issuer.srv/README.md

OAuth3 Issuer Implementation
============================

| [oauth3.js](https://git.oauth3.org/OAuth3/oauth3.js)
| [issuer.html](https://git.oauth3.org/OAuth3/issuer.html)
| [issuer.rest.walnut.js](https://git.oauth3.org/OAuth3/issuer.rest.walnut.js)
| *issuer.srv*
| Sponsored by [ppl](https://ppl.family)

This is a reference implementation of an OAuth3 identity issuer.

Instructions
------------

Boot up a Digital Ocean VPS or a Docker or an Ubuntu or whatever it is that you do and then do this:

Install the Goldilocks Net Server (for automatic HTTPS via ACME):

```bash
curl https://git.coolaj86.com/coolaj86/goldilocks.js/raw/v1.1/installer/get.sh | bash
```

Use the sample goldilocks config file and replace "example.com" with whatever domain you want to use:

`/etc/goldilocks/goldilocks.yml`:
```yml
socks5:
  enabled: false
mdns:
  disabled: true
  port: 5353
  broadcast: 224.0.0.251
  ttl: 300
domains:
  - names:
      - www.example.com
      - example.com
      - api.example.com
      - assets.example.com
      - webhooks.example.com
      - ssh.example.com
      - vpn.example.com
    modules:
      http:
        - type: proxy
          port: 3000
      tls:
        - type: acme
          email: coolaj86@gmail.com
      tcp: []
udp:
  bind: []
tcp:
  modules:
    - domains:
        - ssh.example.com
      port: 22
      type: proxy
    - domains:
        - vpn.example.com
      port: 1194
      type: proxy
  bind:
    - 80
    - 443
http:
  modules: []
tls:
  modules: []
ddns:
  modules: []
```

Go update your DNS records for those domains to point to this server. However you do that...

Install the WALNUT application server:

```bash
curl https://git.coolaj86.com/coolaj86/walnut.js/raw/v1.2/installer/get.sh | bash
```

Then update the walnut grants to allow your site to use the specified APIs and packages:

```bash
echo "issuer@oauth3.org" >> /opt/walnut/etc/client-api-grants/example.com
echo "issuer@oauth3.org" >> /opt/walnut/var/sites/example.com
```

Get a mailgun account, verify your domain, and add your API keys:

```bash
# example.com will work for specific hard-coded subdomains (api., assets., webhooks.)
mkdir -p /opt/walnut/var/example.com/
```

`/opt/walnut/var/example.com/config.json`:
```js
{ "mailgun.org": {
    "apiKey": "key-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
   , "auth": {
      "user": "mailer@example.com"
    , "pass": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    , "api_key": "key-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    , "domain": "example.com"
    }
  }
}
```

Change the email address used to send in `/opt/walnut/packages/rest/issuer@oauth3.org/accounts.js` (make it match your mailgun.org account).
add standard files 7 years ago			`OAuth3 Issuer Implementation`
			`============================`

			`\| [oauth3.js](https://git.oauth3.org/OAuth3/oauth3.js)`
			`\| [issuer.html](https://git.oauth3.org/OAuth3/issuer.html)`
			`\| [issuer.rest.walnut.js](https://git.oauth3.org/OAuth3/issuer.rest.walnut.js)`
			`\| issuer.srv`
update links 6 years ago			`\| Sponsored by [ppl](https://ppl.family)`
add standard files 7 years ago
			`This is a reference implementation of an OAuth3 identity issuer.`

			`Instructions`
			`------------`

			`Boot up a Digital Ocean VPS or a Docker or an Ubuntu or whatever it is that you do and then do this:`

			`Install the Goldilocks Net Server (for automatic HTTPS via ACME):`

			```bash
update links 6 years ago			`curl https://git.coolaj86.com/coolaj86/goldilocks.js/raw/v1.1/installer/get.sh \| bash`
add standard files 7 years ago			```

			`Use the sample goldilocks config file and replace "example.com" with whatever domain you want to use:`

			`/etc/goldilocks/goldilocks.yml`:
			```yml
			`socks5:`
			`enabled: false`
			`mdns:`
			`disabled: true`
			`port: 5353`
			`broadcast: 224.0.0.251`
			`ttl: 300`
			`domains:`
			`- names:`
			`- www.example.com`
			`- example.com`
			`- api.example.com`
			`- assets.example.com`
			`- webhooks.example.com`
			`- ssh.example.com`
			`- vpn.example.com`
			`modules:`
			`http:`
			`- type: proxy`
			`port: 3000`
			`tls:`
			`- type: acme`
			`email: coolaj86@gmail.com`
			`tcp: []`
			`udp:`
			`bind: []`
			`tcp:`
			`modules:`
			`- domains:`
			`- ssh.example.com`
			`port: 22`
			`type: proxy`
			`- domains:`
			`- vpn.example.com`
			`port: 1194`
			`type: proxy`
			`bind:`
			`- 80`
			`- 443`
			`http:`
			`modules: []`
			`tls:`
			`modules: []`
			`ddns:`
			`modules: []`
			```

			`Go update your DNS records for those domains to point to this server. However you do that...`

			`Install the WALNUT application server:`

			```bash
update links 6 years ago			`curl https://git.coolaj86.com/coolaj86/walnut.js/raw/v1.2/installer/get.sh \| bash`
add standard files 7 years ago			```

			`Then update the walnut grants to allow your site to use the specified APIs and packages:`

			```bash
			`echo "issuer@oauth3.org" >> /opt/walnut/etc/client-api-grants/example.com`
			`echo "issuer@oauth3.org" >> /opt/walnut/var/sites/example.com`
			```

			`Get a mailgun account, verify your domain, and add your API keys:`

			```bash
			`# example.com will work for specific hard-coded subdomains (api., assets., webhooks.)`
			`mkdir -p /opt/walnut/var/example.com/`
			```

			`/opt/walnut/var/example.com/config.json`:
			```js
			`{ "mailgun.org": {`
			`"apiKey": "key-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"`
			`, "auth": {`
			`"user": "mailer@example.com"`
			`, "pass": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"`
			`, "api_key": "key-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"`
			`, "domain": "example.com"`
			`}`
			`}`
			`}`
			```

			Change the email address used to send in `/opt/walnut/packages/rest/issuer@oauth3.org/accounts.js` (make it match your mailgun.org account).