From 3c4f36b412bd93b379b108b87a1d2ed9ad971018 Mon Sep 17 00:00:00 2001
From: Pedro Igor <pigor.craveiro@gmail.com>
Date: Fri, 25 Oct 2019 21:13:28 -0300
Subject: [PATCH] [fixes #4480] OIDC Code Flow Quickstart

---
 .../.mvn/wrapper/MavenWrapperDownloader.java  |  117 ++
 .../.mvn/wrapper/maven-wrapper.jar            |  Bin 0 -> 50709 bytes
 .../.mvn/wrapper/maven-wrapper.properties     |    2 +
 openid-connect-web-authentication/README.md   |   87 +
 .../config/quarkus-realm.json                 | 1564 +++++++++++++++++
 openid-connect-web-authentication/mvnw        |  305 ++++
 openid-connect-web-authentication/mvnw.cmd    |  172 ++
 openid-connect-web-authentication/pom.xml     |  157 ++
 .../acme/quickstart/oidc/TokenResource.java   |   67 +
 .../resources/META-INF/resources/index.html   |  141 ++
 .../src/main/resources/application.properties |    3 +
 .../acme/quickstart/oidc/CodeFlowTest.java    |  213 +++
 .../quickstart/oidc/KeycloakTestResource.java |   24 +
 .../quickstart/oidc/NativeCodeFlowIT.java     |    9 +
 pom.xml                                       |    1 +
 15 files changed, 2862 insertions(+)
 create mode 100755 openid-connect-web-authentication/.mvn/wrapper/MavenWrapperDownloader.java
 create mode 100755 openid-connect-web-authentication/.mvn/wrapper/maven-wrapper.jar
 create mode 100755 openid-connect-web-authentication/.mvn/wrapper/maven-wrapper.properties
 create mode 100644 openid-connect-web-authentication/README.md
 create mode 100644 openid-connect-web-authentication/config/quarkus-realm.json
 create mode 100755 openid-connect-web-authentication/mvnw
 create mode 100755 openid-connect-web-authentication/mvnw.cmd
 create mode 100644 openid-connect-web-authentication/pom.xml
 create mode 100644 openid-connect-web-authentication/src/main/java/org/acme/quickstart/oidc/TokenResource.java
 create mode 100644 openid-connect-web-authentication/src/main/resources/META-INF/resources/index.html
 create mode 100644 openid-connect-web-authentication/src/main/resources/application.properties
 create mode 100644 openid-connect-web-authentication/src/test/java/org/acme/quickstart/oidc/CodeFlowTest.java
 create mode 100644 openid-connect-web-authentication/src/test/java/org/acme/quickstart/oidc/KeycloakTestResource.java
 create mode 100644 openid-connect-web-authentication/src/test/java/org/acme/quickstart/oidc/NativeCodeFlowIT.java

diff --git a/openid-connect-web-authentication/.mvn/wrapper/MavenWrapperDownloader.java b/openid-connect-web-authentication/.mvn/wrapper/MavenWrapperDownloader.java
new file mode 100755
index 0000000000..b20a55a7a9
--- /dev/null
+++ b/openid-connect-web-authentication/.mvn/wrapper/MavenWrapperDownloader.java
@@ -0,0 +1,117 @@
+/*
+ * Copyright 2007-present the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import java.net.*;
+import java.io.*;
+import java.nio.channels.*;
+import java.util.Properties;
+
+public class MavenWrapperDownloader {
+
+    private static final String WRAPPER_VERSION = "0.5.3";
+    /**
+     * Default URL to download the maven-wrapper.jar from, if no 'downloadUrl' is provided.
+     */
+    private static final String DEFAULT_DOWNLOAD_URL = "https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/"
+        + WRAPPER_VERSION + "/maven-wrapper-" + WRAPPER_VERSION + " .jar";
+
+    /**
+     * Path to the maven-wrapper.properties file, which might contain a downloadUrl property to
+     * use instead of the default one.
+     */
+    private static final String MAVEN_WRAPPER_PROPERTIES_PATH =
+            ".mvn/wrapper/maven-wrapper.properties";
+
+    /**
+     * Path where the maven-wrapper.jar will be saved to.
+     */
+    private static final String MAVEN_WRAPPER_JAR_PATH =
+            ".mvn/wrapper/maven-wrapper.jar";
+
+    /**
+     * Name of the property which should be used to override the default download url for the wrapper.
+     */
+    private static final String PROPERTY_NAME_WRAPPER_URL = "wrapperUrl";
+
+    public static void main(String args[]) {
+        System.out.println("- Downloader started");
+        File baseDirectory = new File(args[0]);
+        System.out.println("- Using base directory: " + baseDirectory.getAbsolutePath());
+
+        // If the maven-wrapper.properties exists, read it and check if it contains a custom
+        // wrapperUrl parameter.
+        File mavenWrapperPropertyFile = new File(baseDirectory, MAVEN_WRAPPER_PROPERTIES_PATH);
+        String url = DEFAULT_DOWNLOAD_URL;
+        if(mavenWrapperPropertyFile.exists()) {
+            FileInputStream mavenWrapperPropertyFileInputStream = null;
+            try {
+                mavenWrapperPropertyFileInputStream = new FileInputStream(mavenWrapperPropertyFile);
+                Properties mavenWrapperProperties = new Properties();
+                mavenWrapperProperties.load(mavenWrapperPropertyFileInputStream);
+                url = mavenWrapperProperties.getProperty(PROPERTY_NAME_WRAPPER_URL, url);
+            } catch (IOException e) {
+                System.out.println("- ERROR loading '" + MAVEN_WRAPPER_PROPERTIES_PATH + "'");
+            } finally {
+                try {
+                    if(mavenWrapperPropertyFileInputStream != null) {
+                        mavenWrapperPropertyFileInputStream.close();
+                    }
+                } catch (IOException e) {
+                    // Ignore ...
+                }
+            }
+        }
+        System.out.println("- Downloading from: " + url);
+
+        File outputFile = new File(baseDirectory.getAbsolutePath(), MAVEN_WRAPPER_JAR_PATH);
+        if(!outputFile.getParentFile().exists()) {
+            if(!outputFile.getParentFile().mkdirs()) {
+                System.out.println(
+                        "- ERROR creating output directory '" + outputFile.getParentFile().getAbsolutePath() + "'");
+            }
+        }
+        System.out.println("- Downloading to: " + outputFile.getAbsolutePath());
+        try {
+            downloadFileFromURL(url, outputFile);
+            System.out.println("Done");
+            System.exit(0);
+        } catch (Throwable e) {
+            System.out.println("- Error downloading");
+            e.printStackTrace();
+            System.exit(1);
+        }
+    }
+
+    private static void downloadFileFromURL(String urlString, File destination) throws Exception {
+        if (System.getenv("MVNW_USERNAME") != null && System.getenv("MVNW_PASSWORD") != null) {
+            String username = System.getenv("MVNW_USERNAME");
+            char[] password = System.getenv("MVNW_PASSWORD").toCharArray();
+            Authenticator.setDefault(new Authenticator() {
+                @Override
+                protected PasswordAuthentication getPasswordAuthentication() {
+                    return new PasswordAuthentication(username, password);
+                }
+            });
+        }
+        URL website = new URL(urlString);
+        ReadableByteChannel rbc;
+        rbc = Channels.newChannel(website.openStream());
+        FileOutputStream fos = new FileOutputStream(destination);
+        fos.getChannel().transferFrom(rbc, 0, Long.MAX_VALUE);
+        fos.close();
+        rbc.close();
+    }
+
+}
diff --git a/openid-connect-web-authentication/.mvn/wrapper/maven-wrapper.jar b/openid-connect-web-authentication/.mvn/wrapper/maven-wrapper.jar
new file mode 100755
index 0000000000000000000000000000000000000000..e89f07c229cbd97f4e39b0eddba64604d1dca9f6
GIT binary patch
literal 50709
zcmbTd18}8Xvo<`jZBK0OWRgrYv2An5wllG9+qRR5ZDV5F#y8J<-h==A-+Ai1->zC!
zch!A&uhqSJ_i9{AP7(|p{R=cS^p`JRi2scL{K5QrlonRvrx%wIVFddkCkge}H(x;i
z`Gws7NQnMl38ndE#6^S^l^CQ&5~KNHdzp}hAAQ$}vBXSKave>y8^1zhHlxN-BU;5X
zMPk_4Xv*hSts{IQU0x%t>VpX;nB;(TjtQ5cPLA?APWy*{m&vVQc8&?xiQd}FbcFuF
zCrc!d*JR$e5;cw?nqy-}#<$}b<}#pe*T*or!`!DWsK?0#!L*$7EO}l*slKX}qblE=
z7E{mT8>NTk-f5KQDAHM=qSBPPWK7dqpx*XSwPgDM{+FcTf({2If8?MA`SM5d|4Bti
z|5Z{eeP^KczoaOf|3A5z4TGb;g}%Mnzr=|0?->1KUGy&Y`nI+}`+tco+y9=et&J6f
zt-Z~k863@k4z!Z=G?U{~^=#9C1;Bv><0vEjl~nD-_!6!7xD4Iso&+7uh?Jxh0|@K^
zMN;9xaS|3eCVBy;9mqed?3SHC`1_x!Isc6RS@+<7-rCrk{7VAC{gX!DR^QMR_%D&7
z{C`RR-!}WN_5O42e`D~!*%grg_P+%D-&XSPj09|K93340?6tJMnYE&$zP%&Rp25&k
z-@zeKWyBdx6umPr2s1Ag9CA;O)ZkYfl#?wqNO($*?^hB$Lx27hc=}Sy#@M#Ri?~_<
zWsIB7zEP@jlRoKd09xHt^d4hehk2u=c#?xm!%>;LveRaJ^+ow?w$JAS`Y-Xf96h|g
z8X%*oyYLiNtIA?>ODRvyy+q*JD)|^{R8CKTbqYYB8KN2E3Fm?CM6yj~b^_wu-8%LV
zLhvd>AJ-tF2TOLG<!PuA6sa%xoCXw{<!ln0BD*5VVZE#LP$GjkuJ*>=Or;rt^C7}p
zo)sUG{<hmsf*Blt1;~M!J!UDyPHNewCAL5xRH)4?!A-skr>ir08^%O8Cy%VZ++1to
zMFAi5PSa-lvp1W4TtK8c4L!z7x*5lP*Q%sa5F!{Gv5g`g?tIbFxTAneW^fjcCG<DE
z`K=Ll@JxA5vHpXe5<Y*#FwE(qW7-YjW5>Kpp`t!_xFPI|#>^~D)NVjCeZ84xP}2Z&
z&exvl#-4U+UJQS1k{dX!@d^&V<n#mVJcO19D+X(YKnix7;t9pJ32Br;{)_|`Y<)4-
zsA7~+OtH`vCYkL9KP-)T=Xz6z&YT_L4E^QQ>Q&Tk>jGQNoia^DRAVJ!*u#*DzJV4X
zY!{sdw9`;?1POTDoj9r?i>x2Ri87@+^)=A^#{M_h7z0Lz(FmGIT`sctvtL+vi%=*P
zN=o>sEq9lCMtWQ->^4xLg!a{FhQ@(9ik3#FM;Vo*@ZMmuRzkU_*iqiH_}n+h4gm+E
zy2+^8JBfyZX{5$Kjv1(_q+k%ZEfxIhgG*@&y%+u2R7PZj<xnt%Lfo9QZ+?`tO4z=I
zTG%!`x4P2tJ4assX3<)X6kF9-$%Zxi0==lPCc)BRJE-bXR|1=Pa*iJ184^3KqaU``
ziU;X1tDap#s_81CU-bywAUJ~rH7n)izx>wc@6)QgP&~A(pL!8q*_i{7e@hQ(vu2FZ
zYig%yks#4qUPxmLis3rm5Q+7K(iR11uJci2Ei>^bU;IvhQuPj65z~2GG}Gspc8{)B
z!gYE6a9(x*Gc3TeKbo2$XTXqGt_^^y6M+{MQ(;MSHK<A~)oRV#u`2ZmoOD!RyhYw9
zY&mJ<SSRb=-uu<LmnVbq#LKI6#cu)9a#*!P>M11#)RwD^8>*5~c2n&ky{Tbl)@BQo
zKRBHdgwAG(h}K+CAU4(@QORS4CPWh^OpiH4wOEI(wZJMi3_4ba>!1H-uMC57%6D-`
z2`tGje*)Ewb3UL?-!Y$)f$DUgo^*%c?q8~#?OO3m^~^d%a1+?ZDK|fS#&AJCzpJCz
zcg8PFo`!n9m5<(Vc%fmPEdkC$LaLy+OJ!O?&#@ojw%7W1nR|gWa+Q*!7_wKc3VQKH
zK1g6Y2RMsynCO{eyi#Ou=`DV8<*9GlB23NOIvOLqv%y#Iw90?tW<|ePaNymG>XdE2
znSN#ARqESkE3gr*;_KNyliM4lG3HieMNTCz;ZoP#V_3O}gv{p`fz(}O7u#jG;dAC3
z$q}VyjhXg4%Dr;83(4BhIe8=&sos`%7kOa{GHmfh8_p*pcR!Ufw}NjGs$Qga6$082
zIxx6F!BL?ee;s8iIV3HhrrY5y+(Ms3Q%FTkpsc2#(@?&iRmt`UKWG}^Bi5PpDX@uI
zZ6M>quGOw1;lg!wU%kY8g_tqTF){M9ufumM4tn$!&^uZZ<z1ZH|9sBw&f3!db|X#-
zV)0~&q5EFzZ4EVy!6a1>FE+i6sPKs{qUFx4`sLWk-7FbBzp?$QQZjm*3+wpR2js7~
zV0QU!Pyph~7d_bjdN%!c7tQi_E?Nj^tnXy$C}iVeZE2%#1hgk({-=jlw30>RNA^xy
zB+Lk&HxGY;lo)8zi^lENpDr5cFMtrhFnH2SayFaNa!K!`5AZ1@LeCH7`$YuI=v4Cm
zL84{vQ139sJ!NG4a9C}__eJSyz6ZN6ZdN-R$+eyGjh7F3mT%sZ33;_T+=~}pTAN^0
z?mBAvIn19-@B)l)s|$Uw8c|wS46UJ6K8+aY&Yz%5F*!IOu1a<3_7$vtbPJ0iUTxi2
zY*9&6>gRS@Fs)dtnBJ_vzXg1#AA}SeDD`6SJ5TQBRi_-25pLN;pH&r@2O&g!lVi{g
z`Q0rBjaL!vI7M`xU?CS}8w%A3lP=Y_kERpP=`er%zB3=W-If8Sm35s>x6h`=rbZpB
zs@9gscEk&&g5ABCv8v7QVG&0jEy1tz$eO7tN^P75YE-N;TM>vxE`_e&Sfg6`B+?gD
zEKCf`FLsD;5Dz|;!?p<t^?ef}%I;gL%qPUD)u}EPwT$Fz9H>~NvPnBN>+9__%}dsH
zl=UcMxaPL%r1N2_Mx0AXBrIU(6bYb!L9+vgd-^L?eU6$V?>SuaJ9il!OA4^saHWqV
zz4-Kseiu-Z#pfci>>}0vc44wHj}epKc9Jmp;yHsJsRyNErBNW&gwrapUKy%L1vkm8
zw+=$KAu`Xp&s>Z)fkoX06adKsI70m0>mfxWM%fsks1Zzp!8}Ql!3pKn@pnyT%-y4B
zgug6~?MyHa^-s{f5B7H!r}(c~oT8h9BhX6jKLWNtPp)qKPL8HPYezFfeMg&r1`U-7
z+BT^C=s}xc4U)~vBs6N>8n62dH03&}dQ#Alp)jk1G@-`}=pt(M<1s6_!_h3I>`gQM
zL|f4;lV4~W$<Bq@S2zI<lO2btob|7_OU*=I2zNvM!M78YDt|hu=TG<}a&3_u(Jr3b
zV_04zRbU;{uVBR*NmnhpK-C^(5|Bq~26KPwl=YX8ZEl^`_ctrWFMxiIKKlvbce)i2
z&Gbr#p6e|m=I)&tQ#MNB65Fo@2}mKQTNLQgef<8a)d_q>q1-dC>&g4Bm`e~%sn|v^
z7;wHCn3oJANnhonhW}V-F7qTn4Q-L7``TW8%nyW0h8Z&vDzpo%nO<zuJkbboVOC|R
z%H8@ZJB+9*D%IeJVh_1gE0oe~O8Nq#KUXf@Z-x=3vckucI4JE9@Tu?)BC-1o<lAvw
zqAoFaCW&hmI)h5>h2A;Y^K^0#<Tr%Yq=j#a7=<asvTh$b3&NOLm94T=QX?IzjZ3?c
zE<F$rrwq^z;4Z2UO8(u@=T@WHvoz{o1r7?4wUkL6Ou3z}Lgcvlko4~@Nh+|j$j;)0
zdcDDn&r;;|DoT-!!$ie=m@@-PF@vnP00+|PI1tz#Bg^QRH5@ux%=L?^Pf=&DS{K-=
z4(#^LQFe#47lhjz+dlTeX!e1zT8pq)L-u%s6oYh+#r0%Cm;U;%$mGlIKz8Jm?ub{s
zzbtVKPZt*Ek0sjv3BCU_F8}YokLh2s#D97|H7Gs21)Ps8`sc|Vrl<@Kd4W)9nCqCz
zv{>ZyAG`e^{^#H$&Sl_YQ#UKTF-`}Lb-RddIe|g50#LvN1q~6+)i_L}_?p$(Y3aue
zkIT-Z$1EfDCJb1Zna=BOAMel4jj7@fk0<#rRyz>5G~j9YF0AG<DI?6Z->qddj*k*7
zWTe!r9fR2nj1@N!O=vRh$Mwe+w$MsC$1_;-sR2B=zu6p96Yp4+U^47283uMi+1d@;
zC&Qfvc3+#b`KDcRe;#3Sc(=z-x*D(Iu_~&UqpouGfetw#o~^H7tPx#qtSQ4-R$y@W
zz9~4*-dR%qHi^;%?a6Y}-pR5k7UgPD6ZmG@isKDlHrX`S<P!C3FsRTZsfra5_Nj@h
zPvuLZnsp8)EjSGxE>t;j&Fru1lGywhUo<(iEz?L}H1dg1aY`P8Xk%@Q=2QHXjimd*
ziU!qb5!5Ury-G4Ibuuk6L4e0u!$L9vQQf+?16AR;W1O-1w4)U#Bi%~}GZ!iHvD?G;
z>2$3xGxlvq=psz%#*aaJu;maD1OzxxyzEKW#TH)*Rsec_lBmV-Y&s@KV+0spGJ}~Z
z%8}PYTjf+Z-EeK?xWOmqJgZ+x#K0|t0m4+zg-K633epy9M((zwuRBnB^(GI_6h0$V
z8q_ypA47=g0>Xxlm_m@i1ZBO`-^=3xslVO8Yt6mgv0;k-d;>H3@{i_nw=G4kIkD$3
ze?U#fdUL3LebM@pW>g|!9e`R$CJ==<Vcq<4&f_{yC=3D9hKgGZ=m(1QA^NsGb6~lE
zE{EQ-Wl-uRWU)_2!lk$_f^h8ul^)I#3wR*iXG9srlu{W8C`v=Sf(8R`$gi!zu&5b!
zlabb}MJVLffABTMdQV1OG?=uS0mySw`}(R9b8FH9gHZbVR0iwk0@2IW>C6}z7He!K
z{d$?flD8B<x)0&|-6hb+Z61+#7!7)->`um`BGjtbI%rR&jd+ZGfl(INsA|eI<&NxM
z(E3=S8obr}3=W}ci1O`SBAkr9n-hHV+Tf`Xk{OjUc?p9X;(yB4w-u=uCT^EwtuS>j
z5qojzZ^70`EzQMd8V|}aR7pnyQR)*?m85<FVg|@gvC36h(ph*UF*B_4_o!+*a-|lg
z?SAIOE76D1{lwZW#MMzqi-#k_am7iJ2X$aE){X_n9MU9mzu1FS|DrvHGN|OzzQZfG
zfmxRL_Wdo!#}(wbB`sOe;!E{FBW{&`6+U3XJ!3{bd|=y&W4O$+SQOtEV?T_{>&Cr<
zzwe&4ON#@c1BD&gMzQJ~1y!T3Yx2U{?L^u&JcxY?xG9i`(1F1&&oDG@$~VR8eA=S^
z<z~GS(mK95k}uVsB`Lv&7BDk1`+2`lEUeOzihZIy6ju2oaN->UNFa8h&fZ7`;?bfN
zp9$C5wx2pHNTWY&rArwpZ8Bsy8i3{sh#aNcxG(}51K_btU42UL+a=7Se?cLvM+-{j
zLQtKm*r_!`R|AP3^<P9cLUGig2w7v|Qz|KpcHkd4I=_YY;Sy@N@|X2NMs4Y<?^X?`
zm5%4t91@8VM0z-J)7UO#S=Dx3blvuX;Sj=SZ*F#TRVdJPFb(xi7VHO2I4;YWRFGvu
zZ5z$p>rcT<DR(j<1$vMp_w~`$RPiJvl2va1rXCwFQN&4S<IA8Q4X5Scv)&?wEmbT^
zU%X~kF(~!jU1d~(HGSf^HLNYnROb@5{+?CP>edP73Ywh&agr0!Ta4f-!iyO}EV1b*
zqWZm5M^<*r0Wz!i&`rWvG7ZGqO$8~$?-%08PB>&2nPHxXjCVX6iMqnVoh9+sP2&R_
znC=jJ%kUR#+0>hFC7N>P^CZvSaGNt%R-o21Nxqjm9?xmH2Rwnz7N*q6S*<1uNU&R`
zKxBo=%uxuCH)y_@E5qKrGiETpfhlNKoC&`?ypL#$o3hg<2!bE?H!{wJ)ZHvs7H<?t
zYdYcE1^K#iL2F&)>k`lHi(+9ikq4Y|)0ePIs-@bea0X6qzB+aD1>MNl2#=6gCU44p
zx(5thED;EA2tJe~XLkh-oRU3BEN1o9QWW&sv)8f|mp?uylj@DqKGuHuTy1)uaTW7~
zGgLAj&U$5jAA{|+Km2j(d#!XDlSyd(Ti?BiokzcRnHfgi!?EYXbOjvA&25eAIl#7<
zt>>HRJ@*<mTq2J(MtK~=GO{-J<3-$YGpjscn|ck;Bj~%HNw3)uoJk!T8ln>pqJ!1y
zNZU3Xq=zP0p2E>MkNm{Pc`8@h2lG;D9KFB$wDN?L0d2G|5Y&xO-9b#l%QAv#_ZB%N
zf8j>aMc+jw1Pg?8X>xtvIn{bJNr_gXB#h9=-5Pxip;jO%friGYkP=6)b{4r@C`5o_
zpS;e(NS;dpk_sZYCIb4wR5ldt*~nt~L+akRnqvgn0@xWFIrXO98$Q7>pVn}~dk@oQ
zHEI{^RGZaLBa3~YAKb#(c=dJH@8pNmj9dw8W&G}KxHRj)NP~oTTL@D*C$)9c0lPFi
zXA#^3x5YQ3JUo`|AcR!JdtJj3x$lRpf*A~xIo%@oF6(!g`^u@Hww5mPXi29AkN7d*
z{-X_kxdWBJTg}^vrudP^!v&clM>{-v;(8AGjE0-)j~8-jiE<;cOQ-s-cGy&w$ffsB
zOhigRA?@=N5|N6a|D+vTwgZMIY~`RGxdRygO0NTc0s?n;U3&EZ%LgQ9y}07Y<!BMk
zJR2Kd$V<_%zuLfx`G>~_@c`NQ=0eGiO#*1PET)x_6E03hlzRrh(+}JM$Wz-ecl9bI
zgFsyI9*j2+5*76R3#AjVG5=E&yA%0&e10-w<LU3=O>U`dVTZ<P4wxs?ReRXa4iKCe
zH$Kehu85efRY=w<+_JFN@|*7DyW-UOr2P3!NwKvU<+g~N7gVveU0?l|;F@CF;th#R
z))HC64-*Dr@!PC}E|I&j4r(l96&;KqYu!NZV`R^7u?ug_h9T~}ke1w|w;MpxVqI1V
zJLEVkeM)Vw6>qq+XoH2bO&{40V@#{R`@M&fGNC18W%P*Yme4@8|6ZEMznS=z`#aT{
zeh*G2umQhFunWJ+@{w^(?X_m3O4SB&-CxX0PxyY};NXXs9;XhQ&ilcdJYI)6X0^P7
zg+mT`fofIB<aS#OU%{cRp@E{)0D-K}0bzv|yPplI{;&_a`*3z2J-ujd<KERn%=I#}
zGa~g}SCG%)n<Kd(%-I3mV5WDT>lcfoNT)j?QZE!?Kc?kyhuY|?)&QQz!n-|hg|3k9
zGe+hBbf0=HA2tzN1d$c+h;0#rHwvvN&DK}M0z1m3%k390Ex!JHsMZf;e2nN*<sf{9
z!ChNs!r<`hl!5a-Me#KKbzc`28W)z+oBUw0bfV{xN12ZB&0X6smxJ0;*;G!Q>8PwH
z-HG4VCAsgWn;x$;Ba?5HyyvA$y0I=vmta>4l7v2aAv)8QHUP|NX(m^`T}hOoU0cB+
zeo*!)tq|^4vFhBIFy432Sz_SPlUr!g^nfQN#O#S}xQKUdR@pq7oS!sCRO9(&@!%Wi
zw~n~!%SsZ-toy<k+I6i*aT8B0(v@4s-#mr)<pVvj59{THMl@9-{G~ZP*@A5zMEo|V
zwu5`JReAkv_OHge#IBm{KRk#ILr1rWcC{=Y8=)^$53Y)xeTK1a9O_x*SMc9N5kE<K
zvI&RI-aSZqirwmDLT2;5==1RHHc{kLOVB=&aB_J>Ae>0fNQ~tpe%~d&9T3b2-SYPz
zSz4)Xf7P%fXhP<}LP24EDEm_>nP+Dau~Co-jg2e9$h4Q^{P{?xLl3&cVXqxX--|pn
zM_tJwJa4;4I;6Y<E<bh@nX6N&9G6d=6q;jC=+Q1f-Jaxd{O~P_MSf{afa2tZM6@>P
zxLzcPjfM6EXL<D@L+y85^x69a=XJ*`R$^v4j=!eblr?am0|7<Ag}2B`_<l`DZJ;5{
zCMI6F@>>mm1#Lg8q|)BP3&2gHZzzpWZ%&I+Mqm595)JR^xEu}d+3ay4ROI=7Db)D6
zvJ8#>rhFmPw6Y4czwiD!pqex5D){YMNV$Y2Yg#~qJ6CikbhQlgqegDPM0l-(?KEMX
zi~95T{5iu0q)R==y5RdI`OZe4$5AJ_FAlBRfv7@8DX8I=L9MvDN-#*Rx_T32=MG(z
zXTdqDCdW<ulFH1aJO*bL^>?K@m5};ELW6P+QSE$;qaPo#-~t)pzdrxbWe{Wwh_;3Q
z^2HeY@3I-{zs+X;qlEKsX^e1G4`R;`<e<;ogt!>jFHl$v-zGarV#UY;Ud<^RN`D(G
zpRV9@{|rXe3=pRP_<Yz<eD1ongQeu0=Luk&Iv}$o_QVc|A5;kG8>Q8uC~B7ojm1R5
z1y4r;8H7m|_$wZmp>T3hyio*vT0CFF0JYkTZ_!~5DWWj1`2;=b+F&yEV&(PW6uFO|
zj}CN=GgxT0Zo)@zq!E&BGGCSCF;|4x<|~~m?awTiAI^06Pa*zF>H_Q@QEUDPx%+4Q
z&q*EC->E^|+QCuZ((>OM4Vh|gdieWJpFC!T>Xn1Z5tiY7bb~j<r&k~>!-G#T@Fa0`
zbdm;EhJeMWy+#+8Bp$jEt!=5V0i<LQc)ijYV9-VSK+<0g;Il;yX0zc9W~;NToto~O
zc0M)_(^X`YL3|A_#$At{ukRbL2km?w@AO~F_fmXOdq^mG=Zyv`eBYfF`@b8BrU&h+
z&>0V<ujYpqU?8s9ff4qcfh`i3Q(FoLr!}2(=^>FpuvJ=Vvfn$OEw8O^)Ej!d9&8Yt
zueCim+pO9(=9C%wby4CV2?sC27+cyUn6R#x1S&RRVR$CSW5Sci!T7Qt!Hf1qVW7`D
zXUI1$(!~;}Rx#7I`Y4j<i$2J!_tXKhPZ<jKW^V3tO{rS>r{5hAF`&6LC&ymFv*=}}
zA9B%^DU1!OavWD~x?rKpq@UzU%bzKv#*xQQpoPz?l#H?oHuYnD+oo`8dc9P*3#L|*
zv-UoawHuzsHTDEW);z)N)+AOd@5;AEvki594)_cK*tik{l}5v%Rhn6$y2ECxxUg%Z
zRaQp7qK<WXf9f*1kaRs0Fk-@tPj*#(bgr$nHQ!rbUg<L@VVBU4W@pU^%|@lDg#qDv
zVlo@@gTW<}q@`2$6?LEGg5AMr!#LYKC~&8#m;^$b#OOFr+&znZ6X!?BBUeX?HqOr>
zRp##Fk!)lFd*N&Ay8HVJO)2sP(~8z0DUXxHKaZU>1IJiblL4c1sdI-A+SJk#u7RNl
zEpdo)m!hec2qybKE3!^ImdTcx$V*a#gU0*P1`h@kg{yJbRS{kVW(NCmQ_5-wglJdQ
zT*WC#f7njenORx%0(EK{R2x_fz{I(Z7$X|8`QZmLP5YxL-h=BxPan5&9kHJhwt4{v
zy1@WeqakU>vNi79qnzEoZ(0^P>AcTs>J|oE?rJhp)Y7l6rn(Zk0A+hjpyJPsQw+Ls
z<!|S=E;KHD1cn2m@BVg_JF1s=7BN-n=;;889}M5hK4s9_S@BGQQPX?-7EMVgrP!<4
zYem^j4!(KhH(ci+vFl}ngu}Qv|Hy|#f=2XyJK^Q}2-n7@xg)o#XEypNY_~$WuW!I7
zAcP)dW<pi;q=1}@zw=~^i~_c;b#1(v9#XbDdX93AC4mmG%dbo4cmA!Caa`=!7S9wr
zKmV;|4k)~A3k?89GSg<wpQBVN<@FDYg^|muHcR-#ho)<<@N<pBUhSxysH6xaKCxaf
z*>b682?J&rY$;C-)a{HhPvc@en?pUWa2Ba5^9i`{dosi&7&l9OTbKI1PQuH?F{W`z
zYG5wduidzR@akV&6Qqawuw;*u$_A!?7i+9SMWWu|9XF!in28jX@<h=k>64o^Hs?I+
zx=q5UGo9+9Oc%B5|7AFDby5|Y@0!s_)F>JkzfGxWspFZ-Q>@HWU4<C5<9S-6w7@5u
z>Z$=&8Q5*6+Y3`1*L0Ax`c@HoIPZdyS~6p<ybpn<Yv(cGO*<o8s^ggmvw}xXHJH$i
zrCZGVQLw8@$e88|!w7IukYGZo--$>KN%d6)Ka^Rn;lYp&B5~%=_EfH6_vh&GV|q?r
zq)2-4kIK9f%`EWw6-rSlH*X^>dJ7qRCY0Z8MV17jcfyVx2KoLF!WIJ`{h}((Q6$f`
z(k#^x#H#2#9V$xq@^EA3K3-LSX0_Q5#J!ED&>7-Lr_HRis`5%REuGt7y~dP*!6Z8~
zS_|QckuVoMYTAvJBgr-FXBA&B2K653uihbO<3ssw*)HAjJKP1LeQK|!A{*5)csJUU
z#Ri2B5|&tD`i_}7@mRG)!zN>zt-hrRA~9BQX8YWEe8f^yIMX-2M@Aq_c^c&?|H|kI
zy}{G|iNYsYpU~Ar2ItNmtwlP}b3}|z)*KvA(=!dOeU-w4Lx)|Nb1_9rs4HsNin7Re
z-2Y;5j5nN{N6Cub7+1<MqWS^qm}bBJi|9~9G1*j++d7h_5Q$G9(O@7u?Fry1#vJDB
zK0492-(KXLot^RoHxM!^m&cY&nU?Kiwo`qz#JT_rNjc%xdZUlc<8O_H`j#2mt@;fk
zSBS5E3P;BEI@*y!G?K#D-`B?=QmW=CiVMt{B$j}@;|Z&G^4CWQ+TG43mBV>qa+&p~
z{th3;wQ)Ukvzk05ZeBMa<`LyX6L0O43jH#zE7>dH6L1a4ps?7$+OfvLQn6DBcH%{$
zW(#QU=T!VAeQg?x+owX+x)AD7m@#u+8(&eSRrzX&HgG`++W3TUtx%a!%w7x$b>2d-
zZf(KG+CM}Kw65mCl_W2%vl3=mD+@Opg-;#HC|rO5&p3c93id<5l_Rb{Mo1MTVoXm8
z_&^pspqb&6%7n>_P!o1YRZURT)TWazlUOLZkwEa*PA`ePk)I^p8h!S=CxSBxU#U_I
z#7wi#<w{Z<$<aYlUdGI(iyH{i%9s<iT1m2@Et)?;$t?elLu?TeoJ7M@tqw<N)GSI(
zmKBDAO8Gr*9_FNpqttfViYHVTS#0uN!A8QLs}4!ij>QzU;skL`rPmnh_EcH9mSf=b
zsDzL8h{#FdLtp0|BT%uxPG54YS6k~`NbRDiePc(+HKq`#AWfOYCM<`#HdOVUP1-?`
zeLKF>?Sj>9yx!eTXPVjT;5hiF5X(_P19DL$bR;|gGC}W9Jj|<`A==91?)rPRrBM$@
zs0hK1D<Em2$a03uwlJ#7E?7q<N<}PP3pl*E{{GG13AVV2T2+$E>iB%bN0)keA-&df
zGy(CLY^Y#v8@^tc86RzFN#MjxqeHdHjNjykM60&NsPpj*o)fES^pUXZswTY?jSH%F
zl{{48RDyTw<h>e+KiymoGMa}TU*Di_5^;Lc500U-RuK}m9C=nF##ZU&9`Oq5wKUH<
zQ96iD#WvhO$A=w@E5<a;&k_aJ_$FaR6t1-fTA-Lf&>7>7)(^c=kW49BCl)KXHTPCF
zvW&hO0iIPV%XvymyqA1-w9r)hd=LE){CV%vHgfcyqr{@#5OjMrcAglV-tw{M_&FC%
znp8?=BeEsYI_V1ACCWa7XEJhj>gnGV3?pOI1rBTe!<9wr6xjztfUSO!@R%k$cXS>!
z!2Kmb(R!(M%7A+NT<DrQU)x8^T7t*jn%c^b<ryh@r$Y<b>Bad}pP(G(hF}N4$XluR
z_#`tB_hZI$LH52umM|e0!7YS6>bQY@AMOTv1%Ak_HFp@;{;j#$qWLL~+kBW2L%_CS
zYueC00Fui5mTrp9W(m!uyrvx^I8XSC!j=H;CCPNhvDXOe>S0i(l(Q9uotos((r&>H
zn6q=jn9qlW5+?ZcgJ}XbauWygNeTdn-!F_WCjs)YkORN($?~KG%2;+sO1`B05*qi}
zxt<=X{+2mW{Kf2Uy`qhIyj1fVce1qH2jMoVJs7KHi2KcI&jyXACQejU9(-#Gzps@8
z$ySv{WIYj<X8Xlc>(?jT^JHH!oU-0AD2)i)9+Wax=C1*5giC!xLEN$Eof|t=h{0N#
zX<JZ>!J4Kr^2mE-yyy7A17^$f`OdQPmbn-=7tr&eE$vtlRbvaN=99UjG0SVOoRz-K
z-xENm&0g-Rho*$3gkls+W{LF9g{=IN3g%f3TlA&KUA-SmQ7p5<+~tBal-@0cc||0V
zeeYEznqfk*@0|B+7?gH+ow~V0mnV;`9?FX*nlvZoG=o>In7WORRApsjQ3fKBmt=(K
z_&soKFQC;R2h6PVDU>}%o_J82G}^?na$?dzT-k$(%JNeDKES)gbH~=v@nx&yP{QQ!
zw6a$uUzzDPv7oLeX|brzi=Uk*K+b9XmO=uo@ScbAYRnLuOIdZ7mM0XAylfbIL++$m
z9ZD8B(#;dv@$&_P{hif>@YldwXM)*s1gBa#k>X6)m>q`3wD0|LIIW%`*wALAm_ERI
z5OZB5>~$t+cR7q%!5d3;_i-kQXcu?#IWuFvo#VpUL9J6|a>!ZTpU`Z(4WqM;$O~1l
zJ7Vj5D;S6ydix%2i%yhbbVo4Wx~JFA)Uk@OeOlGaZLaZA<&<FEzG{FhSBPG!a%+d|
z^M1o%60|qiCBO%16xlnzoTXsT{SC8g=smp<sXOu#kZ%)D`1Z41=cF68yUzt<{>kR5
z{o;hwGh{QLjn}*j+2@x_;?qxwl!WY+SK{(wq3+|WN2K4YucXb~y89AvZo3@b=-7SH
zT&aUlQF?5j@8UUyZ<Pmiv&K`*8LEmp=jy))dY^7dODb$QLbH={J{h8wJj%whIN#%6
zLYL_rpCL+1CnN}j=!4{<-&+Ds5un?<${Z}b4ZE7y+nj3_08!?mFtQVQPMefd83d`F
zME2D}d{{<X!n`@jG-B5v+xs@rzZ|q^t%Mi&YI438THq5wjBW~P=QNyTdw^z@`JBTf
z)K+|Sn!tZ9?37*?TzAt0*??vT-x;R0vT1>-qaJl%K&yzbNSPQgKng4H<JAon78H0H
z7JQjgHx2Lwog$f4F^y202iM}09A4Ga?fG*CUNh(TfX5--r`QLrsQV-gw16@4Fqw~t
z_5A^R;DDCd-ld&}W@Pbo2A%z9H=SgCODojvGhTkPO@R$+N;nxcqCP^9It1zXi@e{Z
z{@I{(K}%}6rX5`Q7XJrd*xJacOvlgmE0&8v+7_sO)Q%{R<J;F1{>OH^?^089&CeWO
zUul1HOboQwh0!jY6R4jX-{1-vMQZg9H|fbSBpMsvM4HAm+T%PT8HQ?2y0erBCRXg?
zF%k+3JKuxS8gy#))K|BZBWNWa0Xf!$oZIE0CbMZ(vtp#HB`h?mj&s7>W@oi;xJS7e
zle#!c^SOr^u8^~diXNg{7RSe~hBW|S^+v&K!xDGxx+<t_xf{P$F|5njtHdO2Opb#L
z)zl7+Ro)@WQ#HUxjH5w4)sMqn5=SBKZFn4B1hY7}bNflsAks{?n7>~`>z`0<@<bK7
zf{s0R;7+wkXvd)>yIgBDd#=PD*Ze#qYfjDhbQ!U3b47s{=zF!U_XzbJYv!d0#uOwE
z@5r#Zz)$A!#W1uNq?mYM-t|ME3{-qxvuBFGiX}~{hFmxmOrR(nIOYqY4cqLQS#n|{
z^g<&_MjzATkP`w><Qv*^&^OEdI$s4ul?=C2yu6yT2X~1qbn%nx8eDWpHR|@DlB{U#
z$inH6-V~*FGBUHvY$0Yi64VnLN^CH@jGAZ-9i7x$UrdPj-M)4@Mj++eXM09fsfiVI
z>GH}JhanclYYPo|Xaz4#UT+~(CmDDNnz6BY>j?{LbPY#+^dCoK-{s$%xq0@6z?XFL
zC(58$Zy2-6GRJOg$J|)a4YotTE*)T0B~tE<RrNOB6mS>TM8oZyxdp+h{-T{?DI&~b
ztuIG)li44+y#f6^g(AjdubCMB1pBLCFetE_z4izA8bb7U1q1TGD;P-Gn3()~wIJ{h
z=w(h0o5uyuLUr`lwp<Yla=#VLJ^3|UKQ;^n1w;gZd^^0gd`V%p@wSQJy7&pu4<1SM
z2J%6*>(CyA6<jOsVKe2BHFulQ)b0KG1ha*bWlF`wN_wpB`Rg~B{{6FDz+&v4zi&(u
zfm>D#t^_<F*mJn@XK+^I8W*~CZw{xXjn0{KGxjpCf7dpo_Yvh3c35RopWJH11{^_r
zgQSr}J2j-k+RBPY@*_^lAO->etG_*aN9ay^o@q?(L5QT6xX*lyS5&-!$o=%(Zukem
z66?6O(zrQAm0_0cHS<3I+bA3<^*1*<?2}}(OVwYtef{90@N-Q>VVMn^XgBni5c7)l
zq{&c-$z5$zJvSoXx_wD7rRjdC#uGg;_r<+uhb)Dj1QX@?wAj(0FO-G0o65JzOKdNR
zvhvmGpivSRZF#}w_`l*_Fpujfe7pWad$$1z3o8(JGL(gDd=_eS7$Rwa{hKPW%JsM$
zgi_Ra37tR^T`snZBq&HC)S3Kf`pBqc`Zq4DoM@x*{P<-_*4BwCYZtP@FX^_VP^j^3
zl_09jz&V|873It$Pr=*EB=<#wC}^YIZ<QEyhU7NhGM38ag!$JvgUlC>GSj?@rN&K%
z;+4MC0+aJ)MysRqgjr=g6AO3D1f=!93u3XR%#K<i^EV}#i9Y`Us0yH@-F^E5vbOqL
zcnjm-nUnNiz-!fi!#Dp0d;JegfhV3S&S&>>t<iqn-uF-dF8M?aP;=CDmQ_61lD7Z4
z;(Xa@c2R4uzEY`8QKmQo5w`G$I<T4rwovYy8C+e7nW73D@KXL^gY<_lXy9jid?Ov+
z?JIek$7R>!#OGt@<?XI4-xJf%bAxC&IB;Be2ksJz`QZS}h;m9c9@kMNG?)o^=aGe&
z`Xhz>Hn>F4v8Zy&1wE;SA%C8sC<_!xJ)q{(k0aZ|Ut+4JOzS-MEqv?j_BF+{bX(`+
zijSJcN<^EKHBAAQ1<lpP?Cb1I+_NZzm}=|hN8*wTmHcc;v+GyTbdC401#xLODNH-K
z!bvyKE=Z%h)^rrl@H`1sJr}vLJ+``%vOdd^<Ov3sVsRI8Sj|b&Hupg<ufgswtLs-X
z*{5)i5BL|Sj=P|~!t1dSFKZrcztzZVY)$lB^wNK7dLJPm;5!;d{@Mp*oY19Z26`2l
zmalA>^I|T5u?wLYHS?i{pU9uu`-Z&)@%xUd7%DmRh^|R`t;U57im=T^MuIMIQo7Z^
zXlgBMq1Sx?#3jRNm&4pwS*p}Ki+YYUOu(Dwr{Gok#_5sXOzm@PQ!3x3`2nDyRq-sg
zJci_S1Puu$t%PgnmP3fXW$)_c7GtG=qrm}3VJ75FVx)5wTbPHdn1B*qnrUuEyt<FN
z{R`z9q}OAcF<V|(EjeA0A#<h@Sj@bzr;~^i4Hp`3DFD>GA+z+(dPqqv|3buQW9KnH
zghqk<X-N$miZm>%^CZ_o3PqwFFNDfG5&a=Fi0qT2kffTtaX8#LD4Sc^Iu=snh1_%~
z!>kFAKtX!YdUdb_g&R52?3D}{?WdzfUc)V!Iv}Eye}T1#HJ8k}QLXob&?PlUzfoAa
zmAynytj$F{X+Ou9qBI##>TVU}-rarNWbI-M_wsg&s>*2_*Z02Oy?hRvXh{lUNxWZ4
z<epj3?>!Y(3Ez<LP~WP&%Y1b)0V5LPR@bsn6vOnZ(h|86pp^4CmXcEs_d14Ch9Z45
zDEFsLa@yBE7<?CE3HU^`k}dcCkVT<U*ny{=N=D92CMxAw3~W7^5_wTkNely92{2|g
z>9yksGPN+;2y`C{2eQujxxA({++t@+yVXEN&_7H1h8K8cMjuxPZ_ne8chtk&hfgyQ
zkiamlnJ42LFW{^&s+E&}Kx>x`#|~qek=UWVfl!-b+;&9=@>$_%wVIL^rfxMz&0}2R
z?Bv-rUK;;GjbuGo$pXlxt!b3%p-Q%9;Evw6R59x;V?&XkXyk}&wEF~wXdWxjw45U_
zmgY50-dnpOq2}D~iF6J1^e8>=U6~j@?zVBxBROuWV>G1xGiTs&YC}s*V9}<6wB(5=
zlm^)kozg93SGIVydazz-(J^8lXP`YuntxFSq_cFn(z#JNHEAqc0k+w?Si(;`b$gMv
z3aacEx}D-MUs0wBqJj>S*Zkc!^FpaG9@gm98XsPc_KYK+@*k!uJj-a{l9B@DDADCF
zB^~k0oSE|(wi|(%SQ`w;De<a3D>~|*u2<Hf{_R&X5RW_B4FH29!x_7^$xMeYjdbko
zIlm(xsazR1DB(2dj5EGh=vJdG@Jud{*W`OgoycWX8ohu(5cR7+=sIs>LMJ2jW@K17
z=R>?biqBoDUVY*1M-Sn+KsS9Q3YyxRW2(QlBc5=V1BV^zlo<xsIK*VhZb3^KBQ3l@
zU4Hodz8n}`_e?Lv&Q56T&FSUJd(NHGOIjD<CAF2eV&kWUbH9c5lmM4qAW?6wWPZqB
zh8f@dp6?ogy|d4ItDvRZ#YNqcQhbF25xqvP-UL-vdYnX-sLNZtbz3K1I_VYLuB&uK
z-g>%Y-Hcld)z#bnn)b_XVSR6KX_*&`vp3p?>WQLDxI0yYq)4OzOdcS9b(Xq`p;$$q
z)mur(?R(jJrHxs^&2J$kU6=mE>%GMhP*nrXe4v=V?HGwy?2$!An}pLi2`*_i{2}@j
z3dd(`!_Hplm%U>WwYdjBYf~@|jb?ogkMdk?^a1xa8mL?6k`gJ>Q+<tR0v-FiK0$Rl
z`6LZvZ(LZUyN^ig>75n7{uTBkgpc`|e%Ds_HNx;5{3;tl<&bAFdA8D2i`Fz^YPTA-
zMRxR~=GP+_T9Mu8v3kg2_bxTohdf=ob`M|i%&hE_gwb2N>QYK11>Z+LG&FySDW!rr
zojS{ilq|pKdY&JeaCzBj&_3QmN{8J+HY15(`c~kD;ne=vK|nN5yG=xA38TOxfnt1`
z&FR73;+KKYz_1cjhA>huE%FTpdjIBpAS)GA%k8pAexN8ycu_86I$UVK6+=(0n{+Pe
z%hXYl`}addMEP2+ugT~`{tU!Mi%yevp4pnVT^j^vut))EYwbuzV*>NgY7ZG(73sxe
zLcJka`<rM6fg~zn$}%E%X5x58xdn4?u&m>}xOL_Yr<SAjUUixk6wYl3+4R%NSiLa?
zcQZfFZrns=LY%@{<SI;#fWb*a@-SS8l?MJ9VVN_cSsOc;>83QoM(kc~Jkl?5F!ZPd
z;pX{WB^O*2LrU4D!VRXqJ9D*ETPT`BosyQBSx;dD)Oq|e8E~Y`q@}G8LwC}ZB4M6k
z`ri;LDm+&mbyxvJ;D;`s>k#Ekf+=nX@UlxuPJMT}cCcg4Rv>HKh#X^~;TW}&AE9|+
zwexrJ89JGH+jnk_g}e4YZvG%EH!!}G$x}i(buIJ^Q2LHMLOgur`8D?5$NAkWR3&3n
zBs-kbt1a1j@%OYPonk<oCTcBVRH*j#H8-jaWx};O1XdE%7{i_hcjB?MQ27UmgLiVx
zEhi2ZB5l>Zp82a@E%i}uk;WTqnO*u>HXWuwJfnLu+{uz8@TmZ8s+yyz5J5C%j6KLB
zzzW<UH))^ub0!X`&5w2fNj<rfgYa$bPjgF|J=>j$O=+r%J#7-AJ@8RROm!~$zXg0C
zV_65&0U_+aqtS2*9#j^TpNnmGuh6XtA2t+JIYSSnwwt!$v-m=>WOfD=TMS)M8D)1d
z+^oPNplTvtEQ`Ilup`5d_qCV9B&P#-JlDb{Yl-MvBI<AVo0OplysmLO7MqMfGhGSJ
zOGUt|57$8LTM@xL%fD9Z!_QDA?m3fh{Ny^0#9TaL-;rLwAD+p+vuV0_3qOxWmmQ(9
z%IwuvdbG+^Y)PN;Xv0mPb%pxu_9&?x$sT;2Yq>=6e6pNOz%W7xIGV)tD@oikH9YHW
z8s!ZJssP#h0HN^8IwHfK;7D=)qET-v!-V9NI4zJb?y!op{u{v*b`1W}bNegOK0PWM
z*^-w0=jh(h_eWGe`2EjOV9G(X5-}QR;c|r=4(BGjJ9rRd+Thga>Imr7?+(-g>KtjU
zGH0LYK7D##ftRXtPcLL$+M`v~KYx$nx63#JSAO>`OXLvUgt2zT4<gMyx#4!7w_t_i
zgxvN;#y^d5hCQV}>Y8zTQJ(A>N2<v^Bhv)YzP;nfb5gG#;sb^53*;tO>ymnDF-_Ri
ztyF``TiK;N@%6oR1a-9~9V7Sr8qqNfO4SAzG{Ea@*h(<R0+%K)hz(|Ep2Q6#AwNP?
z=R?vOO3ttNg2<yZoT3=e`r-|wO-L~`*3?Kn&1!4QsYM-P3(QtEN2=3LX{MaVOm15d
z5A!$qsM99piHO+v^p>JjUQWJlwx1On#)9KBjlxgYq=e`UWL#}?d;^%IrBbh<6n8<I
z$zFBz%)zMmqV)%hGl)a3)X_iAC7Cyb<}4e(=Bito3_{<Opy3@gLKG++`4c$LTTcm3
z<OI!*t#vL`m=S!4<}RbeTs+d?)H<}}+e&t=M~|It<xo+XJb8faZHk!NqS5}ISoYJj
zk0})(4V3s!>^v5~6ZZ-FS0d;{(GRBm=SJPw-!{;B|1NTu(|0uGcW?k&8T{!UlS$ba
z>RSq#{kgtoX5i##X7kTLK2kwj7EK<Rr=GrDPF1bx9*mD4+6>Eae}amc7&%frpCXO-
zNzZ;wXLZfeCB0qqO*3sd<!K9POBCfm2iL$ixa({@H5FiTF_M+_{tl&wlun4>TQ2oz
zz>J#N6%o86RCJ9*FG5<nJC%1twAYH?gjU*|rY=e*O2gP-9u1dRNH`jx_f<wHBcuV#
z#~jJ1_^Ycn;Y*Q7z<$wr8J%}A>a+3ccZIYqOs_<nPO|y*+hf4mZ`D$o4b+V(=`<ca
zOg4>x8~w#Z$t^`MI)hR_R8S&}3RH=Ekuk?IUhWo(_FY2|2K~ZPg=af%OUZZT8hGM{
zgN6VVNZD}Utx)eNr%k6d6CdZ<$j)cnJwpk56|UwsXVdyuNZq>Hi(xqA$&d~vZof}r
z=|Wy9@FfQ%ynyrPD6$G2E;PI|>Cn#-Q~^U|liXT(Xi&ql^DE_+0p08w7Y-_i3Slm^
z^{5X$^3}|*5m~ZwuLDj{F6W4VIbc^mOO(7Y(ql`Vb)$JpG}|v@k+IrTd3Ft?E88**
z2eK%*8Jhq;#^m-Ujt02*aNlEr-h8}~#`3)#$U6U_hgWb}P8B*Yf~g;ef0+rs&6Ifi
zp9IhGZxcMa|FxO?TXvVJ^6Z25h~i}-nM8*P3Y)U3M>9DZM;}Ph01g()SfeoJ?B#2R
zSC@q8#=oKLtP0s|mQF}!HTx<f>AqP!M-hj|p8JUOp1<0qJ`!go#9PEC_WJwx^JItH
zt?|R_<!8t9x1aG(s$ZmGWz?J*N--M7{j#*?lN<qVbBnMLzh$B<E(Ef7kHT-=ek1-W
z)_Zia5|=z+10>_8cUPHcL0BDkrRL6*&&3O(sRj?t3aU~TQz+zPVFZYt48~VkrL^im
za6!?{*|E)K&fEy|gs4CuS=r_2Ej{%wD++=sDy#CBz=AHAIBxr9I6HbQYs{NzhZ?Gl
zz=`OXL?qP*nYA2Zu!^=Dqd!4bR1gXP2vx3;odH`R`X~7V18%>wW>eCBG_q)Ti_{~u
zR`cGq!Ug4j{a(l8jqNJy2uP?(RiQePt3_+a{#M-XA0$X|5MHI93Txfre<_(rd)#Kc
z7uH0<<=);Dx}TCfHK^A~j4wd;(}niPEhmKraf=C#=)7#t_{7@YokZ9NHmZyxXcyL5
z34pgyKq#7*PTzj9;A`m}9Y)nA7GBAyA^9>*ugXpkorE^y;j%s?t|iRw9`dV+PN0Ss
zx(JWMRj=ss8u^EUZ(HrJ-eYl$%Yl4Y!VQJr-V?-eoindr_zHKtT)X{{n?tE<mr^Za
zp4tjPUA1~XDplTvNwXKMdgjV^EJ?ZZqLC+eN4{h&&ktcB(Y#DgF=)m$;kP#xLMQ6j
zXa&q+Cv+LCU08toP(V+Dl2Zp!W5{lUS;`Twk1K?&l{vC;F{)?`loVh&R*sG#qhe!y
zAu1qjzSAY;=$$DDqqZa2(`AP3?dHysw=?TA)TjHY4pIEMSp>Juasa*-jIOo*fNz!{
z=#^*t0sKaz%zpz?D1CE~YFDW2x1zBLX>@!%tr_c!Tqg#VQ$5zTI+LdhYs}xK+9F{h
zi(oM+fV_n96wNiV8wE{YZGaN6WIs`d#pX>#Xd`#lY84t066V~6x~m>_f45bNjE@eM
zvj&#cnr{-;w9P;{*S2fQ`JgD{qJ<&ZqMj;CeOVu`&p>&}*fyx+PM!(GAnFknPhmZ)
zE59Av3U{8khl`0Wed6HlQ3?;NIA96j`@XcvhW3k+6NGz+OpkcQW>2B0{IEctz*A$u
zq+efh5e~KY)|J2EhJ;91u}+uJOXlt)?oOp_TkM6qoAG`KO?ZwClT#Al&Tmf8kA;Dc
zUlaCh+261}3`!k=ZJc`~f<Gll5|Dfign7k)s1-4+|1dJ|X|f(Iu2ofd#TAu$*QO`w
zQRN<UaVHIh{k|D%823##x6v%hUyL~XRRkCO2w?|Nm$HCjQ}NpC?dSc31tMI=g3ZXD
zIY*F!!6zvO-=Hjd!}oz_rv$4RB~oK`?YUFf!e6=)-?x)#yvcWoe?U~o&TWPaC6^HZ
ztPU-TWACGh-qFjNs!N~1KE(X)Ou{ubRzMxK-&Orw{b^`#T;qpvl_YR{VD+4ChjpB_
zyyOScXMIU7?A8p@+s9boq5NIL`Hf04L&5EmF;V(L(I@bVoaPeTkx=J59^GK2HH5kH
z$Nn^UOy{sA#5lfrkFs+95UU|=TydC+=+l?+HzuS^pF!l)aK+lvM)T`HvTE7vA)4aX
zf_jdCV*a??{+-`J)A3>m4A8xmdc5K5r#)H^CS4v%)L<6Cd$^@R+)#G1^-VIsLxrk+
z!ZWS*SlQ?25@8&g2}8>&ZVGc+h_3)o`pNOrUpf1e+}78N3zIRoK7#aE%>{>2#E|Ej
z#lXbVLTr4rTy)gc5~0|nmAgL70SF(!n837tv8xM13XI6Su3nRww<>O4buYhoDN16~
z%8G1!UDF(GsZ)?F_OJPcCQIus_QMZ`jQOXiZFsPoxK#^iThgkPC$=o0P=!0Ve0{B7
zThcYC+*l*!ZeG9~avCWT{pr|*@=rfQGON7INb3-fs5;m{XjxsLD8eFNzwZ+>%_My{
zzP>AKM0s6pMWIbGhBPWCOxbx!j^GBFYD40RZH5JYOmKlLJJEcdYn_q{ZM&D|jMc53
zZS}WeuY-lF_o66WHqGwCg&0h>ws`gS{>l}WT0Z0Ndv2m4%dWQ2MxBrBLf9#Jx5MWL
z82o{F!mgndqWt+Q@+&7KUAX-#1kbs-3vW-jO^U93t!}?d*SPS-7~TnXl7`OfD;G)E
z`}H2Kt0C2$2`I@Y{mkT=<OyU8M_(O=xYGnIK7|#{@NO)=%7+P=H+a5BgX;|KNZ_2t
zn`2D0Zb7>+XLZ)4(XWfd3z<y-`CA)d?Zg<}#HYMH_u%+YsDXi?@^^E2t}D&ADCRfM
zR}Wbbn#8Zyg*4n1D!ZFSf%DCbgosHsH?V%SOEX=lNS9X^&f)8Q)zx`QgR5Z)!mLCe
zfPF%&-0n_>o9^}BpbkMSo&7P%Fs4Z`Q&vZdUAW`CZwsWwFg~{rp9G&*WW~1Gem(-v
zM1LL3!Jf3)d{AG$Y#{z!A^+Ro9nAmz8ljlJwb6g#0F~7>(NwX$qroA2TXIYIh3E5-
zq2*B;!Oa#73K7DC^5oj#w^QIL0J}yc(-Rlv=gKyBy<<1roq3(mh1{~8m(k|0S!6Nb
z2F<M;CX>yXmmb~wZy!U|-5?y1m#mg(9KiO_nr-as0{G&{*IC%9_Mlxcc6`loR~DX&
zRc_a!aV<c_N`fQX6S(sP&SRwQXbtLiZ7L_uBlroV)Yu&)g!%XHln|b(XX?kI2)K^(
zc`|w?^9_5Z-*`xW!x&PKL!{+7uZv0JR+UZ)=S@kb;rIe(K2KDI^kfCx(_2ABzvsEx
zNOO5ENR5b@Y^U6hE4lXDmMkFy(2}-++8ca#kF#Ji3jc?-cMPtyUAIQNqmFIcnz3!$
zwrzH7+qP}nPCB;TNjgqW)_V8Z->Uu9diUA8PR*LXX4U+2KjXT_b&c_i`v5S*TqR^g
zWlW#1AJcmkf5c3bP}qzoZFXab2W$3=E;nVnkmx6BznRG*1>AmPupp49q=|(7vpqZv
zW;FN(9V>$syLya{7}2FDRW#*A%v{10zcl6hu~Xwd2!ZVCaAmJwyj)sZrxg{4lT$hM
z^01<dh{Xw_8O4w{k)^wd1}x2B(SBNU5kcdX8U}4jgNcPo`vW)>HlBm_x^;%EM1{1r
ztV>1%g7!L&hx=TNO{NM$CW6`3FUW@9l~|_E_q*7Bic9){Xt_4CJdTxy)}^#i27CUI
zyA!n1#|xl@TvsdQJS%wM@w^D2K1$dmdD8f5?i$K;o#lN{7b%khdfP{*dl1eq@s$db
zwgxy!ww4OXfq=`#E!&9(hfZINFJj%COcycF0$(U64@aKDM}34D8Y#2G0YJ*F3~>la
zER1<eDZ(TK+N?_N6loBdn#yG2)=X7fBjDO9R^oRaYTnuxyfwZA@LN$cNY=VxDbSdV
z!bC(v#%ytt(og?h0uy6BgXK8^+#S!fk=mJ(q@tw);aQj~<k)gs9L!q2qk%kkn|#K!
zjkA!hJRcm5F{r){u`<n3z8qXZs!N!+D>HOMb>l>=k9d&Sh^WJ`-97;M-oc?Dc9$tP
zoAVUXP92Y_zn=|OLWq}%!=YuDzEsNyN~=`&Kv$(JsxsmY`ZJk{p<ps17<76%Y71}O
z%+L>~D4SZU2q!5(D7TKhP7G}+cAHD{U1pVhOLdrbsy?)wp@QB91PFySQI_yKKU{i&
zG8c)gBcyYWex8Kn4dH;a(Zc-i#k&U3EQ|JYXW^4op(Kl;c{x92F5`&l7sutto@}^&
z)P@EdEmS_<`$)1H(Xu`A6U@byC|@tjHVdwxHmIwnK9t4JMAO%{<-@Qlvx9OpkXGB{
zt)Do*#LKkZS2xE)-2`m7XLxJ!%q>7Y3;M9r@d}zP-C=%+vvJi2FH>yIvaI2Z?>-^k
z`{4P?fO*L-H3tq9Sc1z`<$0EunSz#-Zf6WU&q5N)W`OzjMHFnZYiSQr0lha#wj!5m
z53zlE=l!G$8N;^uvjTeN;P#HN2JB4SwOIq&h;5RS+eVe^OjX7XS>0dWCtWnP$n)V?
zWtj%R-tUE-fBiOHfOi)tPCy@KQZ0(H0vPtpjB8fhBbLq53h;t&w+pwVd%OcD@W+*@
zTSy(o*dTh~&KxT7a>Cui?k*XGE2LADAn?c_N2H<N!?}8RLbz7Qb`BDC!^1o9wipKX
z64NCt^a+f4W{uK(3S_Y~>w(MJb$lvCIbeJ9fA$DP^$M#=jj4%Xr~38&m6{OpY~}rm
z_K#ZX38Y7J^7UHm%2#O8zjsmpZF0+h2v~x)HYVn#&JOzjX8=x0+*ZU=Mjq)w6F{5~
z3Ir(+ZJM`O9So)sXw(RY5vQ~kL=*=eKcPoc8(6N*Sl#SZ`Xs?~5*dz$dk20iz@FLM
z<g4G{x+n1T$$4G%oIcwA{BVcT1D!%2M*p3>x$KsLmvyp6!Mh-RxpA~vZDZ-#O|5=3
zBhq2&xKcZbP6%D5`W9)4W7FL9vP<<oYMe@;@)*v`1gFs?Qg^?XtFUe?rdsnm{cEhb
z6opn?oVIT}z4|R98)F!+uiw$CS%!0QiHsFBKHVor7A&Qga_-q=(WQpkwJ(QmBR=tB
z4h?yodAA}nQRw;_<afy^^;%u;Y~w=hBgH-vENB$MeQSgK7$&{Bq`^58%EFAkeGrZ7
zz})KD5C6J!^1`3@+<nrnk9h?)(3)P<5t>+O$n9tEmAgZ_CAlN$g*;G|*J0J|qV=xS
zXYD2RV7<9C#Te{)_Fy@w<4R)pBWKVqMZ_Luy|FTSS{gKG54X!IWjz}A3H`_@>XEE3
zmol}#an=DcJ~euuM{vI9N+sdSqoP|IVb>VcTxj2o&+*bWsufohgjY3|U&+i8(!~1`
z3e+)Fp`l#=tZC~s&!*=f1V@`X!g-LhV}m6ShmGheY?t0_$#qR0z&bz?EF$fg3zKT^
z#EKnO`f4Dw@SgrLOibrU$IX=Zdv>^R@#1DWw1t{VOn=yxK9i>a)-=MAF|YW8bgDd_
zK(U@kGC5jdeoc4E4sJUmcjNs7mn@TiAO^&II(M$o<4@ejBK$yl%9Me+oqimxaps33
zDIf+yXe>OAIhbuV?E5R&yV)HVH-=cdxa@qsI|I__D&Mp_gE;p|NB;4v(YuI`NPX-p
z)?J&^8w~1}-Yt-1+kI4b_EZsX2Om$$GHvbNX+^fq(}LwI3HLQT{z)#lesL||_J#Ft
z8i65g>IK%X=OZLB?<r)L%1b(a7hxF~KB_QO`rt$0&*Q|f{7e}vvaA*=@34qmC;zG;
zA!iF;tEw8rjAxF;Z=H|~AC*~tv%RaqzHKr7<bHg(LVVc+d`bOS=5mV2Z)uQx;lC1p
zCVqhXaV7dI-P~h>M^zw$sh6aW5b+J7h6VHtC4&&-fw>ccx(6RK#Co9@N--xP;G18A
z1fwa$Cee>3BNtNsP=^RmDl_o}5hMM!n(SX0%#W!Mn~rV74E;OaLW79U1UR-Gxey-g
zSqE}HHUPOFpI2c@mWb~NDE7KDJ?k&|y8Sz^e(Kj|gZyuSPy2Ty>OX)l>}G7}{GY)K
zNvaT@NGmAZzz)O_`baE#$x8YV^_``K#Kt9C-&luLs0|Ikiww=J;NqCi%mM+8;%kN0
z@yS=3^Q6{h8tp5MdULH1+Ts~kp1#sO*^ef~QG?%h?;g#!JRMgYXS(j*mOphofqPxv
zSVM&&4T_o5W`ApVNXSZAn%-*}4A1{|-;}_1%=R{YaGGPO!Uuv>$y}Z`3#&}dkb;iN
zSzc)NPu}`i9JTX(oQwO&>r)gB`5{9R5)$t{Kx7C>2(0{^XpPY}#toVLC$-JL>hMCI
zMsrcnOsSU35c$cY(+tbxsx(QtwtCpYRkggvfCVJU&yBgg$-i1}>h|NHY;knfPPgmL
z0rZTWD8~S`ok-J?XO-FE7ZGk5W6t758Rnhy?<w57Xe&0`w7_YWdw>5WSa7B!X=18l
z5Ce7Pv)njir3q~D0jbcgpB5qw4no$YX2%gOLy3b85kq6fjrJ67vTKvl=n0UBz^>({
zF^SX~>0(jk6{J!T`e6otFj0M_Emim#RInm?_Ln(5s2W0|fw)aX;0%!Fey79gNBF;5
zCLLA}Y&xsxL+<lz)EHnHNV(U<F<!hwvTSoGr8rg<@DHLeJueYNsx(3+;6S2|XowEr
zhZ=m!fWCUstf2iyosEoN1{RUQqn3#|Uk+tMhS4u>x+pclFu2BrY;L`wQk!sS{Y7GV
zLg3&lHq=p<&~|P*Hsc@p<Obg%eqsSXFqCO6b?$At;Gwg~7T5*3rkycInK}od5oNQk
z@e6e-b>m2ilk(CfxDM|cVvkR{hf}TmM1U1oFL41Aqm9aiaf1x(tOO*?AwdbfW0vaY
zmE!D$p>U!BU@d^HGIzgP3}=|2k+nV=uHx6vC<AAqA&W|c3IY_%IYO0~QniqW{4EL;
zBDV35iF6IpQ}a!0+lX(l=Fw$t$eHdHcgfi+)Lktmg&2bjNBOY}mxFV=AKZk~NR+q(
z;tEB%>pC!?REACS{SyS43b#IH7i(i0?xvN@LtcI=u_|%jL6haCqB5ns7k;?p2t1{6
zfhg!pEZQjV9*GUUE>Pk=Mkq;%-TG(<Ps{ea@zm@A3-C(4?~8O>HRtxDTI>o;-D03H
z;-1#WsiPco&F`@V!qww=Od7BdQP5f7X5F5`PGlx;&QYYk1nQk7K<>4KSQ(8om~MQ)
z?F~#;zf{l1Vh8<6<o6i5Hu0jQ*1h`~!`=<0$`XX1tz5e`k-2C!y*#Z#41$xbdJECF
zRFqt8O#DRJ)2^@8TN3c3<j&XeLdioEYfW5F0meZ?Hg~M#g{zwj%1>U;ZOWNb3pqAH
zLlo&FK9mv^b`&0_q$7)kB$8g<O#kQ~jwZ|p(<~m7Ne9|sR#cHQXfe^aXWVyKbC<Ep
z%Jg>nSs$9OTG?H;r<}JjNy<#~8Y)jNSGs}7@71BjFucvH^qnU3`UY%Ax{`N<jzRlm
z%?Ul_hPyB3TD7A&v-@OC<xOrV=EiVYJ2r~3oALlaWK6eT!v8jiC8W$ZgmRl?A!aH)
zcR@gOoT=(2ZyKXmRQ)I<`6eYS&e!FCZ82Qze_6-rJ9}OO$FHrBc#B?##M5Oj>G{5g
zm^yW~Y;Dvoy<l>$@exWIPohpvtJfZ_3w8?ynsH^NGgNb9*({cx`pbcmiVePFg3Ffh
z!S>b!p4H~j_;-Z%(DjX{N-cgfWb+fD$_QS)NCPQ5jmk4PlJ9_c;_?>k@|#HHD~QW_
zM1d^|8+_rSzGHfm>SiB1XX%)=NX~4y`f>1#*9;r$yD!BFCR2d}S{C4<>}3C?(h-<~
z4VZsMC@S-siFR9=Lw!6E8+N+aygVZ@3y4Stc`NEkSB6Mq_NQknltT+R!PP+aJK|M}
z$DfH--QCri1D_<*?ZD7hF*_WD74YW+5&<6fr5(kh8P8i-3!yfw!Ye|a6&gMa&0cTA
z+tDM$X4+im%E0DkM2_Ra&C53woxx9IxEt4|f*@CMJOh$Wc*l#<Uo7Yev1g$(`+aD2
zF5f$b2|a;o3~zt!xt(GDNt$)keu{c+*ChS!5i5dgaKg!L!@03IIBpMRkLR*M$yqwr
zn-Fn}2s?jIkbcz@{y4l|V}QTqf)a2WT_M&CC`G$5(tKrx9;vx;hA6mWqfLn;*#pEp
zCeic6Kpa~YIhu?%R5~_KvNIm09cD7Kn+m(T{6S>7fE}Hj;Y@1@o74m%@j7`i7U@L6
z8)|SHpK|9-zH@~GIytbQn`nzk`-<~`m8*xccS4H8y)Qr`n;U@|<v+vgzhjG3y{R2E
z3rXPS@h>3}K_k%!*MhL1j;HclH#n>6V{C-qp`Z(Sdq>{}BY(G7?~n8Xwj$t|fq}1=
z?G8f~PoP5295HqOEj(|GtD9z7p+YM_!(Rmk9cL4xhoq2wW^GSoi7($BUNg5scw5&q
z_L!;#oN;Q2kC;9p$y)319ZhUb4q}^pH;KKi-A$^@^__e(8Zb2S%ap9hatUzQ4jXaa
zII`PPIB*9dWM-??TLd6|+a$8SynE^+3H<S#dEQFvLnj$ubD+C=*j4|)lwCZw3N1LB
zb_ycDGPW*$%0t=KS=YZFRgc)OfK+Xeos4`t=ZJOuokzHpAVhrSOq2dtoZ_IkaEF<?
z^#ww;hyP@S3XOXl2IVkk-x&^9R-92CjHVRX+;z{*&^5Q9iiAF9TdUe~UY*b*IyUnW
zo?d}K55#sCZeAC}cQA(-g7As)Ltv90>4}OTfoZ>JOj-|a8@x=fQ(7NuspKXwM7l3L
z1OJ0`8%nU<(kz%$e*VE<koa6O0EcyU7O*nC{iluX$MjJ7t+UdPDdzbdh2|lLy}EEC
zt6|4^{SAP!ee0Gpxr%R!V`H5AdjJ)}dqt8}{1x^F{zxw`)&_tc6<%5?JHVMj=cceV
zZ_hs9T)wZT=*{;7?jKXm(?|h(+*b%JHPXLMIsY{`7U%ECj-l1xC!7A)G$G#q?$7uQ
z{t<U+=p<-sZT+=<k}|h3{u-gaoId{<e3_+uE`!OB&P^0?BGH9{V0~Vss@Aupu}-<T
z_$xhC&XSPev<LPad8Jn%S@>M?Ui|`3YON4%HpJp(idHz0CZE@ZcH7Hw`gt09;F_1$
z=eydl2)H-2B}zx>9VIJlkj~La|Gcb~P8Fmkt3+|PdMP^#Yi5;1+hkQhrFmFYxHGkt
z=r00t=mOEV)N>LWl!urgB7HW3dq!$k&<9|{lbO`yQ!9Fqy)dqTdS!NaN+5JdqQLLL
z2x&c<bZCKD`$6$~=rbzNI^&M(iFYP)_OMf!f*hXb?eoxc6Qd<dz9+V}a2aEV^H_m6
z44vSDT-jZAwjm0{q8xEu78KSB+rG>~O8_brn!pq1l4X$|bF_0~efFw%=zv#~xjmW9
zVh;r$L<Z|R?-7<NLI~N|H~3-<RL`QVeHZCpl*ROg{=59>Uzu7S<)0DiPN%ASo9`EV
zl4QRT?RX+X+y>z*$H@o&_-0-}UJ>Fp$`=+*lIch8Qw(%i7CK-3;bse37jBP6;PrMo
z)_!+-PO&)y-ptmKjn;oSYMM2dWJMjAtsA5_3QNGLII^3-?;x_z(J+2-G~a?0{1^_*
za_e@{*;gc^9caJaJV~lCO&Oy%$IL1d6s5&}=6e1Hwvnl~F`@iO<-88RUhJiL)X{|-
zff%vtNZPUm(J_Z{_ROR0o|EX#G5pP&|0M=oLDrV8DS&CcFng@j1@?gx1_)en{Tgh<
zK4h&n<)?n69Ipojg9vw;e@7#ofMJjcQfi?*o&jwiMHNVC&RbZS>~ZTOza-0-qmq`1
zex-N60rjvp1C_uSNeIii?6|W^+JfC9m`xsfmg{?zSYamlgU+%Vm1SR5gwH)se|&W<
zw?^Enk~P02{!;Jn)ui7g+Az57YxB8?FHjmi^a9q521_B=MH7!vD#&Ms(nKyziA;nf
zQDQm<kC~}?l&0c+nH2(ef0~sB(`82Is5(iLzbg=PL$r=_9UIWd8c54_zA@iZgnNOI
z@0n|r&|O9|OpRvr`~$W(M)EH2U%6dMU(o&c%L(!SuSokpsd4`vb5$yqnpncfJ|R}W
zh^^M){lW=@G%RdlQBR`ekp0#c?dlfsX)IEVAtVzvom~fp*5PhXAAOeSP6K%UoSOOu
z^ayh|K=>II@KL*`re(1oPrhcen@+#ouGG|g(;A5(Tthd3rpk$zR$o<66m}O~QtU{!
zN-s}RfYh+?*mR**w@;=HD8`m<GL1BlUuLaOubxJKft4;#2KU>YE`w%PG&Rdvbec*t
zxDhsF2h$(^B`0`8K;9SQ5)7r~lc%JmS|$41gWovR2u7Ipz({g`dr7=+b>1qt?E-5j
z(d1;ZB1GUdqPPHqLr|3|c{ADdK#70(uFQC3{+=uBkB5+{vgk788JM7M0<&gaWBE|7
z!AXWjw-JJ0-HERtFPM{fvy}kGMA(T5II97q-)?^3U2Css7h=EHJ?$3K+z7oxvo`Vl
zK4Mn9d=M9!_nx!B#o{cLj93VL=%cU}4{&C9aUd1CL2R>;=h}Emc=^?AS&WD#U+;}y
zpv+Y|{~+;ToF1F3%ejmh%L~}A_*bcwH0YISk5N<kGV7JRiVloT7bESw(KD{d_4oo5
zg)bu?VxKWh%|tYodkf|YSyyHkqoO&&zR{c5UAL8OoC~-iI76reNfvstOsG}L=`aBI
z6s%R}DX)!N*m-r0kW{AqXLK45bb30^z}+Xrb>f!A)Cj@GPzYhMj07^ASau5@fQ!xZ
z%|mL5;mB|@JXIgvR#>+m`$~RiE-EzviX>^CMFGuCeadAXr#0pWAwy#L0~I2Va56#e
z+&eWVSdoHkmP;{*EGlX(u|eFVrz(k8aEKDMlk<#u=PcSvi}H~8kDE}xO_)3=b_l8`
ze*yIc*2S(N>EJ7qt4WZX)bBWI1FD4GMr^9C^N8KUij=k{Va=U54_7By=0Fkq>M6ND
z%Oz%MZ#hIV9O;Z0q{k7_wh#8)VcXL{9ur9Qv1UT?wLPJ#B}>7P(CQr4*U5Bvwl;D%
zm@J2qRIi5@qqr0wH@~H>Gtw+IZ(>I>QC0FR;6p_k<dt;qU1x+Se~L(o55-ynj%B%s
zgSjDC?IU8klVbas9Y*Wr>yaO_hY`qR9zig6n=vXExJ}d5Q?16B70vZyb6<Nu{h9Jv
z(VGapi%LuALwG+B{dCP{gW;PluZ-Y=c=44%N_l^P1Nr*5dbh5*{?0ZcbgQsfBsT9}
zT?+hkb*g&VGrp&;fn4nB(i-Nx8)E=FO87F&MV^e$RU?2e{@Ev_&4U9*&nKKlfL5wh
zhHot(4u19wb-5Y=H-~zYEA6>j!*rI9oDU^}dkd~xN@=}y1n!_3`2||ujKOQNcF7V2
z`qHl0l<GqBamoR!CTS;PER_uK{wa%28i<y9h5}1JbAzc3HGr`9{4DL;^2y#mwmW+E
zJ^QKlH&EA@zHUnow0rA19T$yY6}8=0YIDwqPtpOoH|_XDAY>@wD|(Z?K_<SHxYVp!
zm<cYD;j~_+971ur>#`i*oN*Hv4p<%@zBtl$>?Zj;^{>L+#a72M#I^o~LGO^lm{!MW
z`}w^sxFMvm6*VfumbsWo;W@BC(^F(z6+^vJR5jy^&kD$Q-{a<ORh;($-hUKHi(`C|
z>aPv%^j9Rvzb}&iEgkunlF091>TLa$rzz}aXl(a?wz*lc{IdP@$RnS^znt>%Aw>|Q
zHb5dHL<0x_LP!Zi0q|GGOa&(A$u__}$z+IdKHqo~>u^A#5aIsJc0aycU%%^a^XhDW
z)7qOAir%42%$6oPlS##yr9k>4HBW9Z@8WIq*pHuUaADVHQ<wrKMcgt&8-a)miRAA8
zf|RAOUee!yrx<thv+4>W(vsF~o}@IJUANtbu<eFpih#cxEjld-#tKFLC%@c$7Vf;>
z;K9#mFA+I=fs_|P%C_m0Auonq0RPBy%QLJWMlD<Mm(G*I>A#FQvrQQg25q_)g()N}
zH;0r60ZA)uI8<4^gsApTpG4cS?-4z$i%Q4z4F+C#g{p+`LEM5>d0E+ACQGD(d*n#c
z#kOp7yj)a5eWW?u0tzMk*BCjNi@XB#6eXSdV|l=pe)HO~<HdU*PK78L#)T7sX5S=<
zl;|tlD78w%N|WqA4)E2QB~j_iXJq=->Hhrzvi^5n?q3e@zwpSUFCW_1!F6Tzg7n;Q
zegOZ;O@c=<4jjxSC6#3IyU`hTPPW=q7`|_L-hsOj#gGJu70%U#6nB|EW;(9l-9G<;
z{pQTp+(#%EW6Y=C|7Kc<Fd;XKHWm*;@*pU~X^#v5+_(11P%|V_NMJ#NloKTbFc}bL
zL;Aqq6MtULeBjGfxbxn0S?CAAYmdBc?jx3Nbibq)a-kYxje}JGUTaJ4BNm98euYTv
z;DV>l5+k;=sGrp+byge`-f7k@SyALk7nzudjuOl~Mpe{c?8-=gJT8opined1uTg(C
zaK@zB)@`FZR@SPP;_8X7AD=;jyT4=p$WzCkjhuIWp_JNmBlPav&&y{67(ZHBsDm~x
zS<-gc(xpg%fLHe2Q<X2G<$<97I#ZH+a4s#)0>#2yWy06QTxG%M#4N*%)egGo>)ygU
zdAPx1fBC0>kee+hQR?f!I{wxe#`HfpFxh{FnX;xTk}C2CEE-v$c&}2MT7{aBAmLz#
z3SUKT5@IhZ2!9^zm^r$X$^6)$<g4UbNVmGKmstlS?YV}w_wPK*2h)4o#`kHX(X1v5
z)#b@F$LX!@e|*@V_pfz*f$hMy&CC$co3f<(N3qJJ(?&63ijv&+(4RY<5X&mlQX3uF
z2PDX(C8v+I7n+$GA)IV6VxokWYZ=0xqiE6`K$+IpX~CUHx;FDIO^~4Gaga{b=oyoD
zQE@2f)jBw{EBR<zqs@(ntLFt-Go=7zG_JSm*)p#cm81<Kd3*`L50?9Y!_~CpphQED
zF>oQwT~Pm^J(2Rk2vqYlSEF&cKNG=*bAhPENt8Br($a(Fz1{W;44V}|U2~L!=BgaS
zA}Y}^bP$6XmrO+^mFuLJjnMfhT^xibNM=#6bmnYA)k!ZKERY$M^6>8`mp^-daIDqU
z0E^m74gBP51?o1+Fvr0o6gwG8;$%&Fw#UH%ci98U$CQb;F!bRFMnD2jwYXY~=96`5
zEf-w)cv1U`hEf_BrInbfjs}rotR=}&fcW8pP<{_6-nELdk{CJ}bk|z6<HuJjfW%3$
zOJfGiU(EKI5pCR*OPqv910oeYGeq>KBc>>;DM1yg9fvl8olsFEi-0+ejZ&aTlpKBQ
zrZ$<%Ru;xwIlnuvQAPZutn*%dSPU)*evkcBCtB1KX}{|*weXczl_;?&^|6M_l~Flv
z_ss;Eo<GleK2wGVg&EU6b&pFh@oOb0?vQh?wou+FDNu436-6fqConyLig0O~QEHq!
z^fjtT`aU3KQSN|ewlj8K1!rGiX0k93v1fCdSamXsps?`DfvXqgt$d5TCAI+a`0f6e
zPhLR<h{?$>zHmKtbK?zZ*@^`V!E$n4NbG2tt0<Ij-2IQPbW~}$=osL75iJYpkO@n3
zQSaa7JYU|&51Wc_?l`*pvEkY*Q|QwIh@gh3JC=J)`9usCN-Ss<Rqi}kEP2b!_;=*o
z?UO@Ic&I8^0+PJkqq|I)+N{tn@)P1)q@4LYFflpG83qCIR);;yJX^_~!0Zcbmi#~A
z=-PgFCct$ZdxyN&P2i~$L=&uu+~6LQ!~nC6-h$4pv*|>13CLc+yr}BzzFT8Qzef_S
zqeu1($M$YO-A8qbXzjRWrbWH`50vQaYe6NqJ;n99e!e{*5oiGV9ueStVspEsa`Cv?
zqS1rx{PvYI4}hWF602_?0XyDJ`y2}qal<gAYyRTZXId1O(zlX3q&7(jpM#P-yH&uK
zltp-5Q4lpM7J#E5O25X}JP;ehblXF(xMd4E_=rq`1+^jGQ3P}nnS4khx#6cqjA1Fp
zNXJ38ZDd1KM;;O8uxAg%l#KW%=$zN-6|*WJ^SURNBdooc1@r!Z6N<DX$!h&R#lT(z
z_5@yU`e!g#ihx66#`Z^453MLpHSMF;57fCQSX`eNy-rWPAE$?I#07s6=h`0;0N(4O
z+xazHEXQdVz14*tLH?kxczV|zzn*zqUdTPY{k3uR%VrvOkW%v?O`fxf9^ETz!QjO6
z1f*XUfz$#5{6(j%bxJ&8oHb0ct}f-tHft2)mZ<%-|8(Gzj__wE9GlsCuD;Y)JHwT0
zpwYHm*<&2W#~><@$ED$=`*T$SK_u~KGaWZ=^-@XeIKb&>^VD3`r_()QnAbI1b6I?2
zglJYyicy(9Hdh4HtVFC@P#&3PFRlD#*=A9#l|=YTuh0InZU6fo`QJ{0|I#Dn^c@_(
ztlRu1U+WeTa|cH!MQ4Nm`1voR?v#q=Kiu0N#Wd8^6UuFFJ<7B+wL9A3Vl<Bx;z@xc
z1NF&6E-kCHH<E8~JO=svB!KR;n}SHkHJ~9>eFP-DHFndZ$qO$=N0aHTnVRiy&;}y>
zKV$7S5^3xE)fgWle=%8mPoS(;o}P)U%_GT>5?w5@Pq64hvYNK<K4Hx`kx{cAld!6U
z8-Nn@x5^4esLwcDJSE#jWEPTfCCFV?skhyH)7P8M8A3mY)oebDf{(Q68TaMM;ce8&
zM>$s~3`CqRSBDbF3Z_)50MFM6@W&J=;A*UmQwMCS8jwu2Y8+t;7N!JRj(Nvn#OtxU
z@N`wBf)4ANVrO#!ejcWRKSWQN+jR*zfLm@lo*O8hnCq9^7anW4P^wIy-k$sPd5NzX
zQm)yH^Z&@(&Y^)xu@90Xf*zPW><<WRz2104#<zA;(a1qtRl}*?4fa3Bjv)eq`5GeN
zrP6To8km?OsLqRbFR>_%DO&e|6$$7euMkPShwq!-mtC4K>SxDaF6L+bp(y)L;vO&v
zE|euIXB=)b9_GDXm$+eZwgo}EK00Qsge@UoAnF)V90`IcU+D1#C!Je8$~zpJD;j)n
zla++*b$xEW%m2>I*n+_0ZF1m0@1d<3Ka92g&A(f0^hi5_9fMW!i!>u@d+r58cjyUz
z>+`P6nbuK61*b*CKi!E%Yap}sfZUR5;VOlI$ZVn6x;?CM^iV3>8I5Yy=wX~fkN+^l
z-ycN(-u4)_q#8(;s>%^GAuz9Dg;4g8s3Uq`0|O4Nn#CtwUNON-=7uu#r<V+UPqM3G
zXNm(2;yVa4;^n5_AHT=%OgFv(iSj_oOu-zOqC|IVYQx8KfhPDpdw^c9X&{XVmF>EB
z_yxBEqQx1r^LPJ>?_ML9LEU&}tHN&V<MGqrm${yvXmiHyHfY`xb2=uc-mm?h>p!X+
z#R8b3Ow#$OrU<3(++7KS;BZ=zMg+MGSP#wsH9(Viy+~ZbwGhx=r6&exf(hvoxQ-X_
zj!jA?lTq%`Z!pK7Ir@R8@EQ0%s$8ZriKpZX_zQ02KhdN{1nRY046!LmQ)Pk<0<A`v
z7Ipu@V~=_!ENQ+d5y{_Tl>dJ~i~bd(e^DgIzpz=9^v???Mm`;Bs<fa$Q9$qz5X`Bt
zLtg~ENF}5w<G)ECM5(VeWj1?GJ$!qY>5dg5nHz-b4Pltx$}0K=)W(#uaWy^t=3?UF
z^0+fIv;FPJjt(NAcBd6Za#7e^QiHjUD5>c@+(WxvrOZMzLZ*sTsZEcnjqs~~lVx{3
z7QPl=twviABam^0f`g|k%euwKQsPV_nLv@%drde%+55%1nNh8KN~Pw6TV&E8?nTI`
zr-u?Gi6ENyCn(aB4G)a!z`rb<@cYNkX-up)NuO4SO;P@EYu-r|Y9iOtj1kn|Sg*$l
z6qQG_*@T!L<dgQ=O1ua;2Nmd_RoV^sg`lEb8s2o))?7|)#0n1BRcU0jP6*@?#o@Pd
z=5zWf^1$8OQcN2b5m*$O>ii(j-ccT9Vt}0T5UoRi?G%o0Q0AnFBySxPF;=q@h;$`6
zE<X|d(jrNf#nO&dA{}W+7={&?W>zM#PfFSrDb)71mv9`OUurX9NEx?ZCd$*KofU62
zcW{@slw=>QSIx0*Bi`NkK!I(;m^FusG+&b#e`TP|gc)z!nYN%XKde7EC+Qe{)3|;o
zfPR55iGvY^ttx@OPd)gAup`N*tGsdUmzU5VuY*f-JG#S?RN$T3_U3wjc{|G&{Q16?
zxI8O(PG1)KJsIZ58M+bvTlO%b@39?E;MTE<B}N^cbn^0d>qh!W(t%$138sA@5rJXL
z=GkadAN_l4o<|t(wE;=pPvGu5KSMtYq*MsMcGo4{XuGMIAQ4_TLl$P{Pv8~D5GBPK
zxwHt8=2i=qF%!O{GGd#cPVwcrb25i#Z>h`o<K6Tb2%zcbPc9or&S<t7*#Uzi>K50%
z7w7b0FRg9!g;uCLx_=-53rmwM;cJTP`!c8g`z|H%KSzLov5BpN@xN(Pmx@TH@SoNW
zc5dt>^8!V}STvBtfkfeS@I?k7mQj3IMNxl@qxa3(GByAy5%;>MIkUDd#W+@JDm~7_
zbnh`7n`G?7sfz54jPJ1*+^;SjJ)52`Iq!F`Io}+fRD>h#HXkU1+w?Wg`%BZ{f()%Z
zj)sG8pern}KwDH8vzqcRLyZ?IplqMgpQaxM{V$i^6%3hUE9AiM5V&cqpPJ7nt<!aS
zDV~ezz&AhIwehlvrBDmL!n-bw*X!QZ{h2YBo|ayui<(#}-hM&yQ?y#{!GlBKXrC;@
zkLcr2dVqH+nAgc`qHN(fHjTSKplDB2R;Omu%zRgj8$(1T6v5H~1H;$9Ebm6`n=S+o
z(GEG^d9FHxUlxskn+z$IXU+<j|INK#cEHJQD8FypW?SK@Gvpcg=C{%4KTH3UKkVZ*
zu*qB4yEfNVL1&IW5Q#Dxi8P;m{+2)?5O<+osEa3)Xj0f_rA~zdX1f}*Wh%-GsD!?9
zkEnVF*Drd3O)yk7P?l{0c4GbvSpS(bdQF{Dgy>*VK-fQSIj--?#=sQfIG@Z#b_irw
zWN>Z6x!ZL^x}>1yV1>P`0Pfmsbg%Lv#xc-T{~h60Gi;6fate3pkMXKKS~;6+>Q+q;
zd(C_)#7NF(AELA=cdHm1#*-{)i)izBIYmoZEGD})UYZ<0TCDpQ1?KP8{Jr0}@=!83
z4Ns|bM%~30Us{3__}-)LW|UuYFva9pyEf5%h+7=IRt%4iO%PCd-cQiydMu%$7A`>@
z$GnU6R^x}Bs}(!D3`Ry94-|H2&a=^}JupF0*Y%$STJA(z5TaFReG&CqAa+PTFEg&;
zEe)WfV}pi2bCWiLP3yF5FoAK7km^C8|45G@=;T=}pZlxEeaMwq;pr%%2GTiDb`xuP
zFEss(K<i&vhpOD8>Ywb($Ve&XE-|F*u!=KK+wbI5WT05#_6a8<UEw~$+gl*>N_ODR
zdPdRUVC)8cH{}_z3;c``!@xMn7bhkU(K&*tjeLk3l+S%03<!4*be+R<d(U`x1)!{>
zlba5kLye#=^zeB`!VUWljG<>67>QsgeF#(!;l3hxua71(dNIvc=6E(nl{svK9>Qr+
zjx-dFq^|Zak*$*_774q^t<Gio-g9jrWul*Og?RX>W=60Hr?@rC63Mz#FIX|Ym8s~>
z44^^xNyBRLc#q2hi0$B7<PH{N8ZKB+^N9PhQ~VD^)bi<-Gt6kN^OtBg={35fqu;!j
z-#)QPiWx8b-S%4tGJzI4r1qs$6Vbc%G*k{)*aqoV>~c<5!ZSYvpTO4sDS})ezie-Q
zwbgGhe^*qL{^vzSP~Xw`D*@No#?jo#+{IY&>+MAw(=Q5ar~l>Q{Lg!I6u($7Kk|o3
zi&K$RQS;Am6*+m202E!x^i)z(X-r~@(^t7*1|!b(Nt<)qTi*L2G$}87p4Xht%+*c4
zTy(?!fs3|D_U*4v1Fw(wJD46ECoFYv03RGT&rty5Zq$<!`E|k3e%<U=Z;H;>3&E`%
zrxGNvZLmRG7I$(^O5{r9MC>SCVv@{-wSW~a$i@I@!QD*Rwqr-;dmikZ2>t{7iCRQY
zvbg)M3b){kZY2f_z^^2W9D)T{86jAfWG%MVky@*8JSmY80lZs7U3%n>zMrq&)kSrR
zrlcGR1OxhyHqT5LnfzArQI`^r;p&L1nU6}G?1{B!dWUPo@tSCsZliJ%fEfR2IZ%yM
zT67iLKG|8^4mDQyh!polRr+Y7+&`0iNAt8b+w*2J2d5Ok=No#l7sc$?0A>uGR`Q+i
zf;A2+j8%VNJ`e?~(WLJAI#WynEFJkeiWvzv69k6}!qoddwqJT~tN$E}&gbW~;uHni
zymCPcpX5&0zWQ#UvwZZy+J<IGoBDm!LsQ>{k7*E35RHk^E_UNTrXfSodN&M@`4Gys
zXMpVRB#SdN_%S^v<}(sUJPd<|SN$fVPBazqW$F;3Ob7pir4BVZH*=}s5~(4{pr};9
z-M7%HfM7gNebzU`Xw^&GS&*J#K7~VQkTAJ&wk>Zl+tz!x`Y?QYU<h}Ju##eaMis9z
z?tJc2eY950SI{-=LQPc~KRFaop6B=Q&t3FR;j1X+R|Bm1+lzK2|L4!Dq|H}i^<Nb5
zFH-n*L!^`OUu5u7?bH=n8TGTPP>^{F*pO)Mr)1gp`04rFPy>2FkU=wWy;LKAMzf+0
zDM(IbYh`Dk*64L=N*jBEz3I^tHbXtB5On+P=<NL;ysvmqLp^+5E#>VEPL8!mydG>$
zT@S9;@0*8RDK)+x*TCN_Z`=GC{Hl^S(N^X)@^xe2%mUgm@amhKG+Oq<5)rnoV4%%R
z>Nn{hveGY4T&ALmnT@W*I)aT~h_b4W&L9PVG9&^i`4D20S(i`Of>+7xq+c`f-!G?t
zpuE`pn0qisMRU6%5ETPVL2d@gO8VgWg7()N>y(I!0sSn{7G;rF;7ZNc3t&xd!^{e|
zE(7-FHu@!VrWQ8CqyXlIV%C@UM3X;5zyccR)0eE7>C8oPd*=h5teC~S&EN!<lABy~
zqRD5S3f|0kKbD*!0$DW0y$L|3li0B4z{llj>X0WWx+ILt>8Zp5{qI1NWu9A>nwx+x
z4!~7*1W=vh_}s0v(Wva}1`Vipmx~Zl)OxFu5Fz_FG-&GJ5p0&ksr`}JB7$6vz&xBi
zTb48O<-(gaA!wG0R>2+v`rv;=_ckkBQs~f=rxPZxT09zqIW3_4QrASUcD}on45Zeg
zvd5rBQ=2d8Sh1W=WXiXQ@uvb|dDDPs>(YEAbDBw}uSRa=QkzT7Cn?vpT3n*aTC$j*
z$60FBT3WJMQJzw2`j#u+2R434Vd#2)wSaUmYNA!3w;xH7^CJxP%`g6%Wde6r>={P5
zw7t!n1;0+UmeSwZ?9i-DMNb{j-=P*ogQ#hb10i*4lCyqYw}d+Upfsi-t&Atu@#FV$
zsbG3Rv9;x_*qL||lM+&iexW&n4PS>p)))>WRMMb}Q!Fw~T4s^TbUgRPWENtFT>=`*
zpa(~hqqTKemTD|`V3U`e5EKM~b{n{P^LpO3D+L(giAan;F9cJPN&@j8J7N(EL`_8s
zOLDwO*t_4RVLdmE25g#Xx}YuKRupr!m%;n7^W9wjk5Z9(bWASpHN8YV{4|s(d8G=-
zX8N%WE3RseVTIr}f;~X(cuX_<N^$hHF~In7vp6LtRlU{hzZ2+Gg%N2%75jSA`ipkN
z;%j4z@3I^WMD2pu)rj>axzT50sX;A3*4c!tAwntyMgg!2O2+hsdUAT3THi?i?0-`i
z9h*hbvdM39Zm40+v~-o&7z(T7%3)n+q*%$lm^qe3f0V-+g*o0IlMivyq|0O3B)e7J
zko~UT+FsR`Oe4oESk|nUdEy2SN97jUNSm4Tg!LiAl%_-vGF?_hRcSi8#Y=*_%g`Ch
zmB|=nkC(u9pzQB6wVOUb%tdfZoSnZWMr<{=(40N1_Fyx`(xv%Zir{$`Yq$Y2n<7u)
znV;qsJ3D6_YTj6Ltfh+&Zy@}d*m%PxgWXz%UO=^QHC-nIpdh{pyANL1+@Y&V#1^UY
z;jX@i(kbx+A%dYyhY6Jv8&V4HTgHH!_D*MJ4veTY*oHh4lZV2`5YSd?kms7!^zQFz
zU&+ofT8NHhUW`898(mP_<7#t8>69ltPEGMUxpAYCXbEi7z@dZ1X(?Oybc8oNL&z<Z
zR*$QZbRkrGNScX@+DWbFSaUiw$IS=F3XuEq+iW5Mr;iVi)bljAbS%JjH^|oUzzcT!
zk&^}nXP&O<&1OgWx5BW3$j&vB^!6_HB6e8Sx$?bPC64gy0U%Q}&j4An?0&N~Vx{?7
z>|P+DXLJ54a$f3AI&P}3FXh))!0bVNkyg;yn4~ANGt1Zte~P+bt08ch9H#CCpfohd
zHXR{tAUwlHiynY!i9SG5Hw;)DEEhCXL#e1n7reBG1BmpX#ao3U2o2t;k?Q0=E+c$#
z^3bF`lEsJ=d0ETlxa>gLPt5N%%Dbn%G|QbEmUUMIHA8Evu`be~$IeQf4>)zy%aM9R
z#LEvtD<Lww<=MY~b+i`V5m)1m6vLf2{QBC?sIW;}H~9cr8=sKo;uN@3B{Kr=Ig{^^
zn}33-gc+J4*yc-j9;(Y7O3rA``pI07Zi0M-W&q)Ih<oyHClMEsMpO@!nz$pis>?NL
zaD{boOI=kJFbdP@-wkn=A{NLELC9v_`vKYe>&p4XPH^S%vBCd#!8QFJgY>cZVdwK%
zof&UHhcHI`IVyxZd}faMQb`hC-yHr*miMY)Yx~%;Nx&D_p|ig{JC}L*!x6W&qxA==
zT@Bv|KnRQM=4Y>{*_O_B>=1A1YiaN3%vY{jjISSCQ@PCEsW|pkST}t%8U|%VN`8&8
zJ(HSn6?L@nZSuD7F_ci5GS+=P8(@5sqI*SAfv+>BXb&0mMD*Y&=Ct?|B6!f0jhJU-
z;hvkYyO8me%8RUf_;C;G4Zr)rO}R_%9k9~`N=6@@FnB=#xdH(hS}!4I(1rF??&p<X
z%WCid6Sb6g7H%(vn{!x$0M|14>O21W{ta)Q^@yaGK2A}jCPd#0`XgePo(JM~$`d`u
zKc-CI3pM=hp8}VNCk2bl*9<HDbs_ryuXC)lxufG3$^5I4f62`M(#5Ni{z)`PJ{OXc
zX*FpfOUc6_e?isnF@G0E=tHN9)w9@JZ<HEO-&{3u@k@Qmukk^_BbFEQx&eO5i!^mf
z(a5Ef7GKC>PjK|P+jcbne0zVu>cz%2iPdx4Eo&db>TIT=PPv9OzoghQ12<m6Uf1}e
zl`>IPPcsCj+AWu0Yqi~C?A?X%D_cw9Ve01(!T{s}uaH7Bh<%KC9dIKzohx`G3Ufai
z_{%z)OT9RKl5Os4Iejr2PtATlL~l|CdW>urXrAav|GaG>xOr&cHB0M}D#(XqRh;qR
zwtCflnIJ07^;><)U(MdZOEPpengEIU+zDP4P<2YRm;~N<I^Ug+4TsiB%?!W%+Ms^V
zfX3+b)}Q*pI_ta+G7ics3bMlV2VCxv9h<@HN5xl`#(LN*46Wlgm72+65L%}6T;kI(
zq9?T4ldhGwt?k4%>F5K-!923n?!U?Tu`Us}H<kBWjR|AQZcs`uIICm7D|3706pW&@
z2?tG{qkejT6*#a|sh6HacT|y8r7YTdaF&y*SaSmxl%O|o*g_vsQ3PqYv|dB;26R9-
zWSQq3*;WMWpDcPRJZMm#A&nEf7tYh4_!VnoLeON()EjjXQ}J8s#^LmnC;Je#$eI8F
z-(RfcP4dGz>eGkub6`bn0EGAgIirm4*<*ImIq(D*hUUMEbThlJ!AUjQ%}dK*qS;d%
z$UzNft~m9e=1_g`U42uPVEoZ~`wn75Hz+L>Ev-d6e5wt1iP)Gks08hU2sLRzZ=T5m
z@xGW3SPwMGz=R?nE)~tgDG=N5_&jBFVtbW}`b{#J7H1e(5CAO!FiPi2kne{DH24Zc
zB8iaoUt2vj+J!6w!u9V>-Qhg)kL-AhLfl~C6o&svY$5&1uhYMXt@z(=cK#Q{_CKKD
zs_$U@e-Yaz<*)o0eq`>2Wz^&(RFFYBzDfZ}<Gd$vc|lBiQkeKfCcl<b7i!71O%oTW
z7sWTwmz@C8d=W(7pS<I4CDcvg6;m&_^Q)YX*^bwlZLTkuuPHU(l5g>Y;Rk|=D!^>*
z9A(j+eekXJ<$j9@iVak%i)@vxv}seQHUB!AM`3tw+*Ob6@)<4aQM_*@GYF-x1S>r2
zWrR-SeTS9|+IDD)O@bZ97F=9!*f>zowNk}_>@ZnPevIwQgoA|DFe@K~ALB#;fCo2l
z7@*I>i)fADBSOdcqt2EQ#!)TH<Cwx5hgOtUnRHPfFzQstRThAb95f-OB-g)Bg(61p
z+RqMlar!MvEj~}w<4byw0igHqg1mitqcB@4MCKBbwWo?)m?{6{M@yy}q1SFK?9itu
zD_f%Zw-45}V81fib)cPZpOoxURu9on)S_Q#I1}4vT_vbeV$pGpNp>zH_prH$4`3?*
zCLbr}l`Eo|P{k;1()+C+UL<yWq%Vi<5(x0*iXM)$V>6PSx(pgFI+%_0O1p~$w%#85
zAUtZiC`oS(M;Q)20?!N2wW6}8HP04XFfhGk-eY8TO>MexH0I1D6s<HYoXFb0MU-!&
z-;*`d7<CV8tIk@*JRk<-bF79{Jqj%>I;+KDV6M@>`vuY$XJg>U$;F^w1|krsFUrBi
zDd&Qtq=?aB^UF5KqRW^@)Bo-c;uh^07@sN5tur57g}(icbU*|>d<s=Xmqa9#c?>vZ
ztckD6&p!={X}xKlLL=c-s}CSsI||!lsE*Cihg{&9;jynMwR!;-3AG4Td1tig>>mU$
zaE>eBmV4bY?~SN!-A*OBUS_5n=utq|I*D#saoR4=VD)FA9?@RSaY#xSpP;nLa!xc>
zH!Ecb(&jT|3}^_w{xc7?W0pI({0kx_e+v=e|M~3q7exN+Vxmat|CQ$|6CG&qcR*1r
zG-<WNLnY!OloQgyq%6elFXd#$<G&=j&AsiLkefXybaCjJ54?hI^kXYld>Y81kOoFm
z7nA8p*KT%QU+)hf{3ugQpg@!f+S7c>a88AqP;T?HYis!`2~E0W7;Z~t%KnXMtYR-3
zE73J1EajD2sb<w68m)<Cc*6UuaPGX6AoY3HW*6hRrCAyDn@Z*t^7E39z&|7dOdG}m
z^l=-+f%VJH&_tor;7nRX_oWNVmPs_`JqVh{;wLkj!tz_l&3S*i0S8y;u=+HgIWR`x
z8guLR^9FnKr)TaARWD?Y`a*zG{hzTGG%WrET4aHe^Ho@_@7+QSzL1Xm?HDjbfoQ5g
zMLTQ3>Ks9&k@_2QEe;7cXTL|^7)?prFovx+=IBMx-x3H88IVMsQTntu3_X;f6Kc~(
zbB+_oazv}YHf4BHMqH%R@QpgL!LNZ2sGQ@FqDNAq>CwBGp7j{j=!lTj#Cfv}T4=<N
zb`koN{yI`fdtqLNl4&NA3?m24ot|PyCYpz5;x}Ky+O~*Bl)(bQgRdhD^YaO-=HfSa
z+;W~5@R=I13NStJEG~4=3KO(LNkMKnLFqUOWyrh&y+o<q<;B*XSIs_{P7Mo`He(Tz
zct&Y+(}{lj!UFxaAom(HDfEt?$Wj*~Y^`^9Kj0c76=GGfdOiq177ZslV7E@G!;IGt
z2>S8VA@KXRU5pEDPYk#fT=`f%)Z*K@c%OjD6e-Y(VP|~<cUzo7=VV)*BX1v0Nf!)G
zzyVD$Gm(L?^liQl8mwqPUZTn0`7(VxN~TvBUrQ*h!6<6tL1{UL;^ZS84b7vY8fLI9
z^R}3)ul#g3p+9#!Ptr3vM4ZxBz8^i#G>=wHG}vJm)bE50tATkb;bz5zzu*iS%6j?>
z%bL^<IwW2KxP~At2OW|Q=_i;YKfwMW9!LTuqfLF`$M0|PBl5q+&;Qk3iWH=67x>`4
z_glr!gPElBycTfzBs@xol2lOO{rJMyB>36w)?0~OsXVQ#Sc7<b;m#n!fO&u7DFe<$
zC_{B5RMx!jL>g>evyWB|V{*Rf7<2^vylJmBuarp2bjYl5WVuDF7>~EkG~&QTb+4Wr
z6T{+BX*PI$D|Kq8S2emw+(#7<c$CVjU{fTGiYYeDWD{`I#kzzAkNVIP01p|05H-^)
ziXvfxu++J?OO{>rQCNtC=#q~swaTyj<CP7)Syl~hD;n|P7&A)|8Mut|TlI0cI56O2
zr@7siN+bv&Pkma1gXb!y+8Uj+Lb|;r*N4pbkzaYmHZ(2g-1N{Stqv(<>jCZ2gg%T<
z4dKup&;Zf1vh_OUTYdEc25}iPT#I8;Ufyc43($Xb(Z#RarWcz5uld-f?LWh#-bfC{
zyr~H5jmf-8u2qW#Npa~md=~KkCa+B_{t~Plwyp~5@4E99Qq_dnp;l8D5`}sF;<ci>
zl@ZYc4}G+k!5Z=7p<6cx?nbVb3}F``I}jlo(k5um_8-pyWNy-Y;+MOu=x^O+{|g!Q
zuR8kIn)g3sRK>pn>J&AaD=o`FA)mq^=V=?Me0D^aegH^GL6}l8y?)nsQAjp-OkMeZ
zMVLc*B?(F7hw=9I7zrKQsDgxt1&3^9d4AQ<w6+CX&zv5hR6%LMaJjpHVv@CfofH*G
zEAbf*tWXzCu;fdQW&dpph?=?+x8H5x0vJ-XEkq-aD*3&)>6r6@Z^6G1lc_q3n>w2b
zE<<O@{7Lg_pGFp<Y7k!DQ)h;OM;!A-15XufwdfS8k>;U%1kX+a^zkDWv`Un!;eOJa
z;RpB_X905aauAB#%p00W15ym8k|d&Rp;~BxL^qM>ajG~8c6aw6f_tS8(-}PW0<Bd$
zH4$m1IkhMsn`4LA2$aiC*g~K%r|~egS%-UtwFpo2iT%mF4u#GG;|z}!eX4dD^zTde
zZ;SU?jB*WuRF@)2KLu(kLM_3H<@ZwLvOHh}4qIn&$;;#wDWrfI(MgPmdd?^F1@LX+
z^f1UNb@y|&9);*~UkEnjaNugu_177o$&SJ4B*-Q_H^9!RK1}o`N}@G#4P=AM^Wh^+
zv&jNLRRi;&nKy`(K4l?F*h+&!re3E%*O4JDR#z!Ym5*(M0XCWM9NQ|-#d}~=+L;Wd
zF0qWJuCd!PrQyj(cRzAGrC!3YzY9i6IhmsmgTrf<Lk}fWCK_bmF;UzF7bMwky#;FN
zR|Yg(13o~JDuU{?we;z?`;>kh!jTW3ToByvcc-@kJq$rc+6)VQFI$o*SASFPj$Gw`
zAZPddnRyz2w-cr%JGwxv+*FyySZQGMN}ojrKqeYBwMS|}oL}@2M)fWv?EWmixpwiI
z-iP&lNOeMc%=^pFgIb8b;PO@MOujrl|9-;!U-RjIqh%;bfAMK_ACq=tV|DUvLJc{7
zGYS{b$P`4x`O-4;-ojuZTfwwO$>xTsD^y>o%ue@OG`d(b1FqMC$ZIPq@Ss>y6GqPK
zmCie^naQh~?QNfLY6I;M(>L>Q7SU$m7TO#z_QXkd0Qjk5=*;qC4&k0T__N##%4Zdj
zJZMzcjQ^*!s{qO)*}6c0pusJ;ySpZM@Zc8Q34FK{+}$;}Yj6+l1cC=mg1ZKn@PF)X
z-UD_w*?s@5qNcto`kbEIGt)gi_nsTMRV0pDS12-_3njGtm<-NuM9_)^M<ze1veBKQ
zC^8V#ua9FU=+(#id?U;$+gNOKMiQoJUdXI<{1>p$aMKJ{{)9QFb0(}O2K&<6E>Sv7
z+seMR<Y3B|^XW(v^AQVn=Pkf0cL@_yS(5{ahY%Uk1{v&8w5kcMF@b#&V73)(xmNLY
z&T<o(&L67v7x6lz(=3CDVo1@%(HbIMNZu{hFnC|8)jfubm26R)8*Pf1AG=;N18UcR
zAL?yP9(f++Tcv7}PwLDg5Ebg-f9Kj#R@iwJEnp#3)X&hfpKAfk9xEnmW9ZaYyi$4@
z`|j17H@Pm8Ypm#gZ9(etM5Y_TWlkuI)bY-h%Hgzfoph9>-kId>Fa5}H{9N5*Fjp-&
ziHNLu&3TANp`VIfEW=w~n@6(0NEKwx;;gp@-XT~xZ0{f2MkHgB&F-RVgHt9Y^4;t%
z(vK_D&JCsL&Ygjeoxu^8S6{q4ZGVB^k;Eh&vAlB>$QB;SGV_J;TWX39o9M*G$$7Vp
z54<ZP@ti;sf==LU?><uT0V>;>3f#Jr(HI?p`QVZcoHcfM?_$h!s~!zv6ASu=st03(
zRBM{8=d&D1uhoUvIT^{~QI0OTOD3169acV*Nck(fa`Rpe5CgC16Qs!_LQBwqX&A95
z;N5*m{Ha5Fahu<cE>o_5t3kn@z2@W&yzT>kdfh+&_mljer}yYVz}RzC-;YvrTz2wN
zkWc&FGu*|9b<0W72!sg;h0SvmRLhb%vN~gV!@2=Td!2spFK8S=@L;TZo<y)r$EYOL
z+w8bJOJhztKi|4U0HL?kCl+<Y+Q^{pZpRj5M^%=q$FIf=&#`~s>M$#d3B$U6CY}n7
zEAc+w7eIt;(m@nM-x+K9D8p~p<VL_5TIYC5+3heW;@yM`co8mqwl~jYkV+d>hQ1|v
zypGnU%?JWX#%Lf9(vi=J6rYm`De*Hh9Ea~(I>E=ji}G65xzS@*i=shgid$DG^HNps
z{7Nn!3$%q-MuAb$e0Qo``1+)ft;W#I5Lb9kI8fW4NJpobnf_>)BT*2Ajfj<4yXtu>
zm>4^2>VnbEJJC%NId?bLn%?uMOYDMzs9MwKjvDHas(YLS#Yk@fwgtTBL+t)Q(Wr42
zX{fGKap1PG5YE6<H{Zfw#jN2{#BdXqZy9IL!hBkPF>Xz)zth=bVsdN!VB$a|M=8!5
z!39`)U@Qh(8ozMyw}u2X%Q=sF+uE1n{03oI*<Bi(-T(!*mc^5`*9q1^1%{+pWE$p6
zcmbZL2Luq$I*Hw69Iuo$hzFfsDcA7kgfQt(8@n=@%&jFPPtB;BQOAenZCt@M;!rou
zbby-1ae_b2S0DOq*>Gtq@4XFNHkAGJ)0@=4zp@kouYdCKtxNHb*Dz%jbcz?$i|}aG
z8ZfY*>3v>6Q9<(~S0Oax&O}$t?6S?$?r+{4@FUX&B76t=4yuXgdeDV&{ivIB7G41+
zDJT$O9vG?qft~rw2hREPgA-g2tGPg8A;;x9VR;21H`OGAaw2n^3AETC+d<bpro0qu
z)hS=jfjHRq5^;z1#OqOer5$oKV2I?!=S*@QEK#5Rbm1~GRG`pMJc<piE^GQ6xsR_p
z$<fezMCx`L=tg5Y=TZZV^L*l#JqgUqH#qp!!-%1vx+rnxPSHNf8-`a(3t{qxWTF9*
z+z<tXApl(57l?+VB?4@Ao}RO9+ZzE{QYLS>W-=&gbBKd5Gt|#Ne(IMPeM1!|E@!o~
zEKEuMN}|MjFrd~<5xTM@*LFOH@lr#0gBN{*vQ~v!Vs=R>kNKn1Z25Hi@#;zvdyez7
z#33Ai_0VA4aVyX@s3g5gs~nOE?L*yXC+&nNmc?a0Y)I*^>%44nl%caq24lkD-~{q0
zPz@(}l$V7Hx&z4(24cyL*Ph87JWCFhlx8&-ntzmXS+zbs*W_wkz$wYv7E+i5eNk*K
z;m|-*sHhscG?Uf~XeT_vIYj?VGI!}BeinLRFyXGyhq>(4ah2phQnX9@`u*n6MU(~2
z0H#0?Le18)VxlrqoS1jbhyk2MW=}6*(TA}jaG49=$1<vg67tawk@#N5$Ya|v(W4Ra
zqi>0_k6S6>K$>&GqTUrm5NgTy`8b`j41s4<(!?rK96HlWOYRIC;VZvOgRJwZ<iK!D
z@-!NsYCmUx{I-RKL-h15{i57g*LZ_<inVvmHidvPWm!}~H{oo6I|y?h8<kM|ly(i<
zaHa16P1I$8+sY9<?$LX~93fm*P(Zt-N30=aqE;1F$8@B*{wD<e>a9!vt1tOCtc=~(
z9$4_-@K28e{IF>(gvXo0m)NS(ZWrD%Jewmuz-RNsPhY_PO<KqA59L4B+G?<_3KNMp
z?tS{ZAC_SV6M6|=fD;ieXHevefe3<xMtFn@Jo1_&Vef0zCmWLVICD!MrFvO{<~7-0
z!&a?^7VDD$6Q@SKYhT+q573wwE!YK2l)S0iotf~xPUCja>?43XyG*p%<NR{z`sK!T
z?TH1R%Q=BZu>Lzg8h&Ahaaj{v?2;5igZT13I0e8HtoeDv{ECUaqGDKkJ1ox{gJzHV
zb|~M$2uObd3-9v2{3C47u>KWV><^Ox+Gb_ki?ERGurA3&gj(s|%mXxqsR19grnPOA
zVdtcp!#t2SpcB1v$0w2upd)2LCkCV^%2wi5H_yizhW0PLld)aZKh&(7sSp%FER~#Z
zfnh&t8}vLAcT1keWm1PfZt&tFHhl3CvAPqZxGGo4*Y$1g`oUNz!*#6+#(BF)@E0?b
zI#XlGR*XdYUb@73xv%-KHHmm3qMm-0SUx`Lc5X1kvH>>WzUGEg7)-OKdPK=YAre!_
z6*KUj$~~Bl3WyupdNRtvSioS;?2!Sl5<mAGq{9LSmr+$ctc(Sow$6m>0T-fqUL=t*
zmWE6~ovcs6(;=DZw%pH_o!g^~@M8tfrckiZyz>K05y+OnaHAQ#Phx2#@^YP5#Su!<
z3i8FVD#2rMMX7}%rSUc1@5iunBsq<zg~E_>%5?b7Z3%&C82E4}3gIba3JCA%;&NJ=
zCJ3U8Zs$IZ*Urssl=Kg)#0-rzgt2ajm1|p!V$G7bS;a^OOwYzGgRD5ATbQtB1?G89
zTb~zjX<=`!Z!kTI<Y;-UtexREGexF`ln?J4qG_m%i_VB0vd^TIaH;ZE*R@K)#MMhG
zQn3hEJu?eN*_uX7H{Xat!7U}MrM@Ikc~>Bb07fZKJ`NIk)d=9>XF%><BP;pzsi=Ws
zG*(|1jH_4&t5>BQfrKbZsX-Y#)_1(<bDj(m&I&vJmb4M2)@A-jN`*}tvH8i7EQNr$
zOjTK=(jl=HSZdZ+^eQo`(~?@oHID^Xk+mprOg2r*Kk=$~+lkM@d*z8Um2^rv5DT7f
zNafztGYl7I_)>6i@o~+xD%cc&u@UhLIO+6<jn96Ys9*Px5j2t%?=K94pL!7jlc28h
z+^C0y1S7()Q~{*AV%(bmFg{G1-#<LNo-Pe?fe0o~`EFp{oRJeHNC<&iz*_7nrrM4`
zI6+a<+@oh~TT@<|WZ6!7;R^`i+JR^{rts{rh0HAFH7N__AEgig?Il!p02JFa61yQD
zv?x~QN3ZGx(_`b`sj^$_(5xJ5aP2A)jx~fp8Td`i@pA2Uz1e1O=cUzY#HOSuNaN)4
zG97EqTq>#qDm$mN2L?Fg20C_&wi)|pE=Hfc6*23PhUW%Xep^6;tJUG{#aKffDyf@_
z?{!X!HJfOb0jsqJZ7BLiQ@8-;klmKYO9QTne%KJ8`gtfxCtzzrE-mN=PtpB&!@C(b
zeB+D^FK<|zz`hk)DSP06x$+Vk%*%kS#D0NZVYgUSxw$4&p~C@c8rtqa+RTaqRo{Q#
zT!G^2-lqdzMFn6qIZ_7(6g{g8t7{q}@93y6FQ0odmh}Qw&0Ct@y!~RTs5R-A4b*5|
ze7N*qh3&M*GC*eg4y%wjJPS=pbz8zf;YJ5uFibk;c`3;a``b1ZH+*EoHT3aUr`b2%
z@aNK$P3*YVe$jYs*r~wn^rENe3<>@y*)!}#-bC7D(a=T@m-T||$~P3;cSR{5;31!S
z+gp?%p1|XZ#xRwPK^5^RRJj){y^9cat*q)~1C$?LZQGLLg)i+!LRpV?Gn$_o1eQk$
zytE;s>_WsW%sd=pWpN&#!Stfxu`zpTiDz7Cs<L^GTqXQ^#6Os0hj>`{i}B-Nx?{KD
zS=>hAx7L-U2~l+-2UpeH^_J!YRs~7G4FiRuD$c@=l2X=Gz(lAP1{>E0AsN&X!6M|v
z>!Fq|F2}71O=LKv)siRQd9VDb-Z`)~rHxi;U^7XvnLp)2rQs;qFS=qc)@=1g*yqk!
zA-2~@WE0EER%N|Wzv73!TFRGZ2&BTmUqXSui5;~ZCC9x9y^+-(nN-?3b?2w=WB&e;
z(Whees#T<t)=lC<L1(t7F#4heZudskodsttXT3@QNvdpl9}h)`g+#*g*u>8vTavmr
zEm$xf$BOA=fbGFs-1yNaOz9Izb#jLT4Z;Q7k)kZ!FRWK+q-?<qH$%nZ88;<+S4HZ4
zEaMcFI=N$(x0o~?*Bs2CE>tpE$){4~`Oi#Ogfi&XD2$aY-}l1R`nkrD(;dJBG*d6X
z(je>8e>z%1w-cXZaw_e3DUm9dnY%8R4YoRGe8R+pmq<0nnuu;QPh`PBl+u7Y05Lvg
zV77p(nzDBs^j;`FF=)PPi6k4`n2DOS;zQ#`@Pt}vjCegAT4A64NO|n$$ujciHQcU+
zMGv*ql7TMM={^Iz+G4xJtbtecG4ea;U?g72IF-?Jc1vGnccKRBO}aKC;!N?{<cJeu
zN}q+`R?#hlYQSQkQKH21DzD2GJ*jwW?=Dj(?+H)?CuXYcsp@Vi3}Fzldre3scA?8^
zFO(z~o)(xk!j5v8g^4hUx*^*V6Sf;M4FGjDBePg`08KS&BO%-6iuSHi!O#qw)XZx@
z`(nuSDc9L*GY>F&+QdnIBc5;qlFTOOpjNm+%)<w&YRC0hW;zC9Lnl4g_Im-LCz+O^
zTj<b-6MH=G3h}n_rvmk_K9)%51+Y{|lX6;I801Z9QcX{;)m)2rxJ_zgGbfSwZZJyC
zS4(1hiOuVZX}iB6nl7{+-$~6P<*ZJt2#zP8gBEmf#$Od7Pb6y^kdZPC$<OZC55HJn
zjUt%Mq>vv8S=<jH(yHs-_m|8nsm%|KMP-<!nqnLXg(+CSSiu5SfH?}r|41dv+h8WA
ztS+N6ztUdh8Yvx*XkWA$@|*yZa`8YORkETtUD$I<@^wtNF71ruWG2=Mv+=^3ahOAR
z%np;9`k<vF*TLyx$g@X-uTl_OrK{L%K(pM40s@m$9Gg@uS2o1)j?uo1p>9K0CrP*#
z64T*yDQDCLxEy<WU{&x<QI8LnQ)xzDg4^YNJJ;>>r$INpFyTGdd+f=&W5ghZhsa`R
zERur6w)IGd8SzBeHTgrN28#S832M^zho&9%q_b+$4e5@$Jgwp7j1MgUwzGB}wWny^
z71fHU*(slvvGZn|CIM^$hJ_g9YQ5Og=at8jOWUa*o^{a5aE2X^e`-I%WwZd+wQ1?H
z?tf|Czh_8UD$Oy1JhWy`kNx~f#kd8d>)2Tw1jfx8+OYFbb+_v=He3Wd|Mg<mDPuNP
zFpqVJ{4;rLg`3cUc+llN&((E*;!9!4DWkxI-WKWLY?w7Q=C8Ba9G5&C#S`T@9SL(+
zV7YLaj)<hthT&Zm0csfPU`G_3h8Z8w6-|R1QZrF^vPb!2<X;(lBcPiJpLT7^cA6wu
z-R;SNu0PL)EM5L$D&81Wu|<3CD~na*dYrvvZCV%oM8T%S&!&Ibspec2{e7eDBq$AL
z>*AWI<9rOsI4;I!Zo6}7@P(}ZYy{%dd7q-#{q2;wgjW}5(+qKJ2w55RN2DL{+O69N
zO0hfRvHi+(>#HOo%WJGA5hvx<q+6Oc2eAYizbc*;;jC!(fPlR@#C=EnjLAdlO)qx0
z)L_tBT(_H3!dNZB*C9ShlAKSG%pN6=rj%BWxE}9=K(~`P_7dgqa~-b2e_f~_qA&oZ
zw5L`ZEONqyknV8~K9yw}Bp<7#$^AyFMrvP6JGo`qy#b@u>cdMxaI7h}$G^+aJjm;E
zh^YEPVMXD)bBf>@0R7@+zCNdUXq??y4sD}&B?W8p;p(9d&&1oCBLcT{iZuLI3DY^H
zmBR)|%XEZuP2~^DGoHAn&UK7NrHyHFI1syFwTFfdvE*VAJ?P7UuulPVn{i;ZLHlj*
zd%kS<Agft%OutMn#y8M1j?COw;XYQ&nrTXdIl(ES#BWVDph~GIvE>R7|E}Q=T?aZ=
zmKvy+{)E=}Iki%T)OC#);!HUNZr$UQDNua89>^;Y>;tAN4llYZWY8vGg6|#x*C6b!
zz=-8?Z%QGdruE2zDH;sj;PG!KuJC}U>N?fQC3KUXl5HnIwB{Tg!orj3!BcXpT2}=1
z70x+o!8(~II>|WQ*N0E=BC;G`e(n%FB(yn1;URMGrYnL=l{KMF>+1KAQC={Tyo5fa
z`~K9uqce@nVqxt}{o)nr<-Wri!~jvJ+=a``Znlj4KEfGV8lKT$A!n%D#>r-$W7_9y
zFzE}_mErXf!Ykr6mJ3^N*0s!Pz~u&R@(?Ls+}GKd?c8wr{U@9}XL*=2D)!$i6-#ft
z+^a_npOh#<l*V$MEPcueYzPON%qpJmi2{)bexw9&M)DU8bo3%R$wfQBZo)>3<PFB7
z2;g7}IYsTh=4M=|?F>RlQeC*=4EVwx*Tb&|<=)?3sN>rI^ioTp1Cftdm*esPMNto3
z*HtqXW#yTO8w7JpZ9lis^9pmoNYdl3!KR7K?Nm1wM_#K|E0_6V$R3o0MLSZt&$v?O
zga<E$o{>$zj+A{Z9@YPS>7$dzlEF48mT2I(=F61>XHC)4!e(!m)@tatR*v)f5rNbC
zwlg8|h93tHxcruRR^Bna-0G?CSDAfo#2;2T=>2%v71@;SlWZ3gabOO0H&G5uwO{rJ
z-P$S{VEjOAm~zDY+Y+TI6?XVu(xa^krj<#@`Vcp?;myJWCi+bcX&Af8jyU6kuFxq}
zHUij_F4*sMs0VweiN!J<1EYz3a;c$4P5>VN3CC1}=5T{6u$l#7o`Col^=YV&98+wb
z8TGY<>fm%C93W}7^{{;BNJV3R5*&s<AlXD_!$H@&WzAcCdEhtaOKgqsIVPU-^r;(}
zMHz|W;m+5Q0q|gq9VGM(f!s88%~&qgPKD$CZxt$W!@JWJ5~cd$T*fOPpQDNr+KUdd
z$88j|s<~H8Rr^nLuvZ6|&=ZrD&?UT&ZBf_6vZ#2}&Vo=YF>Q?V0BBj!N~O^&6<!sJ
zs+t1zvL&B7tNP>fSqqCOOSjbG>|?%hSv!xfJ)3!*QeH7y*rs(b-)FT^R;+8t&d#y=
z@q&_tY^q|E@R&Z@F<ZCrO|}vz*`8;k*`!CYhN4JQ-0>!*iyK^3c*`Iy3vz-+hH13%
zDp8bE0E=D#>v?BBY=Bsf?X>`xys&=3!W?pYdwtDo7E!hA2~)H<aqLH}v*??hB*;dx
zawWFU=fBfG&#*;q#DOlZ;9$3GieC7FDGZGz6CWG>rZTC>`pJ-;{zqlSWM(IOZ!mwR
z%c-L$!D-Xj0lD_7W1t&&G5Z-6S9y;~khMPZ=sLZwk)*TS=Ka3Nz-OT(HJpCL7NhEs
zVH!C9RR}#^!!1-?%PCQ#@(H(T3neg*jYWTNY#YH6k58Y&t*3OI_(XQEvh9)>q2}30
zb$EHo5}j)lYDKf7!vs0I>ih%;P1O@08fy)G13h%7EUeg+wW#D3bnL)jT1z9KlC<0P
zhX8bdX0a9NK#8^b)3|Bk#^z0uxY;pNP9C`dFOoR!<slZD_^@#~?7jR-mG_%_^A)jr
zP<q*@)XR8z>bt(ZY@>6X2h=Zb3Wb)7vYXPD>?LDxaay`hA9K2;pdB*wh~lV*H22bN
z&J0=Ab`S&izesNw!@{ljdJmG{y1!jQ*}wWN?um8k@~Q$61f+`MXWwalxhL}5Mu`3&
z>D9MNcfaq6lqi|pY6ZK!Lm%k%ZVO|ifELkit%#tliO|Nbt?~9Qzz8bPKpEAKfOHBd
zM#_rxuB?`t-F_WUW2?3Cn2+S6e0oeCu=cggC4Q2{IhM&67b6mhNe*ZhEfxpP)49{8
zHD1wEt+eke79dZ)h9iN4U(j;LPX;?1j=Z4X7!V=6jw!(i_DdOB9z3F)r^A|Nd~G5|
zuTMVcg~b0t`<w6^RhhM80Xklr@0pQS;B2bGJykF{BeAMIY_OcAl2k<%daGmd&Q>qA
zJBkyj*QKY~z|l7y{K=Fx8lFIs@4-!lG`L$PoK~TmXX&HjI20%#7))9kk7~3m+Pt^c
ze`Rm>rgJDZemyLV?GsKii^S;IE~~^=o#|61*j#3sGFDkVh6T(TH$DrvlObryvmLlM
zZ18U2FSIfksb32r3Hkd;O%WkV9t{bXDW;pF?Lxn=da;|eF4O}FHCIF!k_)wKQAQ*z
zJGZ8`Gh7Bb0%Z>~S82+sJ9`ln@+_$Cb*;L$UnuQVun;&e*iLAh$-1yy`gDv<PXz=Q
z%6nE<X~!*Z+7}tmyqbgJ8#LfewvBor3?<UD7BfUry^(OPcyibou-bGyI~<7HDV}5y
z_rtin>=5LjLL9^@(lslBmF+Kw@Q%tN^bEDbMuPh^kwl$`?uwR$6f&;L9Qw3-p8-XK
zCfe5@Ih2H@^o)Tt5%1GJlr)qO`tfKLQS2rs^*{ijbbR~}_6b%ZpP}Ap|N1%SJlo2g
zIvi&(+0vZ5Kg0*3KoztouB#v)#pS22rQf<M5Ql>{yRklYL^f{GZ|l-Qk_mQydAU7q
z$xBJy1;e<cCH<yS8>eX0U~6Sp#~8A*x`Wt;pgAul=#v9eJ-R_?>exPJvoL@zmbM3z
zQeQ@mtX}NwG`~AIlf#dkWu4>W+^e!}(iC0JBx4rWqslJj6+myx<BKYVv?Zj7<&xL&
zq63C}ucu`7M@B+~J)cw2kz=s(1oBu()WE8G^5M^g);jL?G6o{^j-p6d;C;z<mFUkT
zu~V~G!0n#om9eR00nCu9LFX0~EE^obGC!xRcuwv7dC~uSvE(81Q^Wn@R<SQ<yM-|N
zJ<ggPwFkICjCyD|^D&BzU3pu*-5E%0FLZLiSmW|dJoJ?KWVkmJlTOa}&LzH@!MYJ}
zuLT!BYLREUh-ZD(4U??=xnJt(fJpO90Qa>l6iEvQ_;kpZ;eE2ty3zXa7*kt4o?o7g
za)ULRG7Y}Ac5ar-=%F`)^R2{shCH>Z8+N))dE5ybhw||$MnZ_0JF3MJ`62%Ic{}jd
zyyw_DxLV)BOx|509BMMTV55JEoEPCuR>WI7a-BAA`?wzr<u<e?cWnaS5_17Hsz%U6
zV@|0$M8)Me^Y|d8rsGDiwPkGIrHKIhIU9GB5qZFnngO?7NOFa$0~^jxymonX63pQ>
zj!>g3trhwLjfdgTIbGq9I>*{&9+$-mT|&ViP9wE>l}AK43#U7u6Ur%xMV8G1S&fEh
zNXI3|oExqNPB-VA9q#-k09erENb&7@qwgEAn^w<)S&q*6$B+UA*c{fdkH8*DDVOt3
zF00~TLy_P3sL<fR&bKRjCB$?0K$KpcF7a7dUK68@fV*D?;)F1Do_;1X>v=!r$vfqn
zwcbr(zl39iac)<4f`iN<w$-8Uh4l4x0{FNw%vi`3g=%UWWj9xl_ZgS;*cK-fV=yz%
z0lb=NmG#aV2XaODVSLlDMf6N?Expf8&{qM5K7t0o;>fgb1djc{LfXNZe~?7rT(u0P
zQ0bRCe+q(|mBJ>Yn425R@y@-C+1{vTSosW{_&LvgMVtWNqGjJ2Eq<1X)J9MnzKP~+
zzVerYG#oS~XyG@8FvSR;EbG%|IG!8ekQDj%e%8_DX&>>%{QAw(hbGj@BIs3#wNpd?
zipeXvS8O()L;~}(IQUNnn)JwR$|UIoSzn1?=Ap)$x!}d4@SuIIrLEtCOihg!Vwzk7
zt5YJSFN6z=j<SNt8smNGJJKzbDhp@{#wb*9lc{(2%|dK>Z+r13XQ%|t4lh|eDk`4u
zIfrctQH_k(r$RWpLSvZ>@6EcjsYZ@n9TsxM6aAE9CBmb_Ol9bFZ*9_q=ThU=d#n)Q
z?sl5vq+SYm*%#0|#~`4%N#fTivw)=?-xGYln9>t5wE52Pn^d(}xyGP1EAeCKFgt<%
z;zxZ3Ik8<tE4W|Jc$>6V)*eBSlz4zvz%_o_WL3`kWI1tw*0d#jP!`WEg=dKR3|{+t
z7ORO%6xYC~Y^kD)k$q|i#4}d6B_|rkjm^R(1GU2T9fFn>v^PZ@>WahYEyAnoQ4Qo9
z&iS9ma!l3oBh?Q|wr!)L2$XNqT{W)pZ$B^u5UxGnf&>9^22QAdAN0WWt50-)noNHW
z?D>64O}P!}xs4f)15iqMf+;p<LkXx?Q3oAop$T{TWFti<J$1yM5o^?MG_O%dy$R$?
zK3nuAqvA(Cp2jz5s%)(C^~2Dzx8I#}*{uf(SDs%kk$a#OQ|~htPnHCAV>c<FsfFT0
z$-9^zhzP2v^$k~J%$Wuqio91^GUR-htlOxwWhc+?q2ri_Z#nqYP<Zz9ECy*Zp<`=k
zobjmYXHK)}hK!Zt+!TX#`gOGESy~AOnz!6TE8Hp&v!jFJ_Mzflob%&5tdQ<Rs`^l7
z;{!x+&ma|#h>NuYbgCXz0aUMEX8IzvX+Oivq`E-V$Bg=rR%`0g?%a0@M}#=|Nn(z|
zS|Z+s9<!{7%j)CujVN*^b|F+F1%x)H1c{3%3`&j|ntVd;9F>K0J<D9F7d0@JJ&3jg
z5e<N91_&NxCtaw5B9s;bG&<JPC0SJhdWt$3h6X$8vfgloV7-dH_`n=O?kq+U{HV^4
z6e1Wdva&Xv$djaRc>GI4RgHj(VZtF7@{(hT!IX0cBB0VxO?Uofq@M@`OY?U91aHGu
zNU>Kev!7L81f?`7@qAWZl3k-=Ik}^!GNfaD6F^aoRc9t@LIds8GEGJH>Mb%}-ZGuW
zqf_y0QfEujAwjg)hwZ5E>s4P*`NJ&;yf=vLWY%ytya40QCdFJ`@4h~og3{oMRPwdw
z^D*wp_TS)s9!Vb4WsED0%P*BeP+{Y<V1aqQs2@JczW6nS*aOqg7&j|rb8?t&^{CEg
z08g`{V<5X(Z;=;LhM^KAg|~g~-MDfHj-Dsr+#5qW#qYYOZnwi??rLuLDRF8mczJ3k
zRIZiphuBs#<x|PVOWL_yDu-r8e_s*V#4+*_?sR@~jxP|SpCIc6tsH#vVs@gjDjd%-
zvG6tRmZ7+fBw`XREp-8<{=_$U1Y1>kpH>N1dAMYiy>U9YDZYn8f%By-)y#F#&a9sF
z_Bmf6+}=K4c?ktS0l&{Z|7q;Ri(lS8))uA)dba;W3^pfHN`{CZ(eDc~xX_h=hTW1*
zlP9z!&t)Wqp^QFho1=xFwJ|d@ugO!m8*v#jyerV}6nY;$y33+9qIU$}PsE-UNZY+{
z=4}DtX#Yrr4uv6pSsLKWuFa0B7dGcYyO>bD1u?o~Y}b=ou1hU)SeDcNQs}xSq%J43
zoVJ3FNXGcO`lFMDan+eJvA}|m$mm-n>*@=5!Y^`f=!pGuV9;d=ib=nJ$tvr)P&)!6
zQ<&{XX$u`@s{a_|#2g{mZg6?y&rN1_cBPZ_s!OCWpiHr-cCS;V&NINZ_H|Xr)e<rr
z)HvbxHUFy$B&M%!(CR+oJa6iCSjo1H>ikpVOw`)LH00t#nZ1#vN`^{C!?4Q6u=~>Y
zB%$-VrCK&vxE4qbQv9OJp+sI;Aopvqj^f=!^&#N8y*@K!B6^~I>bbmZZg{G#H}d&a
zk-pu*K6H*~GEKUf9w9A2ce=ZOT-%PcOSzoQ8=IL!S;IX+(4jfKUZyI^6EKu@nYeBb
zd7+2L+xr~4vEcO{?(OLB37Go_0OK22e;O7k`m51@SorPEJIMpp#GJ?hX>3MRzZ*dT
zWH8zY>%8C%x`LRH2HiGcfk2gX%SbtcJxOWuQp0ZIaFm!@DrypRp6B>53s_(R8&HH3
z!8YG+a4)Ca@%QjSu39y*V149s-Y9prW0zwGL5uE&qFa5KIR@J}$qiiCSEE*Eh>EU(
z5k!J-WLm5VBCF|b2qDV21|*O1>sIZ5xD18LA;uE35ug~yej`v`;`d4zRDxPXD6lMP
zlfGxc<5-3fD&gf8l??cs41=VPLBh;Yf$!x{Ta36#iZ8FM_cj#GvV)+ok3~*v6QI};
zBlk{1;v(Hu+PFNqeCFK)o?sI`!c!{aSCOvpPA-o{Y+emOkr|*V)=st@)?4CXmgbS?
z+Kkr|*?xOU|CX!vDsF7sXUz7L<E^w1!>UN|%bkMqlQYTO@X@p0rV?8!SMO`k>>^|0
z%frby^HnvONqV;y!Ieo!*nBnh{vcKw^~OV*vhVVK?%kVkfT6Df<~tv88jc}pn=-3$
zjs|!d(t-i2>FVF|qrH*snI?8oZb$!}{bofVaP-N38+}kPR1j1UC@7#TGzcN^4+I4G
zSoqC=#cUp!l&}Int(de3P@v_0vtU7+)qLPTQv+d9?=|8C{`yZdDSl}&5nv1oos`H!
zgxf|xh!O4~5Cbv)gJ7;>Zvglc{oTe`_ZsW|xv_}_ovqGm9cz=H!jRvCDf$`AZ+)V5
zu-37(G_d{?=r?v;;oD`%ts_|Pfr0_g_rZz%w{Q1BEiKIHEUhho__ihnHb3(nFk<PB
zr2#1{td0KEsoQ_~;ccM8)Eyi9qlJ#8j-Ii>Pa7iLX$AuF1b8*wQvK2J-wu?_Up2qy
z(?`EwrMI;KMyIa21%NY`HVg>JZ8^0cb_RM|h3QYd_yHqeVPSh)C%{rl#{>XOm;7&a
zfZsfNhk$ikFcTT*i4`Cm(+_mu@eGt3cvt)_fslcrj-8pU5Kv#i%tA*WD2d1T`%3a5
z{s6WX3^Wkm5;$D)_wY-A!|^ZhA3lPCGqIx+zn!fyP;%Hr@4wO`4?7^p>Jx4W6gf5o
zmThOa*8z55A<%!`fxkXIAFEU3G9c;_@Q?ByIt2F5(EsDNzlQA=SW24(J{$t@fu*+Y
z!NTGE1Qw{vVyk2JpNgapUExDcy>tb<zs-STO?nTN7g&${Z(Sj2VPs@r{ns6}BkO#m
z0UXEypm*u-L52W}fc-6`)a}FVk3wL#m*`)E-z}xicMn_y_?-D$@RvHa#{4!m2Ijgz
zPmoAj=;@dVnE>ww6J5Li%2Ge{&E4v-Kxh2N&Opt1{wddApT*r;iMQ2df7lr)q|i^0
zA71bGYRx|E{oS%`_a75-Ky}N%_0%6D09?X6tikw@;BG0D+v;vV><m-_7##X5g8Q}J
ze#8EonfSJt%72YR=_lB?rBxnw^KR*fTkY~6b_VMEE2v)=R(VKvS3(`=<^R|j=$`5?
z`u&6KpS(^yq`fQreg7O$wSGZ+XW9BUYV8ln?uu65YKi}_Gtdd`e@^ybjr@@0u1xFg
zM}Z%92I{B#&q?m?XFO!MD>8Y1sLqZ4Im7RPnLiPKeMoy(*^mFnSpkn{pee8aH`?D%
z@((@Bhje!}zi#CMf7lsl8sJ~k{X{(QA@5!NCWRlQz~dR{k@dgk{YUy@4|{M|dP3q}
z57O=abq{`~8ugI)ZifGTmm9tL*Tg^3xp>HXH*Na<2|IcGYu?{4D*nGz6L?5`H{VqF
zo~Pe>|Bu8EbF?2)-c4=1O=SIHXP|R_|0Ct^ck&$_k%ydjGtKVbxyu3nBj?=|%7=7!
z6MXIuXJ7FDi|$vxy_^5>{D)(K$1~8juzyYbORwIImA}m?`C(_E*pdI5?dKUL4?TSM
zll1*LMkD6mQvdZj@9sYReFm$XUoiY>Z~m_t?rvq?zG(ljGtlPZf6MT*+4AnD*^3_}
zz~dR{^}Ap3{PS(nha+@%v*va~?uVU$UY7rY_2F9i&N}B$OAiR(r<B`w6?zazWDt<^
I%G+Q62O#6pg#Z8m

literal 0
HcmV?d00001

diff --git a/openid-connect-web-authentication/.mvn/wrapper/maven-wrapper.properties b/openid-connect-web-authentication/.mvn/wrapper/maven-wrapper.properties
new file mode 100755
index 0000000000..1703626ce7
--- /dev/null
+++ b/openid-connect-web-authentication/.mvn/wrapper/maven-wrapper.properties
@@ -0,0 +1,2 @@
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.6.0/apache-maven-3.6.0-bin.zip
+wrapperUrl=https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.3/maven-wrapper-0.5.3.jar
diff --git a/openid-connect-web-authentication/README.md b/openid-connect-web-authentication/README.md
new file mode 100644
index 0000000000..75f470ce86
--- /dev/null
+++ b/openid-connect-web-authentication/README.md
@@ -0,0 +1,87 @@
+# Authentication in Web Applications Using OpenID Connect
+
+This is a minimal web application serving a single HTML file and a JAX-RS Resource to serve a HTML content.
+
+Under the hood, this demo uses:
+
+- OpenID Connect Authorization Code Flow to authenticate users
+
+The intent here is to demonstrate how you can enable authentication to your web applications using OpenID Connect, so that your users are redirected to your favorite OpenID Connect Provider(OP) to authenticate and, if the authentication is successful, get redirected back to your application.
+
+Once authenticated, the applications establishes a local session based on the information carried by the `ID Token` that was issued by the OP. The session lifetime is tied with the ID Token lifetime, so when the token expires the local session is invalidated and the user is redirected to the OP to (re-)authenticate. Note that the `quarkus-oidc` tries as much as possible to provide a stateless model for your application, where any state related with the user session is based on specific HTTP cookies.
+
+## Requirements
+
+To compile and run this demo you will need:
+
+- JDK 1.8+
+- GraalVM
+- Keycloak
+
+### Configuring GraalVM and JDK 1.8+
+
+Make sure that both the `GRAALVM_HOME` and `JAVA_HOME` environment variables have
+been set, and that a JDK 1.8+ `java` command is on the path.
+
+See the [Building a Native Executable guide](https://quarkus.io/guides/building-native-image-guide)
+for help setting up your environment.
+
+## Building the application
+
+Launch the Maven build on the checked out sources of this demo:
+
+> ./mvnw package
+
+### Live coding with Quarkus
+
+The Maven Quarkus plugin provides a development mode that supports
+live coding. To try this out:
+
+> ./mvnw compile quarkus:dev
+
+This command will leave Quarkus running in the foreground listening on port 8080.
+
+1. Visit the default endpoint: [http://127.0.0.1:8080](http://127.0.0.1:8080).
+    - You should be redirected to the login page at Keycloak
+
+2. Authenticate as user `alice`
+    - Username: `alice`
+    - Password: `alice`
+
+3. If the credentials you provided are valid and you were successfully authenticated, you should be redirected back to the application
+
+4. You should be able to access now the `index.html` resource.
+
+5. Visit the `/tokens` endpoint: [http://127.0.0.1:8080/tokens](http://127.0.0.1:8080/tokens).
+    - You should have access to a HTML page that shows information based on the ID Token, Access Token and Refresh Token issued
+    to the application. Where these tokens are available for injection as you can see in the `TokenResource` JAX-RS Resource.
+
+### Run Quarkus in JVM mode
+
+When you're done iterating in developer mode, you can run the application as a
+conventional jar file. First compile it:
+
+> ./mvnw package
+
+Then run it:
+
+> java -jar ./target/openid-connect-web-authentication-1.0-SNAPSHOT-runner.jar
+
+Have a look at how fast it boots, or measure the total native memory consumption.
+
+### Run Quarkus as a native executable
+
+You can also create a native executable from this application without making any
+source code changes. A native executable removes the dependency on the JVM:
+everything needed to run the application on the target platform is included in 
+the executable, allowing the application to run with minimal resource overhead.
+
+Compiling a native executable takes a bit longer, as GraalVM performs additional
+steps to remove unnecessary codepaths. Use the  `native` profile to compile a
+native executable:
+
+> ./mvnw package -Dnative
+
+After getting a cup of coffee, you'll be able to run this executable directly:
+
+> ./target/openid-connect-web-authentication-1.0-SNAPSHOT-runner
diff --git a/openid-connect-web-authentication/config/quarkus-realm.json b/openid-connect-web-authentication/config/quarkus-realm.json
new file mode 100644
index 0000000000..90c17f276f
--- /dev/null
+++ b/openid-connect-web-authentication/config/quarkus-realm.json
@@ -0,0 +1,1564 @@
+{
+  "id" : "11d78bf6-6d10-4484-baba-a1388379d68b",
+  "realm" : "quarkus",
+  "notBefore" : 0,
+  "revokeRefreshToken" : false,
+  "refreshTokenMaxReuse" : 0,
+  "accessTokenLifespan" : 300,
+  "accessTokenLifespanForImplicitFlow" : 900,
+  "ssoSessionIdleTimeout" : 1800,
+  "ssoSessionMaxLifespan" : 36000,
+  "ssoSessionIdleTimeoutRememberMe" : 0,
+  "ssoSessionMaxLifespanRememberMe" : 0,
+  "offlineSessionIdleTimeout" : 2592000,
+  "offlineSessionMaxLifespanEnabled" : false,
+  "offlineSessionMaxLifespan" : 5184000,
+  "accessCodeLifespan" : 60,
+  "accessCodeLifespanUserAction" : 300,
+  "accessCodeLifespanLogin" : 1800,
+  "actionTokenGeneratedByAdminLifespan" : 43200,
+  "actionTokenGeneratedByUserLifespan" : 300,
+  "enabled" : true,
+  "sslRequired" : "external",
+  "registrationAllowed" : false,
+  "registrationEmailAsUsername" : false,
+  "rememberMe" : false,
+  "verifyEmail" : false,
+  "loginWithEmailAllowed" : true,
+  "duplicateEmailsAllowed" : false,
+  "resetPasswordAllowed" : false,
+  "editUsernameAllowed" : false,
+  "bruteForceProtected" : false,
+  "permanentLockout" : false,
+  "maxFailureWaitSeconds" : 900,
+  "minimumQuickLoginWaitSeconds" : 60,
+  "waitIncrementSeconds" : 60,
+  "quickLoginCheckMilliSeconds" : 1000,
+  "maxDeltaTimeSeconds" : 43200,
+  "failureFactor" : 30,
+  "roles" : {
+    "realm" : [ {
+      "id" : "3fc80564-13ac-4e7b-9986-322f571e82bc",
+      "name" : "confidential",
+      "composite" : false,
+      "clientRole" : false,
+      "containerId" : "11d78bf6-6d10-4484-baba-a1388379d68b",
+      "attributes" : { }
+    }, {
+      "id" : "39eb64c8-66a9-4983-9c81-27ea7e2f6273",
+      "name" : "uma_authorization",
+      "description" : "${role_uma_authorization}",
+      "composite" : false,
+      "clientRole" : false,
+      "containerId" : "11d78bf6-6d10-4484-baba-a1388379d68b",
+      "attributes" : { }
+    }, {
+      "id" : "8c1abe12-62fe-4a06-ae0d-f5fb67dddbb0",
+      "name" : "admin",
+      "composite" : false,
+      "clientRole" : false,
+      "containerId" : "11d78bf6-6d10-4484-baba-a1388379d68b",
+      "attributes" : { }
+    }, {
+      "id" : "5afce544-6a3c-495f-b805-fd737cf5081e",
+      "name" : "user",
+      "composite" : false,
+      "clientRole" : false,
+      "containerId" : "11d78bf6-6d10-4484-baba-a1388379d68b",
+      "attributes" : { }
+    }, {
+      "id" : "bc431d62-a80a-425b-961a-0fb3fc59006d",
+      "name" : "offline_access",
+      "description" : "${role_offline-access}",
+      "composite" : false,
+      "clientRole" : false,
+      "containerId" : "11d78bf6-6d10-4484-baba-a1388379d68b",
+      "attributes" : { }
+    } ],
+    "client" : {
+      "realm-management" : [ {
+        "id" : "7db1f38d-d436-4725-93fd-030a3bbe628e",
+        "name" : "manage-identity-providers",
+        "description" : "${role_manage-identity-providers}",
+        "composite" : false,
+        "clientRole" : true,
+        "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748",
+        "attributes" : { }
+      }, {
+        "id" : "1163b9bd-7319-4154-a25f-0101b2548d21",
+        "name" : "impersonation",
+        "description" : "${role_impersonation}",
+        "composite" : false,
+        "clientRole" : true,
+        "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748",
+        "attributes" : { }
+      }, {
+        "id" : "73d0a556-072b-404f-bf8e-10e2544c8c27",
+        "name" : "view-identity-providers",
+        "description" : "${role_view-identity-providers}",
+        "composite" : false,
+        "clientRole" : true,
+        "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748",
+        "attributes" : { }
+      }, {
+        "id" : "7e727e28-2095-4443-b2da-865e684f2308",
+        "name" : "view-realm",
+        "description" : "${role_view-realm}",
+        "composite" : false,
+        "clientRole" : true,
+        "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748",
+        "attributes" : { }
+      }, {
+        "id" : "df9e5352-f835-4467-bcaf-cb1b5f55c1ec",
+        "name" : "query-users",
+        "description" : "${role_query-users}",
+        "composite" : false,
+        "clientRole" : true,
+        "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748",
+        "attributes" : { }
+      }, {
+        "id" : "fa77909a-32a3-41ae-9983-2b92ae03080c",
+        "name" : "manage-clients",
+        "description" : "${role_manage-clients}",
+        "composite" : false,
+        "clientRole" : true,
+        "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748",
+        "attributes" : { }
+      }, {
+        "id" : "a8780507-dc72-4433-8b95-b8e4f3c37d0e",
+        "name" : "manage-events",
+        "description" : "${role_manage-events}",
+        "composite" : false,
+        "clientRole" : true,
+        "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748",
+        "attributes" : { }
+      }, {
+        "id" : "f7f4697a-3977-42f6-af86-9bb006cf4d04",
+        "name" : "realm-admin",
+        "description" : "${role_realm-admin}",
+        "composite" : true,
+        "composites" : {
+          "client" : {
+            "realm-management" : [ "impersonation", "manage-identity-providers", "view-identity-providers", "view-realm", "query-users", "manage-clients", "manage-events", "manage-realm", "view-authorization", "manage-authorization", "view-users", "create-client", "query-clients", "query-groups", "manage-users", "view-clients", "view-events", "query-realms" ]
+          }
+        },
+        "clientRole" : true,
+        "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748",
+        "attributes" : { }
+      }, {
+        "id" : "ca7dc1ce-a981-4efe-b3f0-a7192b6d3943",
+        "name" : "manage-realm",
+        "description" : "${role_manage-realm}",
+        "composite" : false,
+        "clientRole" : true,
+        "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748",
+        "attributes" : { }
+      }, {
+        "id" : "a0ab4faa-00a9-4f52-ac9f-8e764b6a8126",
+        "name" : "view-authorization",
+        "description" : "${role_view-authorization}",
+        "composite" : false,
+        "clientRole" : true,
+        "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748",
+        "attributes" : { }
+      }, {
+        "id" : "0b4ed5e0-eceb-4d81-ba05-fa67022abe59",
+        "name" : "manage-authorization",
+        "description" : "${role_manage-authorization}",
+        "composite" : false,
+        "clientRole" : true,
+        "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748",
+        "attributes" : { }
+      }, {
+        "id" : "c10336be-06f3-40ef-bef5-28d8c9b8a1e2",
+        "name" : "create-client",
+        "description" : "${role_create-client}",
+        "composite" : false,
+        "clientRole" : true,
+        "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748",
+        "attributes" : { }
+      }, {
+        "id" : "1a1ffadc-11d5-44ea-bac0-d94372c8ae5c",
+        "name" : "view-users",
+        "description" : "${role_view-users}",
+        "composite" : true,
+        "composites" : {
+          "client" : {
+            "realm-management" : [ "query-groups", "query-users" ]
+          }
+        },
+        "clientRole" : true,
+        "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748",
+        "attributes" : { }
+      }, {
+        "id" : "5ba9a1a3-9027-4531-8253-b91f6058513c",
+        "name" : "query-clients",
+        "description" : "${role_query-clients}",
+        "composite" : false,
+        "clientRole" : true,
+        "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748",
+        "attributes" : { }
+      }, {
+        "id" : "b4fba807-7a7e-4e3e-bd31-45703305a9e3",
+        "name" : "query-groups",
+        "description" : "${role_query-groups}",
+        "composite" : false,
+        "clientRole" : true,
+        "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748",
+        "attributes" : { }
+      }, {
+        "id" : "c9384254-0af3-434c-b4ed-7c94f59a8247",
+        "name" : "manage-users",
+        "description" : "${role_manage-users}",
+        "composite" : false,
+        "clientRole" : true,
+        "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748",
+        "attributes" : { }
+      }, {
+        "id" : "9a0022f2-bd58-4418-828c-a8e7abe3346b",
+        "name" : "view-clients",
+        "description" : "${role_view-clients}",
+        "composite" : true,
+        "composites" : {
+          "client" : {
+            "realm-management" : [ "query-clients" ]
+          }
+        },
+        "clientRole" : true,
+        "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748",
+        "attributes" : { }
+      }, {
+        "id" : "83df8311-4366-4d22-9425-eccc343faa3f",
+        "name" : "view-events",
+        "description" : "${role_view-events}",
+        "composite" : false,
+        "clientRole" : true,
+        "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748",
+        "attributes" : { }
+      }, {
+        "id" : "e81bf277-047f-4bdd-afd6-59e2016c5066",
+        "name" : "query-realms",
+        "description" : "${role_query-realms}",
+        "composite" : false,
+        "clientRole" : true,
+        "containerId" : "376bd940-e50a-4495-80fc-9c6c07312748",
+        "attributes" : { }
+      } ],
+      "security-admin-console" : [ ],
+      "admin-cli" : [ ],
+      "frontend" : [ {
+        "id" : "df147a91-6da7-4bbc-866c-f30cf99b2637",
+        "name" : "uma_protection",
+        "composite" : false,
+        "clientRole" : true,
+        "containerId" : "0ac5df91-e044-4051-bd03-106a3a5fb9cc",
+        "attributes" : { }
+      } ],
+      "broker" : [ {
+        "id" : "d36865b0-7ade-4bcd-a7dc-1dacbd80f169",
+        "name" : "read-token",
+        "description" : "${role_read-token}",
+        "composite" : false,
+        "clientRole" : true,
+        "containerId" : "53d4fe53-a039-471e-886a-28eddc950e95",
+        "attributes" : { }
+      } ],
+      "account" : [ {
+        "id" : "539325a0-d9b3-4821-97ee-d42999296b62",
+        "name" : "view-profile",
+        "description" : "${role_view-profile}",
+        "composite" : false,
+        "clientRole" : true,
+        "containerId" : "e55e1234-38fa-432d-8d90-39f5e024688d",
+        "attributes" : { }
+      }, {
+        "id" : "e4af836c-c884-4a57-8b1d-fb673b0fe3a5",
+        "name" : "manage-account",
+        "description" : "${role_manage-account}",
+        "composite" : true,
+        "composites" : {
+          "client" : {
+            "account" : [ "manage-account-links" ]
+          }
+        },
+        "clientRole" : true,
+        "containerId" : "e55e1234-38fa-432d-8d90-39f5e024688d",
+        "attributes" : { }
+      }, {
+        "id" : "35d1c998-bcae-4ab1-a026-4c67bff49a98",
+        "name" : "manage-account-links",
+        "description" : "${role_manage-account-links}",
+        "composite" : false,
+        "clientRole" : true,
+        "containerId" : "e55e1234-38fa-432d-8d90-39f5e024688d",
+        "attributes" : { }
+      } ]
+    }
+  },
+  "groups" : [ ],
+  "defaultRoles" : [ "uma_authorization", "offline_access" ],
+  "requiredCredentials" : [ "password" ],
+  "otpPolicyType" : "totp",
+  "otpPolicyAlgorithm" : "HmacSHA1",
+  "otpPolicyInitialCounter" : 0,
+  "otpPolicyDigits" : 6,
+  "otpPolicyLookAheadWindow" : 1,
+  "otpPolicyPeriod" : 30,
+  "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ],
+  "scopeMappings" : [ {
+    "clientScope" : "offline_access",
+    "roles" : [ "offline_access" ]
+  } ],
+  "clients" : [ {
+    "id" : "e55e1234-38fa-432d-8d90-39f5e024688d",
+    "clientId" : "account",
+    "name" : "${client_account}",
+    "baseUrl" : "/auth/realms/quarkus/account",
+    "surrogateAuthRequired" : false,
+    "enabled" : true,
+    "clientAuthenticatorType" : "client-secret",
+    "secret" : "0136c3ef-0dfd-4b13-a6d0-2c8b6358edec",
+    "defaultRoles" : [ "view-profile", "manage-account" ],
+    "redirectUris" : [ "/auth/realms/quarkus/account/*" ],
+    "webOrigins" : [ ],
+    "notBefore" : 0,
+    "bearerOnly" : false,
+    "consentRequired" : false,
+    "standardFlowEnabled" : true,
+    "implicitFlowEnabled" : false,
+    "directAccessGrantsEnabled" : false,
+    "serviceAccountsEnabled" : false,
+    "publicClient" : false,
+    "frontchannelLogout" : false,
+    "protocol" : "openid-connect",
+    "attributes" : { },
+    "authenticationFlowBindingOverrides" : { },
+    "fullScopeAllowed" : false,
+    "nodeReRegistrationTimeout" : 0,
+    "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+    "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+  }, {
+    "id" : "e9cc41a2-8e35-4d5e-949e-4879880c2ddb",
+    "clientId" : "admin-cli",
+    "name" : "${client_admin-cli}",
+    "surrogateAuthRequired" : false,
+    "enabled" : true,
+    "clientAuthenticatorType" : "client-secret",
+    "secret" : "a951803a-79c7-46a6-8197-e32835286971",
+    "redirectUris" : [ ],
+    "webOrigins" : [ ],
+    "notBefore" : 0,
+    "bearerOnly" : false,
+    "consentRequired" : false,
+    "standardFlowEnabled" : false,
+    "implicitFlowEnabled" : false,
+    "directAccessGrantsEnabled" : true,
+    "serviceAccountsEnabled" : false,
+    "publicClient" : true,
+    "frontchannelLogout" : false,
+    "protocol" : "openid-connect",
+    "attributes" : { },
+    "authenticationFlowBindingOverrides" : { },
+    "fullScopeAllowed" : false,
+    "nodeReRegistrationTimeout" : 0,
+    "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+    "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+  }, {
+    "id" : "53d4fe53-a039-471e-886a-28eddc950e95",
+    "clientId" : "broker",
+    "name" : "${client_broker}",
+    "surrogateAuthRequired" : false,
+    "enabled" : true,
+    "clientAuthenticatorType" : "client-secret",
+    "secret" : "e1f7edd7-e15c-43b4-8736-ff8204d16836",
+    "redirectUris" : [ ],
+    "webOrigins" : [ ],
+    "notBefore" : 0,
+    "bearerOnly" : false,
+    "consentRequired" : false,
+    "standardFlowEnabled" : true,
+    "implicitFlowEnabled" : false,
+    "directAccessGrantsEnabled" : false,
+    "serviceAccountsEnabled" : false,
+    "publicClient" : false,
+    "frontchannelLogout" : false,
+    "protocol" : "openid-connect",
+    "attributes" : { },
+    "authenticationFlowBindingOverrides" : { },
+    "fullScopeAllowed" : false,
+    "nodeReRegistrationTimeout" : 0,
+    "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+    "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+  }, {
+    "id" : "0ac5df91-e044-4051-bd03-106a3a5fb9cc",
+    "clientId" : "frontend",
+    "surrogateAuthRequired" : false,
+    "enabled" : true,
+    "redirectUris" : ["http://localhost:8080/*", "http://localhost:8081/*"],
+    "webOrigins" : [ ],
+    "notBefore" : 0,
+    "bearerOnly" : false,
+    "consentRequired" : false,
+    "standardFlowEnabled" : true,
+    "implicitFlowEnabled" : false,
+    "directAccessGrantsEnabled" : true,
+    "publicClient" : true,
+    "frontchannelLogout" : false,
+    "protocol" : "openid-connect",
+    "attributes" : { },
+    "authenticationFlowBindingOverrides" : { },
+    "fullScopeAllowed" : true,
+    "nodeReRegistrationTimeout" : -1,
+    "protocolMappers" : [ {
+      "id" : "3eac903f-c16b-4a78-a7e8-eb8f4d402b71",
+      "name" : "Client ID",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-usersessionmodel-note-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "user.session.note" : "clientId",
+        "id.token.claim" : "true",
+        "access.token.claim" : "true",
+        "claim.name" : "clientId",
+        "jsonType.label" : "String"
+      }
+    }, {
+      "id" : "8422cefe-7f42-4f3b-abad-5f06f7d4b748",
+      "name" : "Client IP Address",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-usersessionmodel-note-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "user.session.note" : "clientAddress",
+        "id.token.claim" : "true",
+        "access.token.claim" : "true",
+        "claim.name" : "clientAddress",
+        "jsonType.label" : "String"
+      }
+    }, {
+      "id" : "988e47d6-2055-45eb-82d6-0b8b25c629fc",
+      "name" : "Client Host",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-usersessionmodel-note-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "user.session.note" : "clientHost",
+        "id.token.claim" : "true",
+        "access.token.claim" : "true",
+        "claim.name" : "clientHost",
+        "jsonType.label" : "String"
+      }
+    } ],
+    "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+    "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+  }, {
+    "id" : "376bd940-e50a-4495-80fc-9c6c07312748",
+    "clientId" : "realm-management",
+    "name" : "${client_realm-management}",
+    "surrogateAuthRequired" : false,
+    "enabled" : true,
+    "clientAuthenticatorType" : "client-secret",
+    "secret" : "c41b709a-a012-4c69-89d7-4f926dba0619",
+    "redirectUris" : [ ],
+    "webOrigins" : [ ],
+    "notBefore" : 0,
+    "bearerOnly" : true,
+    "consentRequired" : false,
+    "standardFlowEnabled" : true,
+    "implicitFlowEnabled" : false,
+    "directAccessGrantsEnabled" : false,
+    "serviceAccountsEnabled" : false,
+    "publicClient" : false,
+    "frontchannelLogout" : false,
+    "protocol" : "openid-connect",
+    "attributes" : { },
+    "authenticationFlowBindingOverrides" : { },
+    "fullScopeAllowed" : false,
+    "nodeReRegistrationTimeout" : 0,
+    "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+    "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+  }, {
+    "id" : "a8732cac-ae0f-44ec-b7f3-bd2c41eff13c",
+    "clientId" : "security-admin-console",
+    "name" : "${client_security-admin-console}",
+    "baseUrl" : "/auth/admin/quarkus/console/index.html",
+    "surrogateAuthRequired" : false,
+    "enabled" : true,
+    "clientAuthenticatorType" : "client-secret",
+    "secret" : "e571b211-2550-475d-b87f-116ff54091ee",
+    "redirectUris" : [ "/auth/admin/quarkus/console/*" ],
+    "webOrigins" : [ ],
+    "notBefore" : 0,
+    "bearerOnly" : false,
+    "consentRequired" : false,
+    "standardFlowEnabled" : true,
+    "implicitFlowEnabled" : false,
+    "directAccessGrantsEnabled" : false,
+    "serviceAccountsEnabled" : false,
+    "publicClient" : true,
+    "frontchannelLogout" : false,
+    "protocol" : "openid-connect",
+    "attributes" : { },
+    "authenticationFlowBindingOverrides" : { },
+    "fullScopeAllowed" : false,
+    "nodeReRegistrationTimeout" : 0,
+    "protocolMappers" : [ {
+      "id" : "280528ca-5e96-4bb9-9fc0-20311caac32d",
+      "name" : "locale",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-usermodel-attribute-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "userinfo.token.claim" : "true",
+        "user.attribute" : "locale",
+        "id.token.claim" : "true",
+        "access.token.claim" : "true",
+        "claim.name" : "locale",
+        "jsonType.label" : "String"
+      }
+    } ],
+    "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ],
+    "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+  } ],
+  "clientScopes" : [ {
+    "id" : "520cc3ef-2c6b-4d84-bcde-8c063241f4bd",
+    "name" : "address",
+    "description" : "OpenID Connect built-in scope: address",
+    "protocol" : "openid-connect",
+    "attributes" : {
+      "include.in.token.scope" : "true",
+      "display.on.consent.screen" : "true",
+      "consent.screen.text" : "${addressScopeConsentText}"
+    },
+    "protocolMappers" : [ {
+      "id" : "c1d3bd07-0a5f-4f4f-b381-c58a7b723029",
+      "name" : "address",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-address-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "user.attribute.formatted" : "formatted",
+        "user.attribute.country" : "country",
+        "user.attribute.postal_code" : "postal_code",
+        "userinfo.token.claim" : "true",
+        "user.attribute.street" : "street",
+        "id.token.claim" : "true",
+        "user.attribute.region" : "region",
+        "access.token.claim" : "true",
+        "user.attribute.locality" : "locality"
+      }
+    } ]
+  }, {
+    "id" : "19920c96-a383-4f35-8ee9-27833263cf03",
+    "name" : "email",
+    "description" : "OpenID Connect built-in scope: email",
+    "protocol" : "openid-connect",
+    "attributes" : {
+      "include.in.token.scope" : "true",
+      "display.on.consent.screen" : "true",
+      "consent.screen.text" : "${emailScopeConsentText}"
+    },
+    "protocolMappers" : [ {
+      "id" : "36a0adf0-6c25-419f-98d7-cdeada8661aa",
+      "name" : "email",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-usermodel-property-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "userinfo.token.claim" : "true",
+        "user.attribute" : "email",
+        "id.token.claim" : "true",
+        "access.token.claim" : "true",
+        "claim.name" : "email",
+        "jsonType.label" : "String"
+      }
+    }, {
+      "id" : "b0c39901-5e5d-4436-b685-908bb90ea1d9",
+      "name" : "email verified",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-usermodel-property-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "userinfo.token.claim" : "true",
+        "user.attribute" : "emailVerified",
+        "id.token.claim" : "true",
+        "access.token.claim" : "true",
+        "claim.name" : "email_verified",
+        "jsonType.label" : "boolean"
+      }
+    } ]
+  }, {
+    "id" : "55b3ee1c-cbf9-4526-93d7-aa56a9c5f1cb",
+    "name" : "microprofile-jwt",
+    "description" : "Microprofile - JWT built-in scope",
+    "protocol" : "openid-connect",
+    "attributes" : {
+      "include.in.token.scope" : "true",
+      "display.on.consent.screen" : "false"
+    },
+    "protocolMappers" : [ {
+      "id" : "59128144-a21a-4744-bb55-e66ff0503b18",
+      "name" : "upn",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-usermodel-property-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "userinfo.token.claim" : "true",
+        "user.attribute" : "username",
+        "id.token.claim" : "true",
+        "access.token.claim" : "true",
+        "claim.name" : "upn",
+        "jsonType.label" : "String"
+      }
+    }, {
+      "id" : "69351a63-7d6e-45d0-be47-088c83b20fdb",
+      "name" : "groups",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "multivalued" : "true",
+        "user.attribute" : "foo",
+        "id.token.claim" : "true",
+        "access.token.claim" : "true",
+        "claim.name" : "groups",
+        "jsonType.label" : "String"
+      }
+    } ]
+  }, {
+    "id" : "3f190f54-8e3a-4c82-a799-bd12ddc475b2",
+    "name" : "offline_access",
+    "description" : "OpenID Connect built-in scope: offline_access",
+    "protocol" : "openid-connect",
+    "attributes" : {
+      "consent.screen.text" : "${offlineAccessScopeConsentText}",
+      "display.on.consent.screen" : "true"
+    }
+  }, {
+    "id" : "defa3480-5368-4f34-8075-49fb982b71b3",
+    "name" : "phone",
+    "description" : "OpenID Connect built-in scope: phone",
+    "protocol" : "openid-connect",
+    "attributes" : {
+      "include.in.token.scope" : "true",
+      "display.on.consent.screen" : "true",
+      "consent.screen.text" : "${phoneScopeConsentText}"
+    },
+    "protocolMappers" : [ {
+      "id" : "069ae414-9e98-4612-a3d6-e8b5a1fa841d",
+      "name" : "phone number verified",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-usermodel-attribute-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "userinfo.token.claim" : "true",
+        "user.attribute" : "phoneNumberVerified",
+        "id.token.claim" : "true",
+        "access.token.claim" : "true",
+        "claim.name" : "phone_number_verified",
+        "jsonType.label" : "boolean"
+      }
+    }, {
+      "id" : "cea58e24-d0e0-4cc6-9e34-7b3bf7d6d85b",
+      "name" : "phone number",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-usermodel-attribute-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "userinfo.token.claim" : "true",
+        "user.attribute" : "phoneNumber",
+        "id.token.claim" : "true",
+        "access.token.claim" : "true",
+        "claim.name" : "phone_number",
+        "jsonType.label" : "String"
+      }
+    } ]
+  }, {
+    "id" : "b7321e2e-dd8e-41cf-a527-c765155c3f78",
+    "name" : "profile",
+    "description" : "OpenID Connect built-in scope: profile",
+    "protocol" : "openid-connect",
+    "attributes" : {
+      "include.in.token.scope" : "true",
+      "display.on.consent.screen" : "true",
+      "consent.screen.text" : "${profileScopeConsentText}"
+    },
+    "protocolMappers" : [ {
+      "id" : "1d4d3df5-7af5-488e-8477-0ad7cb74d50a",
+      "name" : "nickname",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-usermodel-attribute-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "userinfo.token.claim" : "true",
+        "user.attribute" : "nickname",
+        "id.token.claim" : "true",
+        "access.token.claim" : "true",
+        "claim.name" : "nickname",
+        "jsonType.label" : "String"
+      }
+    }, {
+      "id" : "1a5e26d6-211e-4f8a-b696-0ea9577db25a",
+      "name" : "zoneinfo",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-usermodel-attribute-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "userinfo.token.claim" : "true",
+        "user.attribute" : "zoneinfo",
+        "id.token.claim" : "true",
+        "access.token.claim" : "true",
+        "claim.name" : "zoneinfo",
+        "jsonType.label" : "String"
+      }
+    }, {
+      "id" : "18971685-6dd7-420f-9c09-879c4f2d54d8",
+      "name" : "updated at",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-usermodel-attribute-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "userinfo.token.claim" : "true",
+        "user.attribute" : "updatedAt",
+        "id.token.claim" : "true",
+        "access.token.claim" : "true",
+        "claim.name" : "updated_at",
+        "jsonType.label" : "String"
+      }
+    }, {
+      "id" : "b970d96b-0156-4db0-9beb-9c84c173e619",
+      "name" : "birthdate",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-usermodel-attribute-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "userinfo.token.claim" : "true",
+        "user.attribute" : "birthdate",
+        "id.token.claim" : "true",
+        "access.token.claim" : "true",
+        "claim.name" : "birthdate",
+        "jsonType.label" : "String"
+      }
+    }, {
+      "id" : "50287033-df21-45c6-aa46-c3060e6f9855",
+      "name" : "given name",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-usermodel-property-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "userinfo.token.claim" : "true",
+        "user.attribute" : "firstName",
+        "id.token.claim" : "true",
+        "access.token.claim" : "true",
+        "claim.name" : "given_name",
+        "jsonType.label" : "String"
+      }
+    }, {
+      "id" : "3dc6b97e-7063-4077-98d1-0cacf9029c7b",
+      "name" : "full name",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-full-name-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "id.token.claim" : "true",
+        "access.token.claim" : "true",
+        "userinfo.token.claim" : "true"
+      }
+    }, {
+      "id" : "3fb9391b-376c-42ef-b012-4df461c617cc",
+      "name" : "middle name",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-usermodel-attribute-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "userinfo.token.claim" : "true",
+        "user.attribute" : "middleName",
+        "id.token.claim" : "true",
+        "access.token.claim" : "true",
+        "claim.name" : "middle_name",
+        "jsonType.label" : "String"
+      }
+    }, {
+      "id" : "83f7fc4a-5386-4f86-a103-6585e138b61d",
+      "name" : "username",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-usermodel-property-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "userinfo.token.claim" : "true",
+        "user.attribute" : "username",
+        "id.token.claim" : "true",
+        "access.token.claim" : "true",
+        "claim.name" : "preferred_username",
+        "jsonType.label" : "String"
+      }
+    }, {
+      "id" : "8ef177b3-f485-44b1-afee-1901393b00c7",
+      "name" : "family name",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-usermodel-property-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "userinfo.token.claim" : "true",
+        "user.attribute" : "lastName",
+        "id.token.claim" : "true",
+        "access.token.claim" : "true",
+        "claim.name" : "family_name",
+        "jsonType.label" : "String"
+      }
+    }, {
+      "id" : "e994cbc7-2a1a-4465-b7b7-12b35b4fe49e",
+      "name" : "gender",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-usermodel-attribute-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "userinfo.token.claim" : "true",
+        "user.attribute" : "gender",
+        "id.token.claim" : "true",
+        "access.token.claim" : "true",
+        "claim.name" : "gender",
+        "jsonType.label" : "String"
+      }
+    }, {
+      "id" : "abaa4c9e-1fa2-4b45-a1bb-b3d650de9aca",
+      "name" : "picture",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-usermodel-attribute-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "userinfo.token.claim" : "true",
+        "user.attribute" : "picture",
+        "id.token.claim" : "true",
+        "access.token.claim" : "true",
+        "claim.name" : "picture",
+        "jsonType.label" : "String"
+      }
+    }, {
+      "id" : "bf21b514-81fd-4bbe-9236-bab5fcf54561",
+      "name" : "locale",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-usermodel-attribute-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "userinfo.token.claim" : "true",
+        "user.attribute" : "locale",
+        "id.token.claim" : "true",
+        "access.token.claim" : "true",
+        "claim.name" : "locale",
+        "jsonType.label" : "String"
+      }
+    }, {
+      "id" : "254f8de4-08e7-4d3d-a87f-4b238f0f922b",
+      "name" : "profile",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-usermodel-attribute-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "userinfo.token.claim" : "true",
+        "user.attribute" : "profile",
+        "id.token.claim" : "true",
+        "access.token.claim" : "true",
+        "claim.name" : "profile",
+        "jsonType.label" : "String"
+      }
+    }, {
+      "id" : "7934bf2a-cfc3-4b2d-a5cb-287f3ed2a977",
+      "name" : "website",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-usermodel-attribute-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "userinfo.token.claim" : "true",
+        "user.attribute" : "website",
+        "id.token.claim" : "true",
+        "access.token.claim" : "true",
+        "claim.name" : "website",
+        "jsonType.label" : "String"
+      }
+    } ]
+  }, {
+    "id" : "f3dc793d-6011-4861-b538-399dde5434c0",
+    "name" : "role_list",
+    "description" : "SAML role list",
+    "protocol" : "saml",
+    "attributes" : {
+      "consent.screen.text" : "${samlRoleListScopeConsentText}",
+      "display.on.consent.screen" : "true"
+    },
+    "protocolMappers" : [ {
+      "id" : "22eeabf8-a3c3-4026-a351-367f8ace7927",
+      "name" : "role list",
+      "protocol" : "saml",
+      "protocolMapper" : "saml-role-list-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "single" : "false",
+        "attribute.nameformat" : "Basic",
+        "attribute.name" : "Role"
+      }
+    } ]
+  }, {
+    "id" : "f72c1acd-c367-41b1-8646-b6bd5fff3e3f",
+    "name" : "roles",
+    "description" : "OpenID Connect scope for add user roles to the access token",
+    "protocol" : "openid-connect",
+    "attributes" : {
+      "include.in.token.scope" : "false",
+      "display.on.consent.screen" : "true",
+      "consent.screen.text" : "${rolesScopeConsentText}"
+    },
+    "protocolMappers" : [ {
+      "id" : "cd8e589e-5fa7-4dae-bf6e-e8f6a3fd3cff",
+      "name" : "realm roles",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "user.attribute" : "foo",
+        "access.token.claim" : "true",
+        "claim.name" : "realm_access.roles",
+        "jsonType.label" : "String",
+        "multivalued" : "true"
+      }
+    }, {
+      "id" : "708b19d1-0709-4278-b5a1-bcbeec11f51a",
+      "name" : "audience resolve",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-audience-resolve-mapper",
+      "consentRequired" : false,
+      "config" : { }
+    }, {
+      "id" : "25e97210-30c7-4f35-be11-407f1fa674cb",
+      "name" : "client roles",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-usermodel-client-role-mapper",
+      "consentRequired" : false,
+      "config" : {
+        "user.attribute" : "foo",
+        "access.token.claim" : "true",
+        "claim.name" : "resource_access.${client_id}.roles",
+        "jsonType.label" : "String",
+        "multivalued" : "true"
+      }
+    } ]
+  }, {
+    "id" : "52618957-a4e8-4c6f-a902-217f2c41a2fd",
+    "name" : "web-origins",
+    "description" : "OpenID Connect scope for add allowed web origins to the access token",
+    "protocol" : "openid-connect",
+    "attributes" : {
+      "include.in.token.scope" : "false",
+      "display.on.consent.screen" : "false",
+      "consent.screen.text" : ""
+    },
+    "protocolMappers" : [ {
+      "id" : "a66ddadf-312f-491f-993c-fa58685815c6",
+      "name" : "allowed web origins",
+      "protocol" : "openid-connect",
+      "protocolMapper" : "oidc-allowed-origins-mapper",
+      "consentRequired" : false,
+      "config" : { }
+    } ]
+  } ],
+  "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins" ],
+  "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ],
+  "browserSecurityHeaders" : {
+    "contentSecurityPolicyReportOnly" : "",
+    "xContentTypeOptions" : "nosniff",
+    "xRobotsTag" : "none",
+    "xFrameOptions" : "SAMEORIGIN",
+    "xXSSProtection" : "1; mode=block",
+    "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
+    "strictTransportSecurity" : "max-age=31536000; includeSubDomains"
+  },
+  "smtpServer" : { },
+  "eventsEnabled" : false,
+  "eventsListeners" : [ "jboss-logging" ],
+  "enabledEventTypes" : [ ],
+  "adminEventsEnabled" : false,
+  "adminEventsDetailsEnabled" : false,
+  "components" : {
+    "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ {
+      "id" : "a7679218-373d-48ca-88f8-429985faeae3",
+      "name" : "Allowed Protocol Mapper Types",
+      "providerId" : "allowed-protocol-mappers",
+      "subType" : "anonymous",
+      "subComponents" : { },
+      "config" : {
+        "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-address-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper" ]
+      }
+    }, {
+      "id" : "2ebf6f9f-4bfc-44b9-ad7c-282f2274d35b",
+      "name" : "Allowed Client Scopes",
+      "providerId" : "allowed-client-templates",
+      "subType" : "authenticated",
+      "subComponents" : { },
+      "config" : {
+        "allow-default-scopes" : [ "true" ]
+      }
+    }, {
+      "id" : "552093c3-0a0a-4234-ad7c-ae660f0f0db1",
+      "name" : "Allowed Client Scopes",
+      "providerId" : "allowed-client-templates",
+      "subType" : "anonymous",
+      "subComponents" : { },
+      "config" : {
+        "allow-default-scopes" : [ "true" ]
+      }
+    }, {
+      "id" : "8f27cf74-cee7-4a73-851f-982ee45157ca",
+      "name" : "Trusted Hosts",
+      "providerId" : "trusted-hosts",
+      "subType" : "anonymous",
+      "subComponents" : { },
+      "config" : {
+        "host-sending-registration-request-must-match" : [ "true" ],
+        "client-uris-must-match" : [ "true" ]
+      }
+    }, {
+      "id" : "ff570525-6c96-4500-9d73-c02e708b39de",
+      "name" : "Full Scope Disabled",
+      "providerId" : "scope",
+      "subType" : "anonymous",
+      "subComponents" : { },
+      "config" : { }
+    }, {
+      "id" : "b52284eb-123a-4718-aac9-857530a24a9b",
+      "name" : "Max Clients Limit",
+      "providerId" : "max-clients",
+      "subType" : "anonymous",
+      "subComponents" : { },
+      "config" : {
+        "max-clients" : [ "200" ]
+      }
+    }, {
+      "id" : "2b8c0a6d-d5c0-4ea2-8a9c-4843d3e04ec6",
+      "name" : "Consent Required",
+      "providerId" : "consent-required",
+      "subType" : "anonymous",
+      "subComponents" : { },
+      "config" : { }
+    }, {
+      "id" : "bf59de5a-2c93-43cc-a9aa-03be0129fe53",
+      "name" : "Allowed Protocol Mapper Types",
+      "providerId" : "allowed-protocol-mappers",
+      "subType" : "authenticated",
+      "subComponents" : { },
+      "config" : {
+        "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper" ]
+      }
+    } ],
+    "org.keycloak.keys.KeyProvider" : [ {
+      "id" : "b3efd9cc-28b6-4404-82af-8a48a966b8ff",
+      "name" : "rsa-generated",
+      "providerId" : "rsa-generated",
+      "subComponents" : { },
+      "config" : {
+        "privateKey" : [ "MIIEowIBAAKCAQEAn5T13suF8mlS+pJXp0U1bto41nW55wpcs+Rps8ZVCRyJKWqzwSCYnI7lm0rB2wBpAAO4OPoj1zlmVoFmBPsDU9Xf7rjsJb5LIzIQDCZY44aSDZt6RR+gakPiQvlzHyW/RozYpngDJF7TsTD7rdRF1xQ4RprfBF8fwK/xsU7pxbeom5xDHZhz3fiw8s+7UdbmnazDHfAjU58aUrLGgVRfUsuoHjtsptYlOIXEifaeMetXZE+HhqLYRHQPDap5fbBJl773Trosn7N9nmzN4x1xxGj9So21WC5UboQs9sAIVgizc4omjZ5Y4RN9HLH7G4YwJctNntzmnJhDui9zAO+zSQIDAQABAoIBADi+F7rTtVoft0Cfnok8o6Y58/HVxHdxiMryUd95iy0FN4RBi48FTx6D9QKFz25Ws/8sU2n3D51srIXf1u24b1N0/f39RQKaqk7mcyxOylaEuBQcj5pah4ihgKd92UBfBKdKV5LBo6RgD3e2yhbiHr8+UlBQqzH7vOef6Bm6zIbfmi3N88swAJhP0YizRZFklsbmLsK6nkwyro00CHJvPVKSBbM+ad+/zIBsLw56MvNngB5TuFguUgoljd6M1T2z4utmZGlTUqrfE1onAVLJZoGnRohyIr7dJEg6YxWR70PxsgmkDKyeRvet9P1trO0n+OSprusfrC3cHJStabap1V0CgYEA1A/CtsqTnjdYYsB19eumZgdpzUgNc/YEAzZ/OWb8yTLoB2ncci+63A1rXHUXAqJFY7vtjn5mxv7SuASNbUrzq+6KfZvC1x9XEtnczqT/ypunNfxmIZuj8Nuu6vtURguZ8kPPwdkI8toTizRFeRE5ZDBvoQryiEVYugfHaHT5vzsCgYEAwKWODwquI0Lv9BuwdNVrBXQpkKh3ZfYOA7i9xvhxlM7xUu8OMCwwCPn3r7vrW5APjTqX4h330mJ44SLEs+7gbCUs4BbJBLA6g0ChlHa9PTkxp6tk2nDF/B34fxiZSRkE85L+d+at0Dc3hnlzLCJCzJawGpoPniPU9e4w0p4dN0sCgYAsGnMGjS8SUrRhJWHjGXVr9tK8TOXvXhULjgP7rj2Yoqu7Dvs4DFEyft/7RKbad2EzEtyfLA64CDtO5jN7rYDsGxpWcVSeZPg5BXJ0z8AbJTArfCjJiJMZ/rZsTIUEZFlKF2xYBolj6JLz+pUQTtK+0YwF1D8ItFN1rTR9twZSDQKBgQC6sPXNX+VH6LuPTjIf1x8CxwLs3EXxOpV0R9kp9GRl+HJnk6GlT30xhcThufQo5KAdllXQXIhoiuNoEoCbevhj9Vbax1oBQCNERSMRNEzKAx46xd9TzYwgeo7x5E3QR/3DaoVOfu+cY5ZcrF/PulgP2kxJS1mtQD5GIpGP2oinpwKBgGqiqTFPqRcelx76vBvTU+Jp1zM62T4AotbMrSQR/oUvqHe5Ytj/SbZx+wbbHAiyGgV700Mosyviik83YEAbR3kdOPjgYvAJJW2Y3jEMdQ7MwriXz8XLh5BGmYfVjkSOJXed9ua9WlYLKOJeXXv191BbDvrx5NXuJyVVU4vJx3YZ" ],
+        "certificate" : [ "MIICnTCCAYUCBgFp4EYIrjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdwcm90ZWFuMB4XDTE5MDQwMjIyNTYxOVoXDTI5MDQwMjIyNTc1OVowEjEQMA4GA1UEAwwHcHJvdGVhbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ+U9d7LhfJpUvqSV6dFNW7aONZ1uecKXLPkabPGVQkciSlqs8EgmJyO5ZtKwdsAaQADuDj6I9c5ZlaBZgT7A1PV3+647CW+SyMyEAwmWOOGkg2bekUfoGpD4kL5cx8lv0aM2KZ4AyRe07Ew+63URdcUOEaa3wRfH8Cv8bFO6cW3qJucQx2Yc934sPLPu1HW5p2swx3wI1OfGlKyxoFUX1LLqB47bKbWJTiFxIn2njHrV2RPh4ai2ER0Dw2qeX2wSZe+9066LJ+zfZ5szeMdccRo/UqNtVguVG6ELPbACFYIs3OKJo2eWOETfRyx+xuGMCXLTZ7c5pyYQ7ovcwDvs0kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAVtmRKDb4OK5iSA46tagMBkp6L7WuPpCWuHGWwobEP+BecYsShW7zP3s12oA8SNSwbhvu0CRqgzxhuypgf3hKQFVU153Erv4hzkj+8S0s5LR/ZE7tDNY2lzJ3yQKXy3Md7EkuzzvOZ50MTrcSKAanWq/ZW1OTnrtGymj5zGJnTg7mMnJzEIGePxkvPu/QdchiPBLqxfZYm1jsFGY25djOC3N/KmVcRVmPRGuu6D8tBFHlKoPfZYPdbMvsvs24aupHKRcZ+ofTCpK+2Qo8c0pSSqeEYHGmuGqC6lC6ozxtxSABPO9Q1R1tZBU7Kg5HvXUwwmoVS3EGub46YbHqbmWMLg==" ],
+        "priority" : [ "100" ]
+      }
+    }, {
+      "id" : "20460ca5-ec24-4a9b-839a-457743d3f841",
+      "name" : "hmac-generated",
+      "providerId" : "hmac-generated",
+      "subComponents" : { },
+      "config" : {
+        "kid" : [ "96afd00e-85cf-4d35-b18e-061d3813d8b2" ],
+        "secret" : [ "qBFGKdUGf6xDgKphnRfoFzIzaFHJW4bYnZ9MinPFzN38X5_ctq-2u1q5RdZzeJukXvk2biHB8_s3DxWmmLZFsA" ],
+        "priority" : [ "100" ],
+        "algorithm" : [ "HS256" ]
+      }
+    }, {
+      "id" : "4f02d984-7a23-4ce1-8591-848a71390efe",
+      "name" : "aes-generated",
+      "providerId" : "aes-generated",
+      "subComponents" : { },
+      "config" : {
+        "kid" : [ "b04473d3-8395-4016-b455-19a9e951106b" ],
+        "secret" : [ "x68mMOVdz3qKWzltzReV0g" ],
+        "priority" : [ "100" ]
+      }
+    } ]
+  },
+  "internationalizationEnabled" : false,
+  "supportedLocales" : [ ],
+  "authenticationFlows" : [ {
+    "id" : "d6c3e282-a738-4b8b-98c2-378b9faf8344",
+    "alias" : "Handle Existing Account",
+    "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
+    "providerId" : "basic-flow",
+    "topLevel" : false,
+    "builtIn" : true,
+    "authenticationExecutions" : [ {
+      "authenticator" : "idp-confirm-link",
+      "requirement" : "REQUIRED",
+      "priority" : 10,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    }, {
+      "authenticator" : "idp-email-verification",
+      "requirement" : "ALTERNATIVE",
+      "priority" : 20,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    }, {
+      "requirement" : "ALTERNATIVE",
+      "priority" : 30,
+      "flowAlias" : "Verify Existing Account by Re-authentication",
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : true
+    } ]
+  }, {
+    "id" : "4855860b-4009-4f1b-ba6b-60581618ea62",
+    "alias" : "Verify Existing Account by Re-authentication",
+    "description" : "Reauthentication of existing account",
+    "providerId" : "basic-flow",
+    "topLevel" : false,
+    "builtIn" : true,
+    "authenticationExecutions" : [ {
+      "authenticator" : "idp-username-password-form",
+      "requirement" : "REQUIRED",
+      "priority" : 10,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    }, {
+      "authenticator" : "auth-otp-form",
+      "requirement" : "OPTIONAL",
+      "priority" : 20,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    } ]
+  }, {
+    "id" : "8a9872b0-65f1-47ff-9565-fa826ac64cd4",
+    "alias" : "browser",
+    "description" : "browser based authentication",
+    "providerId" : "basic-flow",
+    "topLevel" : true,
+    "builtIn" : true,
+    "authenticationExecutions" : [ {
+      "authenticator" : "auth-cookie",
+      "requirement" : "ALTERNATIVE",
+      "priority" : 10,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    }, {
+      "authenticator" : "auth-spnego",
+      "requirement" : "DISABLED",
+      "priority" : 20,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    }, {
+      "authenticator" : "identity-provider-redirector",
+      "requirement" : "ALTERNATIVE",
+      "priority" : 25,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    }, {
+      "requirement" : "ALTERNATIVE",
+      "priority" : 30,
+      "flowAlias" : "forms",
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : true
+    } ]
+  }, {
+    "id" : "51b8ed14-62b6-49b3-b602-0b51508349e0",
+    "alias" : "clients",
+    "description" : "Base authentication for clients",
+    "providerId" : "client-flow",
+    "topLevel" : true,
+    "builtIn" : true,
+    "authenticationExecutions" : [ {
+      "authenticator" : "client-secret",
+      "requirement" : "ALTERNATIVE",
+      "priority" : 10,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    }, {
+      "authenticator" : "client-jwt",
+      "requirement" : "ALTERNATIVE",
+      "priority" : 20,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    }, {
+      "authenticator" : "client-secret-jwt",
+      "requirement" : "ALTERNATIVE",
+      "priority" : 30,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    }, {
+      "authenticator" : "client-x509",
+      "requirement" : "ALTERNATIVE",
+      "priority" : 40,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    } ]
+  }, {
+    "id" : "9b65133a-ee71-494a-a659-6804513fc30b",
+    "alias" : "direct grant",
+    "description" : "OpenID Connect Resource Owner Grant",
+    "providerId" : "basic-flow",
+    "topLevel" : true,
+    "builtIn" : true,
+    "authenticationExecutions" : [ {
+      "authenticator" : "direct-grant-validate-username",
+      "requirement" : "REQUIRED",
+      "priority" : 10,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    }, {
+      "authenticator" : "direct-grant-validate-password",
+      "requirement" : "REQUIRED",
+      "priority" : 20,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    }, {
+      "authenticator" : "direct-grant-validate-otp",
+      "requirement" : "OPTIONAL",
+      "priority" : 30,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    } ]
+  }, {
+    "id" : "f62bc4ad-25ac-4f83-963b-32820af3a683",
+    "alias" : "docker auth",
+    "description" : "Used by Docker clients to authenticate against the IDP",
+    "providerId" : "basic-flow",
+    "topLevel" : true,
+    "builtIn" : true,
+    "authenticationExecutions" : [ {
+      "authenticator" : "docker-http-basic-authenticator",
+      "requirement" : "REQUIRED",
+      "priority" : 10,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    } ]
+  }, {
+    "id" : "1b423fe7-f312-404c-903b-f1260a77259b",
+    "alias" : "first broker login",
+    "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
+    "providerId" : "basic-flow",
+    "topLevel" : true,
+    "builtIn" : true,
+    "authenticationExecutions" : [ {
+      "authenticatorConfig" : "review profile config",
+      "authenticator" : "idp-review-profile",
+      "requirement" : "REQUIRED",
+      "priority" : 10,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    }, {
+      "authenticatorConfig" : "create unique user config",
+      "authenticator" : "idp-create-user-if-unique",
+      "requirement" : "ALTERNATIVE",
+      "priority" : 20,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    }, {
+      "requirement" : "ALTERNATIVE",
+      "priority" : 30,
+      "flowAlias" : "Handle Existing Account",
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : true
+    } ]
+  }, {
+    "id" : "9c9530b3-e3c6-481b-99e8-1461a9752e8e",
+    "alias" : "forms",
+    "description" : "Username, password, otp and other auth forms.",
+    "providerId" : "basic-flow",
+    "topLevel" : false,
+    "builtIn" : true,
+    "authenticationExecutions" : [ {
+      "authenticator" : "auth-username-password-form",
+      "requirement" : "REQUIRED",
+      "priority" : 10,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    }, {
+      "authenticator" : "auth-otp-form",
+      "requirement" : "OPTIONAL",
+      "priority" : 20,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    } ]
+  }, {
+    "id" : "70fb94ac-354c-4629-a5fe-5135d0137964",
+    "alias" : "http challenge",
+    "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
+    "providerId" : "basic-flow",
+    "topLevel" : true,
+    "builtIn" : true,
+    "authenticationExecutions" : [ {
+      "authenticator" : "no-cookie-redirect",
+      "requirement" : "REQUIRED",
+      "priority" : 10,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    }, {
+      "authenticator" : "basic-auth",
+      "requirement" : "REQUIRED",
+      "priority" : 20,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    }, {
+      "authenticator" : "basic-auth-otp",
+      "requirement" : "DISABLED",
+      "priority" : 30,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    }, {
+      "authenticator" : "auth-spnego",
+      "requirement" : "DISABLED",
+      "priority" : 40,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    } ]
+  }, {
+    "id" : "08292a4a-6722-4e33-a5d9-354c2628f567",
+    "alias" : "registration",
+    "description" : "registration flow",
+    "providerId" : "basic-flow",
+    "topLevel" : true,
+    "builtIn" : true,
+    "authenticationExecutions" : [ {
+      "authenticator" : "registration-page-form",
+      "requirement" : "REQUIRED",
+      "priority" : 10,
+      "flowAlias" : "registration form",
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : true
+    } ]
+  }, {
+    "id" : "668dc4b6-fe1a-4d24-ab5b-bc76e20ac390",
+    "alias" : "registration form",
+    "description" : "registration form",
+    "providerId" : "form-flow",
+    "topLevel" : false,
+    "builtIn" : true,
+    "authenticationExecutions" : [ {
+      "authenticator" : "registration-user-creation",
+      "requirement" : "REQUIRED",
+      "priority" : 20,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    }, {
+      "authenticator" : "registration-profile-action",
+      "requirement" : "REQUIRED",
+      "priority" : 40,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    }, {
+      "authenticator" : "registration-password-action",
+      "requirement" : "REQUIRED",
+      "priority" : 50,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    }, {
+      "authenticator" : "registration-recaptcha-action",
+      "requirement" : "DISABLED",
+      "priority" : 60,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    } ]
+  }, {
+    "id" : "a0e191f0-ce9a-4a75-b6e4-97332b05f7e5",
+    "alias" : "reset credentials",
+    "description" : "Reset credentials for a user if they forgot their password or something",
+    "providerId" : "basic-flow",
+    "topLevel" : true,
+    "builtIn" : true,
+    "authenticationExecutions" : [ {
+      "authenticator" : "reset-credentials-choose-user",
+      "requirement" : "REQUIRED",
+      "priority" : 10,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    }, {
+      "authenticator" : "reset-credential-email",
+      "requirement" : "REQUIRED",
+      "priority" : 20,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    }, {
+      "authenticator" : "reset-password",
+      "requirement" : "REQUIRED",
+      "priority" : 30,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    }, {
+      "authenticator" : "reset-otp",
+      "requirement" : "OPTIONAL",
+      "priority" : 40,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    } ]
+  }, {
+    "id" : "ad4beb21-8e9a-4fca-af41-0f757169f26c",
+    "alias" : "saml ecp",
+    "description" : "SAML ECP Profile Authentication Flow",
+    "providerId" : "basic-flow",
+    "topLevel" : true,
+    "builtIn" : true,
+    "authenticationExecutions" : [ {
+      "authenticator" : "http-basic-authenticator",
+      "requirement" : "REQUIRED",
+      "priority" : 10,
+      "userSetupAllowed" : false,
+      "autheticatorFlow" : false
+    } ]
+  } ],
+  "authenticatorConfig" : [ {
+    "id" : "25632f91-6071-423a-8e9c-7322cdc1b011",
+    "alias" : "create unique user config",
+    "config" : {
+      "require.password.update.after.registration" : "false"
+    }
+  }, {
+    "id" : "02d7f70b-1ebc-4e72-a65c-d94a600895ac",
+    "alias" : "review profile config",
+    "config" : {
+      "update.profile.on.first.login" : "missing"
+    }
+  } ],
+  "requiredActions" : [ {
+    "alias" : "CONFIGURE_TOTP",
+    "name" : "Configure OTP",
+    "providerId" : "CONFIGURE_TOTP",
+    "enabled" : true,
+    "defaultAction" : false,
+    "priority" : 10,
+    "config" : { }
+  }, {
+    "alias" : "terms_and_conditions",
+    "name" : "Terms and Conditions",
+    "providerId" : "terms_and_conditions",
+    "enabled" : false,
+    "defaultAction" : false,
+    "priority" : 20,
+    "config" : { }
+  }, {
+    "alias" : "UPDATE_PASSWORD",
+    "name" : "Update Password",
+    "providerId" : "UPDATE_PASSWORD",
+    "enabled" : true,
+    "defaultAction" : false,
+    "priority" : 30,
+    "config" : { }
+  }, {
+    "alias" : "UPDATE_PROFILE",
+    "name" : "Update Profile",
+    "providerId" : "UPDATE_PROFILE",
+    "enabled" : true,
+    "defaultAction" : false,
+    "priority" : 40,
+    "config" : { }
+  }, {
+    "alias" : "VERIFY_EMAIL",
+    "name" : "Verify Email",
+    "providerId" : "VERIFY_EMAIL",
+    "enabled" : true,
+    "defaultAction" : false,
+    "priority" : 50,
+    "config" : { }
+  } ],
+  "browserFlow" : "browser",
+  "registrationFlow" : "registration",
+  "directGrantFlow" : "direct grant",
+  "resetCredentialsFlow" : "reset credentials",
+  "clientAuthenticationFlow" : "clients",
+  "dockerAuthenticationFlow" : "docker auth",
+  "attributes" : {
+    "_browser_header.xXSSProtection" : "1; mode=block",
+    "_browser_header.xFrameOptions" : "SAMEORIGIN",
+    "_browser_header.strictTransportSecurity" : "max-age=31536000; includeSubDomains",
+    "permanentLockout" : "false",
+    "quickLoginCheckMilliSeconds" : "1000",
+    "_browser_header.xRobotsTag" : "none",
+    "maxFailureWaitSeconds" : "900",
+    "minimumQuickLoginWaitSeconds" : "60",
+    "failureFactor" : "30",
+    "actionTokenGeneratedByUserLifespan" : "300",
+    "maxDeltaTimeSeconds" : "43200",
+    "_browser_header.xContentTypeOptions" : "nosniff",
+    "offlineSessionMaxLifespan" : "5184000",
+    "actionTokenGeneratedByAdminLifespan" : "43200",
+    "_browser_header.contentSecurityPolicyReportOnly" : "",
+    "bruteForceProtected" : "false",
+    "_browser_header.contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
+    "waitIncrementSeconds" : "60",
+    "offlineSessionMaxLifespanEnabled" : "false"
+  },
+  "users" : [ {
+    "id" : "af134cab-f41c-4675-b141-205f975db679",
+    "username" : "admin",
+    "enabled" : true,
+    "totp" : false,
+    "emailVerified" : false,
+    "credentials" : [ {
+      "type" : "password",
+      "hashedSaltedValue" : "NICTtwsvSxJ5hL8hLAuleDUv9jwZcuXgxviMXvR++cciyPtiIEStEaJUyfA9DOir59awjPrHOumsclPVjNBplA==",
+      "salt" : "T/2P5o5oxFJUEk68BRURRg==",
+      "hashIterations" : 27500,
+      "counter" : 0,
+      "algorithm" : "pbkdf2-sha256",
+      "digits" : 0,
+      "period" : 0,
+      "createdDate" : 1554245879354,
+      "config" : { }
+    } ],
+    "disableableCredentialTypes" : [ "password" ],
+    "requiredActions" : [ ],
+    "realmRoles" : [ "admin", "user" ],
+    "notBefore" : 0,
+    "groups" : [ ]
+  }, {
+    "id" : "eb4123a3-b722-4798-9af5-8957f823657a",
+    "username" : "alice",
+    "enabled" : true,
+    "totp" : false,
+    "emailVerified" : false,
+    "credentials" : [ {
+      "type" : "password",
+      "hashedSaltedValue" : "A3okqV2T/ybXTVEgKfosoSjP8Yc9IZbFP/SY4cEd6hag7TABQrQ6nUSuwagGt96l8cw1DTijO75PqX6uiTXMzw==",
+      "salt" : "sl4mXx6T9FypPH/s9TngfQ==",
+      "hashIterations" : 27500,
+      "counter" : 0,
+      "algorithm" : "pbkdf2-sha256",
+      "digits" : 0,
+      "period" : 0,
+      "createdDate" : 1554245879116,
+      "config" : { }
+    } ],
+    "disableableCredentialTypes" : [ "password" ],
+    "requiredActions" : [ ],
+    "realmRoles" : [ "user" ],
+    "notBefore" : 0,
+    "groups" : [ ]
+  }, {
+    "id" : "1eed6a8e-a853-4597-b4c6-c4c2533546a0",
+    "username" : "jdoe",
+    "enabled" : true,
+    "totp" : false,
+    "emailVerified" : false,
+    "credentials" : [ {
+      "type" : "password",
+      "hashedSaltedValue" : "JV3DUNLjqOadjbBOtC4rvacQI553CGaDGAzBS8MR5ReCr7SwF3E6CsW3T7/XO8ITZAsch8+A/6loeuCoVLLJrg==",
+      "salt" : "uCbOH7HZtyDtMd0E9DG/nw==",
+      "hashIterations" : 27500,
+      "counter" : 0,
+      "algorithm" : "pbkdf2-sha256",
+      "digits" : 0,
+      "period" : 0,
+      "createdDate" : 1554245879227,
+      "config" : { }
+    } ],
+    "disableableCredentialTypes" : [ "password" ],
+    "requiredActions" : [ ],
+    "realmRoles" : [ "confidential", "user" ],
+    "notBefore" : 0,
+    "groups" : [ ]
+  } ],
+  "keycloakVersion" : "6.0.0",
+  "userManagedAccessAllowed" : false
+}
diff --git a/openid-connect-web-authentication/mvnw b/openid-connect-web-authentication/mvnw
new file mode 100755
index 0000000000..34d9dae8d0
--- /dev/null
+++ b/openid-connect-web-authentication/mvnw
@@ -0,0 +1,305 @@
+#!/bin/sh
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+
+# ----------------------------------------------------------------------------
+# Maven2 Start Up Batch script
+#
+# Required ENV vars:
+# ------------------
+#   JAVA_HOME - location of a JDK home dir
+#
+# Optional ENV vars
+# -----------------
+#   M2_HOME - location of maven2's installed home dir
+#   MAVEN_OPTS - parameters passed to the Java VM when running Maven
+#     e.g. to debug Maven itself, use
+#       set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+#   MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+# ----------------------------------------------------------------------------
+
+if [ -z "$MAVEN_SKIP_RC" ] ; then
+
+  if [ -f /etc/mavenrc ] ; then
+    . /etc/mavenrc
+  fi
+
+  if [ -f "$HOME/.mavenrc" ] ; then
+    . "$HOME/.mavenrc"
+  fi
+
+fi
+
+# OS specific support.  $var _must_ be set to either true or false.
+cygwin=false;
+darwin=false;
+mingw=false
+case "`uname`" in
+  CYGWIN*) cygwin=true ;;
+  MINGW*) mingw=true;;
+  Darwin*) darwin=true
+    # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
+    # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
+    if [ -z "$JAVA_HOME" ]; then
+      if [ -x "/usr/libexec/java_home" ]; then
+        export JAVA_HOME="`/usr/libexec/java_home`"
+      else
+        export JAVA_HOME="/Library/Java/Home"
+      fi
+    fi
+    ;;
+esac
+
+if [ -z "$JAVA_HOME" ] ; then
+  if [ -r /etc/gentoo-release ] ; then
+    JAVA_HOME=`java-config --jre-home`
+  fi
+fi
+
+if [ -z "$M2_HOME" ] ; then
+  ## resolve links - $0 may be a link to maven's home
+  PRG="$0"
+
+  # need this for relative symlinks
+  while [ -h "$PRG" ] ; do
+    ls=`ls -ld "$PRG"`
+    link=`expr "$ls" : '.*-> \(.*\)$'`
+    if expr "$link" : '/.*' > /dev/null; then
+      PRG="$link"
+    else
+      PRG="`dirname "$PRG"`/$link"
+    fi
+  done
+
+  saveddir=`pwd`
+
+  M2_HOME=`dirname "$PRG"`/..
+
+  # make it fully qualified
+  M2_HOME=`cd "$M2_HOME" && pwd`
+
+  cd "$saveddir"
+  # echo Using m2 at $M2_HOME
+fi
+
+# For Cygwin, ensure paths are in UNIX format before anything is touched
+if $cygwin ; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME=`cygpath --unix "$M2_HOME"`
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
+  [ -n "$CLASSPATH" ] &&
+    CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
+fi
+
+# For Mingw, ensure paths are in UNIX format before anything is touched
+if $mingw ; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME="`(cd "$M2_HOME"; pwd)`"
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
+fi
+
+if [ -z "$JAVA_HOME" ]; then
+  javaExecutable="`which javac`"
+  if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
+    # readlink(1) is not available as standard on Solaris 10.
+    readLink=`which readlink`
+    if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
+      if $darwin ; then
+        javaHome="`dirname \"$javaExecutable\"`"
+        javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
+      else
+        javaExecutable="`readlink -f \"$javaExecutable\"`"
+      fi
+      javaHome="`dirname \"$javaExecutable\"`"
+      javaHome=`expr "$javaHome" : '\(.*\)/bin'`
+      JAVA_HOME="$javaHome"
+      export JAVA_HOME
+    fi
+  fi
+fi
+
+if [ -z "$JAVACMD" ] ; then
+  if [ -n "$JAVA_HOME"  ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+      # IBM's JDK on AIX uses strange locations for the executables
+      JAVACMD="$JAVA_HOME/jre/sh/java"
+    else
+      JAVACMD="$JAVA_HOME/bin/java"
+    fi
+  else
+    JAVACMD="`which java`"
+  fi
+fi
+
+if [ ! -x "$JAVACMD" ] ; then
+  echo "Error: JAVA_HOME is not defined correctly." >&2
+  echo "  We cannot execute $JAVACMD" >&2
+  exit 1
+fi
+
+if [ -z "$JAVA_HOME" ] ; then
+  echo "Warning: JAVA_HOME environment variable is not set."
+fi
+
+CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
+
+# traverses directory structure from process work directory to filesystem root
+# first directory with .mvn subdirectory is considered project base directory
+find_maven_basedir() {
+
+  if [ -z "$1" ]
+  then
+    echo "Path not specified to find_maven_basedir"
+    return 1
+  fi
+
+  basedir="$1"
+  wdir="$1"
+  while [ "$wdir" != '/' ] ; do
+    if [ -d "$wdir"/.mvn ] ; then
+      basedir=$wdir
+      break
+    fi
+    # workaround for JBEAP-8937 (on Solaris 10/Sparc)
+    if [ -d "${wdir}" ]; then
+      wdir=`cd "$wdir/.."; pwd`
+    fi
+    # end of workaround
+  done
+  echo "${basedir}"
+}
+
+# concatenates all lines of a file
+concat_lines() {
+  if [ -f "$1" ]; then
+    echo "$(tr -s '\n' ' ' < "$1")"
+  fi
+}
+
+BASE_DIR=`find_maven_basedir "$(pwd)"`
+if [ -z "$BASE_DIR" ]; then
+  exit 1;
+fi
+
+##########################################################################################
+# Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
+# This allows using the maven wrapper in projects that prohibit checking in binary data.
+##########################################################################################
+if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then
+    if [ "$MVNW_VERBOSE" = true ]; then
+      echo "Found .mvn/wrapper/maven-wrapper.jar"
+    fi
+else
+    if [ "$MVNW_VERBOSE" = true ]; then
+      echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..."
+    fi
+    if [ -n "$MVNW_REPOURL" ]; then
+      jarUrl="$MVNW_REPOURL/io/takari/maven-wrapper/0.5.3/maven-wrapper-0.5.3.jar"
+    else
+      jarUrl="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.3/maven-wrapper-0.5.3.jar"
+    fi
+    while IFS="=" read key value; do
+      case "$key" in (wrapperUrl) jarUrl="$value"; break ;;
+      esac
+    done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties"
+    if [ "$MVNW_VERBOSE" = true ]; then
+      echo "Downloading from: $jarUrl"
+    fi
+    wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar"
+    if $cygwin; then
+      wrapperJarPath=`cygpath --path --windows "$wrapperJarPath"`
+    fi
+
+    if command -v wget > /dev/null; then
+        if [ "$MVNW_VERBOSE" = true ]; then
+          echo "Found wget ... using wget"
+        fi
+        if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
+            wget "$jarUrl" -O "$wrapperJarPath"
+        else
+            wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD "$jarUrl" -O "$wrapperJarPath"
+        fi
+    elif command -v curl > /dev/null; then
+        if [ "$MVNW_VERBOSE" = true ]; then
+          echo "Found curl ... using curl"
+        fi
+        if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
+            curl -o "$wrapperJarPath" "$jarUrl" -f
+        else
+            curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o "$wrapperJarPath" "$jarUrl" -f
+        fi
+        
+    else
+        if [ "$MVNW_VERBOSE" = true ]; then
+          echo "Falling back to using Java to download"
+        fi
+        javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java"
+        # For Cygwin, switch paths to Windows format before running javac
+        if $cygwin; then
+          javaClass=`cygpath --path --windows "$javaClass"`
+        fi
+        if [ -e "$javaClass" ]; then
+            if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
+                if [ "$MVNW_VERBOSE" = true ]; then
+                  echo " - Compiling MavenWrapperDownloader.java ..."
+                fi
+                # Compiling the Java class
+                ("$JAVA_HOME/bin/javac" "$javaClass")
+            fi
+            if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
+                # Running the downloader
+                if [ "$MVNW_VERBOSE" = true ]; then
+                  echo " - Running MavenWrapperDownloader.java ..."
+                fi
+                ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR")
+            fi
+        fi
+    fi
+fi
+##########################################################################################
+# End of extension
+##########################################################################################
+
+export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}
+if [ "$MVNW_VERBOSE" = true ]; then
+  echo $MAVEN_PROJECTBASEDIR
+fi
+MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME=`cygpath --path --windows "$M2_HOME"`
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
+  [ -n "$CLASSPATH" ] &&
+    CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
+  [ -n "$MAVEN_PROJECTBASEDIR" ] &&
+    MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"`
+fi
+
+WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+exec "$JAVACMD" \
+  $MAVEN_OPTS \
+  -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
+  "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
+  ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"
diff --git a/openid-connect-web-authentication/mvnw.cmd b/openid-connect-web-authentication/mvnw.cmd
new file mode 100755
index 0000000000..77b451d837
--- /dev/null
+++ b/openid-connect-web-authentication/mvnw.cmd
@@ -0,0 +1,172 @@
+@REM ----------------------------------------------------------------------------
+@REM Licensed to the Apache Software Foundation (ASF) under one
+@REM or more contributor license agreements.  See the NOTICE file
+@REM distributed with this work for additional information
+@REM regarding copyright ownership.  The ASF licenses this file
+@REM to you under the Apache License, Version 2.0 (the
+@REM "License"); you may not use this file except in compliance
+@REM with the License.  You may obtain a copy of the License at
+@REM
+@REM    http://www.apache.org/licenses/LICENSE-2.0
+@REM
+@REM Unless required by applicable law or agreed to in writing,
+@REM software distributed under the License is distributed on an
+@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+@REM KIND, either express or implied.  See the License for the
+@REM specific language governing permissions and limitations
+@REM under the License.
+@REM ----------------------------------------------------------------------------
+
+@REM ----------------------------------------------------------------------------
+@REM Maven2 Start Up Batch script
+@REM
+@REM Required ENV vars:
+@REM JAVA_HOME - location of a JDK home dir
+@REM
+@REM Optional ENV vars
+@REM M2_HOME - location of maven2's installed home dir
+@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
+@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending
+@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
+@REM     e.g. to debug Maven itself, use
+@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+@REM ----------------------------------------------------------------------------
+
+@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
+@echo off
+@REM set title of command window
+title %0
+@REM enable echoing my setting MAVEN_BATCH_ECHO to 'on'
+@if "%MAVEN_BATCH_ECHO%" == "on"  echo %MAVEN_BATCH_ECHO%
+
+@REM set %HOME% to equivalent of $HOME
+if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
+
+@REM Execute a user defined script before this one
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
+@REM check for pre script, once with legacy .bat ending and once with .cmd ending
+if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"
+if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd"
+:skipRcPre
+
+@setlocal
+
+set ERROR_CODE=0
+
+@REM To isolate internal variables from possible post scripts, we use another setlocal
+@setlocal
+
+@REM ==== START VALIDATION ====
+if not "%JAVA_HOME%" == "" goto OkJHome
+
+echo.
+echo Error: JAVA_HOME not found in your environment. >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+:OkJHome
+if exist "%JAVA_HOME%\bin\java.exe" goto init
+
+echo.
+echo Error: JAVA_HOME is set to an invalid directory. >&2
+echo JAVA_HOME = "%JAVA_HOME%" >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+@REM ==== END VALIDATION ====
+
+:init
+
+@REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
+@REM Fallback to current working directory if not found.
+
+set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
+IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
+
+set EXEC_DIR=%CD%
+set WDIR=%EXEC_DIR%
+:findBaseDir
+IF EXIST "%WDIR%"\.mvn goto baseDirFound
+cd ..
+IF "%WDIR%"=="%CD%" goto baseDirNotFound
+set WDIR=%CD%
+goto findBaseDir
+
+:baseDirFound
+set MAVEN_PROJECTBASEDIR=%WDIR%
+cd "%EXEC_DIR%"
+goto endDetectBaseDir
+
+:baseDirNotFound
+set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
+cd "%EXEC_DIR%"
+
+:endDetectBaseDir
+
+IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
+
+@setlocal EnableExtensions EnableDelayedExpansion
+for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
+@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
+
+:endReadAdditionalConfig
+
+SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
+set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
+set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.3/maven-wrapper-0.5.3.jar"
+
+FOR /F "tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
+    IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B
+)
+
+@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
+@REM This allows using the maven wrapper in projects that prohibit checking in binary data.
+if exist %WRAPPER_JAR% (
+    echo Found %WRAPPER_JAR%
+) else (
+	if not "%MVNW_REPOURL%" == "" (
+	  SET DOWNLOAD_URL="%MVNW_REPOURL%/io/takari/maven-wrapper/0.5.3/maven-wrapper-0.5.3.jar"
+	)
+    echo Couldn't find %WRAPPER_JAR%, downloading it ...
+	echo Downloading from: %DOWNLOAD_URL%
+	
+    powershell -Command "&{"^
+		"$webclient = new-object System.Net.WebClient;"^
+		"if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
+		"$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
+		"}"^
+		"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"^
+		"}"
+    echo Finished downloading %WRAPPER_JAR%
+)
+@REM End of extension
+
+%MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
+if ERRORLEVEL 1 goto error
+goto end
+
+:error
+set ERROR_CODE=1
+
+:end
+@endlocal & set ERROR_CODE=%ERROR_CODE%
+
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost
+@REM check for post script, once with legacy .bat ending and once with .cmd ending
+if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat"
+if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd"
+:skipRcPost
+
+@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
+if "%MAVEN_BATCH_PAUSE%" == "on" pause
+
+if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE%
+
+exit /B %ERROR_CODE%
diff --git a/openid-connect-web-authentication/pom.xml b/openid-connect-web-authentication/pom.xml
new file mode 100644
index 0000000000..6a93743560
--- /dev/null
+++ b/openid-connect-web-authentication/pom.xml
@@ -0,0 +1,157 @@
+<?xml version="1.0"?>
+<project
+        xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"
+        xmlns="http://maven.apache.org/POM/4.0.0"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>org.acme</groupId>
+    <artifactId>openid-connect-web-authentication</artifactId>
+    <version>1.0-SNAPSHOT</version>
+
+    <properties>
+        <quarkus.version>999-SNAPSHOT</quarkus.version>
+        <keycloak.version>7.0.1</keycloak.version>
+        <surefire.version>2.22.0</surefire.version>
+        <maven.compiler.source>1.8</maven.compiler.source>
+        <maven.compiler.target>1.8</maven.compiler.target>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <htmlunit.version>2.36.0</htmlunit.version>
+    </properties>
+
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>io.quarkus</groupId>
+                <artifactId>quarkus-bom</artifactId>
+                <version>${quarkus.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
+    <dependencies>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-oidc</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-resteasy-jsonb</artifactId>
+        </dependency>
+
+        <!-- Test dependencies -->
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-junit5</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.rest-assured</groupId>
+            <artifactId>rest-assured</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>net.sourceforge.htmlunit</groupId>
+            <artifactId>htmlunit</artifactId>
+            <version>${htmlunit.version}</version>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.apache.httpcomponents</groupId>
+                    <artifactId>httpmime</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>commons-logging</groupId>
+                    <artifactId>commons-logging</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-adapter-core</artifactId>
+            <version>${keycloak.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-core</artifactId>
+            <version>${keycloak.version}</version>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>${surefire.version}</version>
+                <configuration>
+                    <systemProperties>
+                        <java.util.logging.manager>org.jboss.logmanager.LogManager</java.util.logging.manager>
+                    </systemProperties>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>io.quarkus</groupId>
+                <artifactId>quarkus-maven-plugin</artifactId>
+                <version>${quarkus.version}</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>build</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+
+    <profiles>
+        <profile>
+            <id>native</id>
+            <activation>
+                <property>
+                    <name>native</name>
+                </property>
+            </activation>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>io.quarkus</groupId>
+                        <artifactId>quarkus-maven-plugin</artifactId>
+                        <version>${quarkus.version}</version>
+                        <executions>
+                            <execution>
+                                <goals>
+                                    <goal>native-image</goal>
+                                </goals>
+                                <configuration>
+                                    <enableHttpUrlHandler>true</enableHttpUrlHandler>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                    <plugin>
+                        <artifactId>maven-failsafe-plugin</artifactId>
+                        <version>${surefire.version}</version>
+                        <executions>
+                            <execution>
+                                <goals>
+                                    <goal>integration-test</goal>
+                                    <goal>verify</goal>
+                                </goals>
+                                <configuration>
+                                    <systemProperties>
+                                        <native.image.path>
+                                            ${project.build.directory}/${project.build.finalName}-runner
+                                        </native.image.path>
+                                    </systemProperties>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+    </profiles>
+</project>
diff --git a/openid-connect-web-authentication/src/main/java/org/acme/quickstart/oidc/TokenResource.java b/openid-connect-web-authentication/src/main/java/org/acme/quickstart/oidc/TokenResource.java
new file mode 100644
index 0000000000..ea983df4ab
--- /dev/null
+++ b/openid-connect-web-authentication/src/main/java/org/acme/quickstart/oidc/TokenResource.java
@@ -0,0 +1,67 @@
+package org.acme.quickstart.oidc;
+
+import javax.inject.Inject;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.eclipse.microprofile.jwt.JsonWebToken;
+
+import io.quarkus.oidc.IdToken;
+import io.quarkus.oidc.runtime.RefreshToken;
+
+@Path("/tokens")
+public class TokenResource {
+
+    /**
+     * Injection point for the ID Token issued by the OpenID Connect Provider 
+     */
+    @Inject
+    @IdToken
+    JsonWebToken idToken;
+
+    /**
+     * Injection point for the Access Token issued by the OpenID Connect Provider 
+     */
+    @Inject
+    JsonWebToken accessToken;
+
+    /**
+     * Injection point for the Refresh Token issued by the OpenID Connect Provider 
+     */
+    @Inject
+    RefreshToken refreshToken;
+
+    /**
+     * Returns the tokens available to the application. This endpoint exists only for demonstration purposes, you should not
+     * expose these tokens in a real application.
+     * 
+     * @return a map containing the tokens available to the application
+     */
+    @GET
+    public String getTokens() {
+        StringBuilder response = new StringBuilder().append("<html>")
+                .append("<body>")
+                .append("<ul>");
+
+        Object userName = this.idToken.getClaim("preferred_username");
+        
+        if (userName != null) {
+            response.append("<li>username: ").append(userName.toString()).append("</li>");
+        }
+
+        Object scopes = this.accessToken.getClaim("scope");
+        
+        if (scopes != null) {
+            response.append("<li>scopes: ").append(scopes.toString()).append("</li>");
+        }
+        
+        response.append("<li>refresh_token: ").append(refreshToken.getToken() != null).append("</li>");
+        
+        return response.append("</ul>").append("</body>").append("</html>").toString();
+    }
+}
diff --git a/openid-connect-web-authentication/src/main/resources/META-INF/resources/index.html b/openid-connect-web-authentication/src/main/resources/META-INF/resources/index.html
new file mode 100644
index 0000000000..be9e2e77ab
--- /dev/null
+++ b/openid-connect-web-authentication/src/main/resources/META-INF/resources/index.html
@@ -0,0 +1,141 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Welcome to Your Quarkus Application</title>
+    <style>
+        h1, h2, h3, h4, h5, h6 {
+            margin-bottom: 0.5rem;
+            font-weight: 400;
+            line-height: 1.5;
+        }
+
+        h1 {
+            font-size: 2.5rem;
+        }
+
+        h2 {
+            font-size: 2rem
+        }
+
+        h3 {
+            font-size: 1.75rem
+        }
+
+        h4 {
+            font-size: 1.5rem
+        }
+
+        h5 {
+            font-size: 1.25rem
+        }
+
+        h6 {
+            font-size: 1rem
+        }
+
+        .lead {
+            font-weight: 300;
+            font-size: 2rem;
+        }
+
+        .banner {
+            font-size: 2.7rem;
+            margin: 0;
+            padding: 2rem 1rem;
+            background-color: #00A1E2;
+            color: white;
+        }
+
+        body {
+            margin: 0;
+            font-family: -apple-system, system-ui, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";
+        }
+
+        code {
+            font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace;
+            font-size: 87.5%;
+            color: #e83e8c;
+            word-break: break-word;
+        }
+
+        .left-column {
+            padding: .75rem;
+            max-width: 75%;
+            min-width: 55%;
+        }
+
+        .right-column {
+            padding: .75rem;
+            max-width: 25%;
+        }
+
+        .container {
+            display: flex;
+            width: 100%;
+        }
+
+        li {
+            margin: 0.75rem;
+        }
+
+        .right-section {
+            margin-left: 1rem;
+            padding-left: 0.5rem;
+        }
+
+        .right-section h3 {
+            padding-top: 0;
+            font-weight: 200;
+        }
+
+        .right-section ul {
+            border-left: 0.3rem solid #00A1E2;
+            list-style-type: none;
+            padding-left: 0;
+        }
+
+    </style>
+</head>
+<body>
+
+<div class="banner lead">
+    Your new Cloud-Native application is ready!
+</div>
+
+<div class="container">
+    <div class="left-column">
+        <p class="lead"> Congratulations, you have created a new Quarkus application.</p>
+
+        <h2>Why do you see this?</h2>
+
+        <p>This page is served by Quarkus. The source is in
+            <code>src/main/resources/META-INF/resources/index.html</code>.</p>
+
+        <h2>What can I do from here?</h2>
+
+        <p>If not already done, run the application in <em>dev mode</em> using: <code>mvn compile quarkus:dev</code>.
+        </p>
+        <ul>
+            <li>Add REST resources, Servlets, functions and other services in <code>src/main/java</code>.</li>
+            <li>Your static assets are located in <code>src/main/resources/META-INF/resources</code>.</li>
+            <li>Configure your application in <code>src/main/resources/META-INF/microprofile-config.properties</code>.
+            </li>
+        </ul>
+
+        <h2>How do I get rid of this page?</h2>
+        <p>Just delete the <code>src/main/resources/META-INF/resources/index.html</code> file.</p>
+    </div>
+    <div class="right-column">
+        <div class="right-section">
+            <h3>Next steps</h3>
+            <ul>
+                <li><a href="https://quarkus.io/guides/maven-tooling.html">Setup your IDE</a></li>
+                <li><a href="https://quarkus.io/guides/getting-started-guide.html">Getting started</a></li>
+                <li><a href="https://quarkus.io">Quarkus Web Site</a></li>
+            </ul>
+        </div>
+    </div>
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/openid-connect-web-authentication/src/main/resources/application.properties b/openid-connect-web-authentication/src/main/resources/application.properties
new file mode 100644
index 0000000000..c68096608b
--- /dev/null
+++ b/openid-connect-web-authentication/src/main/resources/application.properties
@@ -0,0 +1,3 @@
+quarkus.oidc.auth-server-url=http://localhost:8180/auth/realms/quarkus
+quarkus.oidc.client-id=frontend
+quarkus.oidc.application-type=web-app
\ No newline at end of file
diff --git a/openid-connect-web-authentication/src/test/java/org/acme/quickstart/oidc/CodeFlowTest.java b/openid-connect-web-authentication/src/test/java/org/acme/quickstart/oidc/CodeFlowTest.java
new file mode 100644
index 0000000000..1f24287e5d
--- /dev/null
+++ b/openid-connect-web-authentication/src/test/java/org/acme/quickstart/oidc/CodeFlowTest.java
@@ -0,0 +1,213 @@
+package org.acme.quickstart.oidc;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.keycloak.representations.AccessTokenResponse;
+import org.keycloak.representations.idm.ClientRepresentation;
+import org.keycloak.representations.idm.CredentialRepresentation;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.idm.RoleRepresentation;
+import org.keycloak.representations.idm.RolesRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
+import org.keycloak.util.JsonSerialization;
+
+import com.gargoylesoftware.htmlunit.WebClient;
+import com.gargoylesoftware.htmlunit.html.HtmlForm;
+import com.gargoylesoftware.htmlunit.html.HtmlPage;
+import com.gargoylesoftware.htmlunit.util.Cookie;
+
+import io.quarkus.test.junit.QuarkusTest;
+import io.restassured.RestAssured;
+
+@QuarkusTest
+public class CodeFlowTest {
+
+    private static final String KEYCLOAK_SERVER_URL = System.getProperty("keycloak.url", "http://localhost:8180/auth");
+    private static final String KEYCLOAK_REALM = "quarkus";
+
+    @BeforeAll
+    public static void configureKeycloakRealm() throws IOException {
+        RealmRepresentation realm = createRealm(KEYCLOAK_REALM);
+
+        realm.getClients().add(createClient("frontend"));
+        realm.getUsers().add(createUser("alice", "user"));
+        realm.getUsers().add(createUser("admin", "user", "admin"));
+        realm.getUsers().add(createUser("jdoe", "user", "confidential"));
+
+        RestAssured
+                .given()
+                .auth().oauth2(getAdminAccessToken())
+                .contentType("application/json")
+                .body(JsonSerialization.writeValueAsBytes(realm))
+                .when()
+                .post(KEYCLOAK_SERVER_URL + "/admin/realms").then()
+                .statusCode(201);
+    }
+
+    @AfterAll
+    public static void removeKeycloakRealm() {
+        RestAssured
+                .given()
+                .auth().oauth2(getAdminAccessToken())
+                .when()
+                .delete(KEYCLOAK_SERVER_URL + "/admin/realms/" + KEYCLOAK_REALM).thenReturn().prettyPrint();
+    }
+
+    private static String getAdminAccessToken() {
+        return RestAssured
+                .given()
+                .param("grant_type", "password")
+                .param("username", "admin")
+                .param("password", "admin")
+                .param("client_id", "admin-cli")
+                .when()
+                .post(KEYCLOAK_SERVER_URL + "/realms/master/protocol/openid-connect/token")
+                .as(AccessTokenResponse.class).getToken();
+    }
+
+    private static RealmRepresentation createRealm(String name) {
+        RealmRepresentation realm = new RealmRepresentation();
+
+        realm.setRealm(name);
+        realm.setEnabled(true);
+        realm.setUsers(new ArrayList<>());
+        realm.setClients(new ArrayList<>());
+        realm.setSsoSessionMaxLifespan(2); // sec
+        realm.setAccessTokenLifespan(3); // 3 seconds
+
+        RolesRepresentation roles = new RolesRepresentation();
+        List<RoleRepresentation> realmRoles = new ArrayList<>();
+
+        roles.setRealm(realmRoles);
+        realm.setRoles(roles);
+
+        realm.getRoles().getRealm().add(new RoleRepresentation("user", null, false));
+        realm.getRoles().getRealm().add(new RoleRepresentation("admin", null, false));
+        realm.getRoles().getRealm().add(new RoleRepresentation("confidential", null, false));
+
+        return realm;
+    }
+
+    private static ClientRepresentation createClient(String clientId) {
+        ClientRepresentation client = new ClientRepresentation();
+
+        client.setClientId(clientId);
+        client.setPublicClient(true);
+        client.setDirectAccessGrantsEnabled(true);
+        client.setEnabled(true);
+        client.setRedirectUris(Arrays.asList("*"));
+
+        return client;
+    }
+
+    private static UserRepresentation createUser(String username, String... realmRoles) {
+        UserRepresentation user = new UserRepresentation();
+
+        user.setUsername(username);
+        user.setEnabled(true);
+        user.setCredentials(new ArrayList<>());
+        user.setRealmRoles(Arrays.asList(realmRoles));
+
+        CredentialRepresentation credential = new CredentialRepresentation();
+
+        credential.setType(CredentialRepresentation.PASSWORD);
+        credential.setValue(username);
+        credential.setTemporary(false);
+
+        user.getCredentials().add(credential);
+
+        return user;
+    }
+
+    @Test
+    public void testCodeFlowNoConsent() throws IOException {
+        try (final WebClient webClient = new WebClient()) {
+            HtmlPage page = webClient.getPage("http://localhost:8081/index.html");
+
+            assertEquals("Log in to quarkus", page.getTitleText());
+
+            HtmlForm loginForm = page.getForms().get(0);
+
+            loginForm.getInputByName("username").setValueAttribute("alice");
+            loginForm.getInputByName("password").setValueAttribute("alice");
+
+            page = loginForm.getInputByName("login").click();
+
+            assertEquals("Welcome to Your Quarkus Application", page.getTitleText());
+
+            page = webClient.getPage("http://localhost:8081/index.html");
+
+            assertEquals("Welcome to Your Quarkus Application", page.getTitleText(),
+                    "A second request should not redirect and just re-authenticate the user");
+        }
+    }
+
+    @Test
+    public void testTokenTimeoutLogout() throws IOException, InterruptedException {
+        try (final WebClient webClient = new WebClient()) {
+            HtmlPage page = webClient.getPage("http://localhost:8081/index.html");
+
+            assertEquals("Log in to quarkus", page.getTitleText());
+
+            HtmlForm loginForm = page.getForms().get(0);
+
+            loginForm.getInputByName("username").setValueAttribute("alice");
+            loginForm.getInputByName("password").setValueAttribute("alice");
+
+            page = loginForm.getInputByName("login").click();
+
+            assertEquals("Welcome to Your Quarkus Application", page.getTitleText());
+
+            Thread.sleep(5000);
+
+            page = webClient.getPage("http://localhost:8081/index.html");
+
+            Cookie sessionCookie = getSessionCookie(webClient);
+
+            assertNull(sessionCookie);
+
+            page = webClient.getPage("http://localhost:8081/index.html");
+
+            assertEquals("Log in to quarkus", page.getTitleText());
+        }
+    }
+
+    @Test
+    public void testTokenInjection() throws IOException, InterruptedException {
+        try (final WebClient webClient = new WebClient()) {
+            HtmlPage page = webClient.getPage("http://localhost:8081/index.html");
+
+            assertEquals("Log in to quarkus", page.getTitleText());
+
+            HtmlForm loginForm = page.getForms().get(0);
+
+            loginForm.getInputByName("username").setValueAttribute("alice");
+            loginForm.getInputByName("password").setValueAttribute("alice");
+
+            page = loginForm.getInputByName("login").click();
+
+            assertEquals("Welcome to Your Quarkus Application", page.getTitleText());
+
+            page = webClient.getPage("http://localhost:8081/tokens");
+
+            assertTrue(page.getBody().asText().contains("username"));
+            assertTrue(page.getBody().asText().contains("scopes"));
+            assertTrue(page.getBody().asText().contains("refresh_token: true"));
+        }
+    }
+
+    private Cookie getSessionCookie(WebClient webClient) {
+        return webClient.getCookieManager().getCookie("q_session");
+    }
+}
diff --git a/openid-connect-web-authentication/src/test/java/org/acme/quickstart/oidc/KeycloakTestResource.java b/openid-connect-web-authentication/src/test/java/org/acme/quickstart/oidc/KeycloakTestResource.java
new file mode 100644
index 0000000000..226b91ca87
--- /dev/null
+++ b/openid-connect-web-authentication/src/test/java/org/acme/quickstart/oidc/KeycloakTestResource.java
@@ -0,0 +1,24 @@
+package org.acme.quickstart.oidc;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import io.quarkus.test.common.QuarkusTestResourceLifecycleManager;
+
+public class KeycloakTestResource implements QuarkusTestResourceLifecycleManager {
+    @Override
+    public Map<String, String> start() {
+        HashMap<String, String> map = new HashMap<>();
+
+        // a workaround to set system properties defined when executing tests. Looks like this commit introduced an
+        // unexpected behavior: 3ca0b323dd1c6d80edb66136eb42be7f9bde3310
+        map.put("keycloak.url", System.getProperty("keycloak.url"));
+
+        return map;
+    }
+
+    @Override
+    public void stop() {
+
+    }
+}
diff --git a/openid-connect-web-authentication/src/test/java/org/acme/quickstart/oidc/NativeCodeFlowIT.java b/openid-connect-web-authentication/src/test/java/org/acme/quickstart/oidc/NativeCodeFlowIT.java
new file mode 100644
index 0000000000..21b1380f50
--- /dev/null
+++ b/openid-connect-web-authentication/src/test/java/org/acme/quickstart/oidc/NativeCodeFlowIT.java
@@ -0,0 +1,9 @@
+package org.acme.quickstart.oidc;
+
+import io.quarkus.test.common.QuarkusTestResource;
+import io.quarkus.test.junit.SubstrateTest;
+
+@QuarkusTestResource(KeycloakTestResource.class)
+@SubstrateTest
+public class NativeCodeFlowIT extends CodeFlowTest {
+}
diff --git a/pom.xml b/pom.xml
index 3d6f70cae6..340e6c71aa 100644
--- a/pom.xml
+++ b/pom.xml
@@ -39,6 +39,7 @@
         <module>microprofile-metrics</module>
         <module>using-vertx</module>
         <module>using-openid-connect</module>
+        <module>openid-connect-web-authentication</module>
         <module>hibernate-search-elasticsearch</module>
         <module>using-kogito</module>
         <module>using-mongodb-client</module>