization Bearer scheme value.
+
+This command returns the following response:
+
+[source,shell]
+----
 hello [email protected], isHttps: false, authScheme: Bearer, hasJWT: true, birthdate: 2001-07-13
 ----
 
@@ -572,61 +586,60 @@ public class TokenSecuredResource {
 
 Now generate the token again and run:
 
-[source,bash]
+[source,shell]
 ----
-curl -H "Authorization: Bearer eyJraWQiOiJcL3ByaXZhdGVLZXkucGVtIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJqZG9lLXVzaW5nLWp3dC1yYmFjIiwiYXVkIjoidXNpbmctand0LXJiYWMiLCJ1cG4iOiJqZG9lQHF1YXJrdXMuaW8iLCJiaXJ0aGRhdGUiOiIyMDAxLTA3LTEzIiwiYXV0aF90aW1lIjoxNTUxNjUyMDkxLCJpc3MiOiJodHRwczpcL1wvcXVhcmt1cy5pb1wvdXNpbmctand0LXJiYWMiLCJyb2xlTWFwcGluZ3MiOnsiZ3JvdXAyIjoiR3JvdXAyTWFwcGVkUm9sZSIsImdyb3VwMSI6Ikdyb3VwMU1hcHBlZFJvbGUifSwiZ3JvdXBzIjpbIkVjaG9lciIsIlRlc3RlciIsIlN1YnNjcmliZXIiLCJncm91cDIiXSwicHJlZmVycmVkX3VzZXJuYW1lIjoiamRvZSIsImV4cCI6MTU1MTY1MjM5MSwiaWF0IjoxNTUxNjUyMDkxLCJqdGkiOiJhLTEyMyJ9.aPA4Rlc4kw7n_OZZRRk25xZydJy_J_3BRR8ryYLyHTO1o68_aNWWQCgpnAuOW64svPhPnLYYnQzK-l2vHX34B64JySyBD4y_vRObGmdwH_SEufBAWZV7mkG3Y4mTKT3_4EWNu4VH92IhdnkGI4GJB6yHAEzlQI6EdSOa4Nq8Gp4uPGqHsUZTJrA3uIW0TbNshFBm47-oVM3ZUrBz57JKtr0e9jv0HjPQWyvbzx1HuxZd6eA8ow8xzvooKXFxoSFCMnxotd3wagvYQ9ysBa89bgzL-lhjWtusuMFDUVYwFqADE7oOSOD4Vtclgq8svznBQ-YpfTHfb9QEcofMlpyjNA" http://127.0.0.1:8080/secured/roles-allowed-admin; echo
+$ curl -H "Authorization: Bearer eyJraWQ..." http://127.0.0.1:8080/secured/roles-allowed-admin; echo
 ----
 
+Make sure to use the generated token as the HTTP Authorization Bearer scheme value.
+
+This command returns the following response:
+
 [source,shell]
 ----
-$ curl -H "Authorization: Bearer eyJraWQ..." http://127.0.0.1:8080/secured/roles-allowed-admin; echo
 hello [email protected], isHttps: false, authScheme: Bearer, hasJWT: true, birthdate: 2001-07-13
 ----
 
-=== Package and run the application
+=== Run the application in JVM mode
 
-As usual, the application can be packaged by using:
+You can run the application as a standard Java application.
 
+. Compile the application:
++
+====
 include::{includes}/devtools/build.adoc[]
-
-And executed by using `java -jar target/quarkus-app/quarkus-run.jar`:
-
-.Runner jar example
-[source,shell,subs=attributes+]
+====
+. Run the application:
++
+====
+[source,bash]
 ----
-$ java -jar target/quarkus-app/quarkus-run.jar
-2019-03-28 14:27:48,839 INFO  [io.quarkus] (main) Quarkus {quarkus-version} started in 0.796s. Listening on: http://[::]:8080
-2019-03-28 14:27:48,841 INFO  [io.quarkus] (main) Installed features: [cdi, rest, rest-jackson, security, smallrye-jwt]
+java -jar target/quarkus-app/quarkus-run.jar
 ----
+====
 
-You can also generate the native executable with:
+=== Run the application in native mode
 
-include::{includes}/devtools/build-native.adoc[]
+You can compile this same demo into native mode without any modifications.
+This implies that you no longer need to install a JVM on your production environment.
+The runtime technology is included in the produced binary and optimized to run with minimal resources required.
 
-.Native executable example
-[source,shell]
+Compilation takes a bit longer, so this step is disabled by default.
+
+. Build your application again by enabling the `native` profile:
++
+====
+
+include::{includes}/devtools/build-native.adoc[]
+====
+. Run the following binary directly:
++
+====
+[source,bash]
 ----
-[INFO] Scanning for projects...
-...
-[security-jwt-quickstart-runner:25602]     universe:     493.17 ms
-[security-jwt-quickstart-runner:25602]      (parse):     660.41 ms
-[security-jwt-quickstart-runner:25602]     (inline):   1,431.10 ms
-[security-jwt-quickstart-runner:25602]    (compile):   7,301.78 ms
-[security-jwt-quickstart-runner:25602]      compile:  10,542.16 ms
-[security-jwt-quickstart-runner:25602]        image:   2,797.62 ms
-[security-jwt-quickstart-runner:25602]        write:     988.24 ms
-[security-jwt-quickstart-runner:25602]      [total]:  43,778.16 ms
-[INFO] ------------------------------------------------------------------------
-[INFO] BUILD SUCCESS
-[INFO] ------------------------------------------------------------------------
-[INFO] Total time:  51.500 s
-[INFO] Finished at: 2019-03-28T14:30:56-07:00
-[INFO] ------------------------------------------------------------------------
-
-$ ./target/security-jwt-quickstart-runner
-2019-03-28 14:31:37,315 INFO  [io.quarkus] (main) Quarkus 0.12.0 started in 0.006s. Listening on: http://[::]:8080
-2019-03-28 14:31:37,316 INFO  [io.quarkus] (main) Installed features: [cdi, rest, rest-jackson, security, smallrye-jwt]
+./target/security-jwt-quickstart-1.0.0-SNAPSHOT-runner
 ----
+====
 
 === Explore the solution
 

_versions/main/guides/security-jwt.adoc

@@ -708,7 +708,7 @@ import jakarta.ws.rs.Produces;
 import jakarta.ws.rs.core.MediaType;
 
 import org.eclipse.microprofile.rest.client.inject.RegisterRestClient;
-import io.quarkus.oidc.token.propagation.AccessToken;
+import io.quarkus.oidc.token.propagation.common.AccessToken;
 
 @RegisterRestClient
 @AccessToken <1>

_versions/main/guides/security-oidc-auth0-tutorial.adoc

@@ -231,7 +231,16 @@ For more information, see the Keycloak documentation about link:https://www.keyc
 ifndef::no-quarkus-keycloak-admin-client[]
 [NOTE]
 ====
-If you want to use the Keycloak Admin Client to configure your server from your application, you need to include either the `quarkus-keycloak-admin-rest-client` or the `quarkus-keycloak-admin-resteasy-client` (if the application uses `quarkus-rest-client`) extension.
+To configure the Keycloak server from your application by using the Keycloak Admin Client, include one of the following extensions based on your setup:
+
+- *For Quarkus REST*: If you are using `quarkus-rest`, `quarkus-rest-client`, or both, include the `quarkus-keycloak-admin-rest-client` extension.
+
+- *For RESTEasy Classic*: If you are using `quarkus-resteasy`, `quarkus-resteasy-client`, or both, include the `quarkus-keycloak-admin-resteasy-client` extension.
+
+- *If no REST layer is explicitly used*: It is recommended to include the `quarkus-keycloak-admin-rest-client` extension.
+
+These guidelines ensure seamless integration of the Keycloak Admin Client with your REST framework, whether you are working with a REST server, a REST client, or both.
+
 For more information, see the xref:security-keycloak-admin-client.adoc[Quarkus Keycloak Admin Client] guide.
 ====
 endif::no-quarkus-keycloak-admin-client[]

_versions/main/guides/security-oidc-bearer-token-authentication-tutorial.adoc

@@ -50,6 +50,14 @@ For information about how to support multiple tenants, see xref:security-openid-
 
 == Using the authorization code flow mechanism
 
+=== Configuring Quarkus to support authorization code flow
+
+To enable an authorization code flow authentication, the `quarkus.oidc.application-type` property must be set to `web-app`.
+Usually, the Quarkus OIDC `web-app` application type must be set when your Quarkus application is a frontend application which serves HTML pages and requires an OIDC single sign-on login.
+For the Quarkus OIDC `web-app` application, the authorization code flow is defined as the preferred method for authenticating users.
+When your application serves HTML pages and provides REST API at the same time, and requires both the authorization code flow authentication and xref:security-oidc-bearer-token-authentication.adoc[the bearer access token authentication], the `quarkus.oidc.application-type` property can be set to `hybrid` instead.
+In this case, the authorization code flow is only triggered  when an HTTP `Authorization` request header with a `Bearer` authorization scheme containing a bearer access token is not set.
+
 === Configuring access to the OIDC provider endpoint
 
 The OIDC `web-app` application requires URLs of the OIDC provider's authorization, token, `JsonWebKey` (JWK) set, and possibly the `UserInfo`, introspection and end-session (RP-initiated logout) endpoints.
@@ -789,7 +797,7 @@ It applies to ID tokens and also to access tokens in a JWT format, if the `web-a
 [[jose4j-validator]]
 ==== Jose4j Validator
 
-You can register a custom [Jose4j Validator] to customize the JWT claim verification process. See xref:security-oidc-bearer-token-authentication.adoc#jose4j-validator[Jose4j] section for more information.
+You can register a custom Jose4j Validator to customize the JWT claim verification process. See the xref:security-oidc-bearer-token-authentication.adoc#jose4j-validator[Jose4j] section for more information.
 
 === Proof Key for Code Exchange (PKCE)