Merge pull request #4811 from gsmet/doc-oidc

Assorted OIDC changes

docs/src/main/asciidoc/oidc-guide.adoc

@@ -219,58 +219,67 @@ The application is using bearer token authorization and the first
 thing to do is obtain an access token from the Keycloak Server in
 order to access the application resources:
 
-```bash
+[source,bash]
+----
 export access_token=$(\
     curl -X POST http://localhost:8180/auth/realms/quarkus/protocol/openid-connect/token \
     --user backend-service:secret \
     -H 'content-type: application/x-www-form-urlencoded' \
     -d 'username=alice&password=alice&grant_type=password' | jq --raw-output '.access_token' \
  )
-```
+----
 
 The example above obtains an access token for user `alice`.
 
 Any user is allowed to access the
 `http://localhost:8080/api/users/me` endpoint
 which basically returns a JSON payload with details about the user.
 
-```bash
+[source,bash]
+----
 curl -v -X GET \
   http://localhost:8080/api/users/me \
   -H "Authorization: Bearer "$access_token
-```
+----
 
 The `http://localhost:8080/api/admin` endpoint can only be accessed by users with the `admin` role. If you try to access this endpoint with the
  previously issued access token, you should get a `403` response
  from the server.
 
-```bash
- curl -v -X GET \
+[source,bash]
+----
+curl -v -X GET \
    http://localhost:8080/api/admin \
    -H "Authorization: Bearer "$access_token
-```
+----
 
 In order to access the admin endpoint you should obtain a token for the `admin` user:
 
-```bash
+[source,bash]
+----
 export access_token=$(\
     curl -X POST http://localhost:8180/auth/realms/quarkus/protocol/openid-connect/token \
     --user backend-service:secret \
     -H 'content-type: application/x-www-form-urlencoded' \
     -d 'username=admin&password=admin&grant_type=password' | jq --raw-output '.access_token' \
  )
-```
+----
 
 The `http://localhost:8080/api/confidential` endpoint is protected with a policy defined in the Keycloak Server. The policy only grants access to the resource if the user is granted with a `confidential` role. The difference here is that the application is  delegating the access decision to Keycloak. To access the confidential endpoint, you should obtain an access token for user `jdoe`:
 
-```bash
+[source,bash]
+----
 export access_token=$(\
  curl -X POST http://localhost:8180/auth/realms/quarkus/protocol/openid-connect/token \
  --user backend-service:secret \
  -H 'content-type: application/x-www-form-urlencoded' \
  -d 'username=jdoe&password=jdoe&grant_type=password' | jq --raw-output '.access_token' \
 )
-```
+----
+
+== Configuration Reference
+
+include::{generated-dir}/config/quarkus-oidc.adoc[opts=optional]
 
 == References
 

extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcConfig.java

@@ -7,7 +7,7 @@
 import io.quarkus.runtime.annotations.ConfigPhase;
 import io.quarkus.runtime.annotations.ConfigRoot;
 
-@ConfigRoot(phase = ConfigPhase.BUILD_AND_RUN_TIME_FIXED)
+@ConfigRoot(phase = ConfigPhase.RUN_TIME)
 public class OidcConfig {
 
     /**

extensions/oidc/runtime/src/main/java/io/quarkus/oidc/VertxKeycloakRecorder.java

@@ -61,7 +61,5 @@ public void handle(AsyncResult<OAuth2Auth> event) {
         VertxOAuth2AuthenticationMechanism mechanism = beanContainer.instance(VertxOAuth2AuthenticationMechanism.class);
         mechanism.setAuth(auth);
         mechanism.setAuthServerURI(config.authServerUrl);
-        mechanism.setConfig(config);
-
     }
 }

extensions/oidc/runtime/src/main/java/io/quarkus/oidc/VertxOAuth2AuthenticationMechanism.java

@@ -24,16 +24,6 @@ public class VertxOAuth2AuthenticationMechanism implements HttpAuthenticationMec
 
     private volatile String authServerURI;
     private volatile OAuth2Auth auth;
-    private volatile OidcConfig config;
-
-    public OidcConfig getConfig() {
-        return config;
-    }
-
-    public VertxOAuth2AuthenticationMechanism setConfig(OidcConfig config) {
-        this.config = config;
-        return this;
-    }
 
     public String getAuthServerURI() {
         return authServerURI;