Sync documentation of main branch

_generated-doc/main/config/quarkus-all-config.adoc

@@ -46998,7 +46998,15 @@ a| [[quarkus-oidc_quarkus-oidc-authentication-verify-access-token]]`link:#quarku
 
 [.description]
 --
-Both ID and access tokens are fetched from the OIDC provider as part of the authorization code flow. ID token is always verified on every user request as the primary token which is used to represent the principal and extract the roles. Access token is not verified by default since it is meant to be propagated to the downstream services. The verification of the access token should be enabled if it is injected as a JWT token. Access tokens obtained as part of the code flow are always verified if `quarkus.oidc.roles.source` property is set to `accesstoken` which means the authorization decision is based on the roles extracted from the access token. Bearer access tokens are always verified.
+Both ID and access tokens are fetched from the OIDC provider as part of the authorization code flow.
+
+ID token is always verified on every user request as the primary token which is used to represent the principal and extract the roles.
+
+Authorization code flow access token is meant to be propagated to downstream services and is not verified by default unless `quarkus.oidc.roles.source` property is set to `accesstoken` which means the authorization decision is based on the roles extracted from the access token.
+
+Authorization code flow access token verification is also enabled if this token is injected as JsonWebToken. Set this property to `false` if it is not required.
+
+Bearer access token is always verified.
 
 ifdef::add-copy-button-to-env-var[]
 Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_VERIFY_ACCESS_TOKEN+++[]
@@ -47260,7 +47268,11 @@ a| [[quarkus-oidc_quarkus-oidc-authentication-user-info-required]]`link:#quarkus
 
 [.description]
 --
-If this property is set to `true`, an OIDC UserInfo endpoint is called. This property is enabled if `quarkus.oidc.roles.source` is `userinfo`. or `quarkus.oidc.token.verify-access-token-with-user-info` is `true` or `quarkus.oidc.authentication.id-token-required` is set to `false`, you do not need to enable this property manually in these cases.
+If this property is set to `true`, an OIDC UserInfo endpoint is called.
+
+This property is enabled automatically if `quarkus.oidc.roles.source` is set to `userinfo` or `quarkus.oidc.token.verify-access-token-with-user-info` is set to `true` or `quarkus.oidc.authentication.id-token-required` is set to `false`, the current OIDC tenant must support a UserInfo endpoint in these cases.
+
+It is also enabled automatically if `io.quarkus.oidc.UserInfo` injection point is detected but only if the current OIDC tenant supports a UserInfo endpoint.
 
 ifdef::add-copy-button-to-env-var[]
 Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_USER_INFO_REQUIRED+++[]
@@ -49638,7 +49650,15 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-verify-access-token]]`link:
 
 [.description]
 --
-Both ID and access tokens are fetched from the OIDC provider as part of the authorization code flow. ID token is always verified on every user request as the primary token which is used to represent the principal and extract the roles. Access token is not verified by default since it is meant to be propagated to the downstream services. The verification of the access token should be enabled if it is injected as a JWT token. Access tokens obtained as part of the code flow are always verified if `quarkus.oidc.roles.source` property is set to `accesstoken` which means the authorization decision is based on the roles extracted from the access token. Bearer access tokens are always verified.
+Both ID and access tokens are fetched from the OIDC provider as part of the authorization code flow.
+
+ID token is always verified on every user request as the primary token which is used to represent the principal and extract the roles.
+
+Authorization code flow access token is meant to be propagated to downstream services and is not verified by default unless `quarkus.oidc.roles.source` property is set to `accesstoken` which means the authorization decision is based on the roles extracted from the access token.
+
+Authorization code flow access token verification is also enabled if this token is injected as JsonWebToken. Set this property to `false` if it is not required.
+
+Bearer access token is always verified.
 
 ifdef::add-copy-button-to-env-var[]
 Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_VERIFY_ACCESS_TOKEN+++[]
@@ -49917,7 +49937,11 @@ a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-user-info-required]]`link:#
 
 [.description]
 --
-If this property is set to `true`, an OIDC UserInfo endpoint is called. This property is enabled if `quarkus.oidc.roles.source` is `userinfo`. or `quarkus.oidc.token.verify-access-token-with-user-info` is `true` or `quarkus.oidc.authentication.id-token-required` is set to `false`, you do not need to enable this property manually in these cases.
+If this property is set to `true`, an OIDC UserInfo endpoint is called.
+
+This property is enabled automatically if `quarkus.oidc.roles.source` is set to `userinfo` or `quarkus.oidc.token.verify-access-token-with-user-info` is set to `true` or `quarkus.oidc.authentication.id-token-required` is set to `false`, the current OIDC tenant must support a UserInfo endpoint in these cases.
+
+It is also enabled automatically if `io.quarkus.oidc.UserInfo` injection point is detected but only if the current OIDC tenant supports a UserInfo endpoint.
 
 ifdef::add-copy-button-to-env-var[]
 Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_USER_INFO_REQUIRED+++[]

_generated-doc/main/config/quarkus-oidc-general-config-items.adoc

@@ -2094,7 +2094,15 @@ a| [[quarkus-oidc-general-config-items_quarkus-oidc-authentication-verify-access
 
 [.description]
 --
-Both ID and access tokens are fetched from the OIDC provider as part of the authorization code flow. ID token is always verified on every user request as the primary token which is used to represent the principal and extract the roles. Access token is not verified by default since it is meant to be propagated to the downstream services. The verification of the access token should be enabled if it is injected as a JWT token. Access tokens obtained as part of the code flow are always verified if `quarkus.oidc.roles.source` property is set to `accesstoken` which means the authorization decision is based on the roles extracted from the access token. Bearer access tokens are always verified.
+Both ID and access tokens are fetched from the OIDC provider as part of the authorization code flow.
+
+ID token is always verified on every user request as the primary token which is used to represent the principal and extract the roles.
+
+Authorization code flow access token is meant to be propagated to downstream services and is not verified by default unless `quarkus.oidc.roles.source` property is set to `accesstoken` which means the authorization decision is based on the roles extracted from the access token.
+
+Authorization code flow access token verification is also enabled if this token is injected as JsonWebToken. Set this property to `false` if it is not required.
+
+Bearer access token is always verified.
 
 ifdef::add-copy-button-to-env-var[]
 Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_VERIFY_ACCESS_TOKEN+++[]
@@ -2356,7 +2364,11 @@ a| [[quarkus-oidc-general-config-items_quarkus-oidc-authentication-user-info-req
 
 [.description]
 --
-If this property is set to `true`, an OIDC UserInfo endpoint is called. This property is enabled if `quarkus.oidc.roles.source` is `userinfo`. or `quarkus.oidc.token.verify-access-token-with-user-info` is `true` or `quarkus.oidc.authentication.id-token-required` is set to `false`, you do not need to enable this property manually in these cases.
+If this property is set to `true`, an OIDC UserInfo endpoint is called.
+
+This property is enabled automatically if `quarkus.oidc.roles.source` is set to `userinfo` or `quarkus.oidc.token.verify-access-token-with-user-info` is set to `true` or `quarkus.oidc.authentication.id-token-required` is set to `false`, the current OIDC tenant must support a UserInfo endpoint in these cases.
+
+It is also enabled automatically if `io.quarkus.oidc.UserInfo` injection point is detected but only if the current OIDC tenant supports a UserInfo endpoint.
 
 ifdef::add-copy-button-to-env-var[]
 Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_USER_INFO_REQUIRED+++[]
@@ -4717,7 +4729,15 @@ a| [[quarkus-oidc-general-config-items_quarkus-oidc-tenant-authentication-verify
 
 [.description]
 --
-Both ID and access tokens are fetched from the OIDC provider as part of the authorization code flow. ID token is always verified on every user request as the primary token which is used to represent the principal and extract the roles. Access token is not verified by default since it is meant to be propagated to the downstream services. The verification of the access token should be enabled if it is injected as a JWT token. Access tokens obtained as part of the code flow are always verified if `quarkus.oidc.roles.source` property is set to `accesstoken` which means the authorization decision is based on the roles extracted from the access token. Bearer access tokens are always verified.
+Both ID and access tokens are fetched from the OIDC provider as part of the authorization code flow.
+
+ID token is always verified on every user request as the primary token which is used to represent the principal and extract the roles.
+
+Authorization code flow access token is meant to be propagated to downstream services and is not verified by default unless `quarkus.oidc.roles.source` property is set to `accesstoken` which means the authorization decision is based on the roles extracted from the access token.
+
+Authorization code flow access token verification is also enabled if this token is injected as JsonWebToken. Set this property to `false` if it is not required.
+
+Bearer access token is always verified.
 
 ifdef::add-copy-button-to-env-var[]
 Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_VERIFY_ACCESS_TOKEN+++[]
@@ -4996,7 +5016,11 @@ a| [[quarkus-oidc-general-config-items_quarkus-oidc-tenant-authentication-user-i
 
 [.description]
 --
-If this property is set to `true`, an OIDC UserInfo endpoint is called. This property is enabled if `quarkus.oidc.roles.source` is `userinfo`. or `quarkus.oidc.token.verify-access-token-with-user-info` is `true` or `quarkus.oidc.authentication.id-token-required` is set to `false`, you do not need to enable this property manually in these cases.
+If this property is set to `true`, an OIDC UserInfo endpoint is called.
+
+This property is enabled automatically if `quarkus.oidc.roles.source` is set to `userinfo` or `quarkus.oidc.token.verify-access-token-with-user-info` is set to `true` or `quarkus.oidc.authentication.id-token-required` is set to `false`, the current OIDC tenant must support a UserInfo endpoint in these cases.
+
+It is also enabled automatically if `io.quarkus.oidc.UserInfo` injection point is detected but only if the current OIDC tenant supports a UserInfo endpoint.
 
 ifdef::add-copy-button-to-env-var[]
 Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_USER_INFO_REQUIRED+++[]

_generated-doc/main/config/quarkus-oidc-oidc-config.adoc

@@ -1767,7 +1767,15 @@ a| [[quarkus-oidc-oidc-config_quarkus-oidc-authentication-verify-access-token]]`
 
 [.description]
 --
-Both ID and access tokens are fetched from the OIDC provider as part of the authorization code flow. ID token is always verified on every user request as the primary token which is used to represent the principal and extract the roles. Access token is not verified by default since it is meant to be propagated to the downstream services. The verification of the access token should be enabled if it is injected as a JWT token. Access tokens obtained as part of the code flow are always verified if `quarkus.oidc.roles.source` property is set to `accesstoken` which means the authorization decision is based on the roles extracted from the access token. Bearer access tokens are always verified.
+Both ID and access tokens are fetched from the OIDC provider as part of the authorization code flow.
+
+ID token is always verified on every user request as the primary token which is used to represent the principal and extract the roles.
+
+Authorization code flow access token is meant to be propagated to downstream services and is not verified by default unless `quarkus.oidc.roles.source` property is set to `accesstoken` which means the authorization decision is based on the roles extracted from the access token.
+
+Authorization code flow access token verification is also enabled if this token is injected as JsonWebToken. Set this property to `false` if it is not required.
+
+Bearer access token is always verified.
 
 ifdef::add-copy-button-to-env-var[]
 Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_VERIFY_ACCESS_TOKEN+++[]
@@ -2029,7 +2037,11 @@ a| [[quarkus-oidc-oidc-config_quarkus-oidc-authentication-user-info-required]]`l
 
 [.description]
 --
-If this property is set to `true`, an OIDC UserInfo endpoint is called. This property is enabled if `quarkus.oidc.roles.source` is `userinfo`. or `quarkus.oidc.token.verify-access-token-with-user-info` is `true` or `quarkus.oidc.authentication.id-token-required` is set to `false`, you do not need to enable this property manually in these cases.
+If this property is set to `true`, an OIDC UserInfo endpoint is called.
+
+This property is enabled automatically if `quarkus.oidc.roles.source` is set to `userinfo` or `quarkus.oidc.token.verify-access-token-with-user-info` is set to `true` or `quarkus.oidc.authentication.id-token-required` is set to `false`, the current OIDC tenant must support a UserInfo endpoint in these cases.
+
+It is also enabled automatically if `io.quarkus.oidc.UserInfo` injection point is detected but only if the current OIDC tenant supports a UserInfo endpoint.
 
 ifdef::add-copy-button-to-env-var[]
 Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_USER_INFO_REQUIRED+++[]
@@ -4390,7 +4402,15 @@ a| [[quarkus-oidc-oidc-config_quarkus-oidc-tenant-authentication-verify-access-t
 
 [.description]
 --
-Both ID and access tokens are fetched from the OIDC provider as part of the authorization code flow. ID token is always verified on every user request as the primary token which is used to represent the principal and extract the roles. Access token is not verified by default since it is meant to be propagated to the downstream services. The verification of the access token should be enabled if it is injected as a JWT token. Access tokens obtained as part of the code flow are always verified if `quarkus.oidc.roles.source` property is set to `accesstoken` which means the authorization decision is based on the roles extracted from the access token. Bearer access tokens are always verified.
+Both ID and access tokens are fetched from the OIDC provider as part of the authorization code flow.
+
+ID token is always verified on every user request as the primary token which is used to represent the principal and extract the roles.
+
+Authorization code flow access token is meant to be propagated to downstream services and is not verified by default unless `quarkus.oidc.roles.source` property is set to `accesstoken` which means the authorization decision is based on the roles extracted from the access token.
+
+Authorization code flow access token verification is also enabled if this token is injected as JsonWebToken. Set this property to `false` if it is not required.
+
+Bearer access token is always verified.
 
 ifdef::add-copy-button-to-env-var[]
 Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_VERIFY_ACCESS_TOKEN+++[]
@@ -4669,7 +4689,11 @@ a| [[quarkus-oidc-oidc-config_quarkus-oidc-tenant-authentication-user-info-requi
 
 [.description]
 --
-If this property is set to `true`, an OIDC UserInfo endpoint is called. This property is enabled if `quarkus.oidc.roles.source` is `userinfo`. or `quarkus.oidc.token.verify-access-token-with-user-info` is `true` or `quarkus.oidc.authentication.id-token-required` is set to `false`, you do not need to enable this property manually in these cases.
+If this property is set to `true`, an OIDC UserInfo endpoint is called.
+
+This property is enabled automatically if `quarkus.oidc.roles.source` is set to `userinfo` or `quarkus.oidc.token.verify-access-token-with-user-info` is set to `true` or `quarkus.oidc.authentication.id-token-required` is set to `false`, the current OIDC tenant must support a UserInfo endpoint in these cases.
+
+It is also enabled automatically if `io.quarkus.oidc.UserInfo` injection point is detected but only if the current OIDC tenant supports a UserInfo endpoint.
 
 ifdef::add-copy-button-to-env-var[]
 Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_USER_INFO_REQUIRED+++[]