From ef41473e79eb8805b6eb34cf0e65353397b4053e Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Fri, 10 Nov 2017 15:43:10 -0700 Subject: [PATCH] add standard files --- CHANGELOG | 5 +++ LICENSE | 41 ++++++++++++++++++++ README.md | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 156 insertions(+) create mode 100644 CHANGELOG create mode 100644 LICENSE create mode 100644 README.md diff --git a/CHANGELOG b/CHANGELOG new file mode 100644 index 0000000..2d3627b --- /dev/null +++ b/CHANGELOG @@ -0,0 +1,5 @@ +v1.0.0 Document OAuth3 Issuer Reference Server Setup + * Resource Password Owner + * Implicit Grant + * Public/Private Device Key syncing + * Application Scope Grant syncing diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..3da90f9 --- /dev/null +++ b/LICENSE @@ -0,0 +1,41 @@ +Copyright 2017 OAuth3 + +This is open source software; you can redistribute it and/or modify it under the +terms of either: + + a) the "MIT License" + b) the "Apache-2.0 License" + +MIT License + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. + +Apache-2.0 License Summary + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md new file mode 100644 index 0000000..31b6e46 --- /dev/null +++ b/README.md @@ -0,0 +1,110 @@ +OAuth3 Issuer Implementation +============================ + +| [oauth3.js](https://git.oauth3.org/OAuth3/oauth3.js) +| [issuer.html](https://git.oauth3.org/OAuth3/issuer.html) +| [issuer.rest.walnut.js](https://git.oauth3.org/OAuth3/issuer.rest.walnut.js) +| *issuer.srv* +| Sponsored by [Daplie](https://daplie.com) + +This is a reference implementation of an OAuth3 identity issuer. + +Instructions +------------ + +Boot up a Digital Ocean VPS or a Docker or an Ubuntu or whatever it is that you do and then do this: + +Install the Goldilocks Net Server (for automatic HTTPS via ACME): + +```bash +curl https://git.daplie.com/Daplie/goldilocks.js/raw/v1.1/installer/get.sh | bash +``` + +Use the sample goldilocks config file and replace "example.com" with whatever domain you want to use: + +`/etc/goldilocks/goldilocks.yml`: +```yml +socks5: + enabled: false +mdns: + disabled: true + port: 5353 + broadcast: 224.0.0.251 + ttl: 300 +domains: + - names: + - www.example.com + - example.com + - api.example.com + - assets.example.com + - webhooks.example.com + - ssh.example.com + - vpn.example.com + modules: + http: + - type: proxy + port: 3000 + tls: + - type: acme + email: coolaj86@gmail.com + tcp: [] +udp: + bind: [] +tcp: + modules: + - domains: + - ssh.example.com + port: 22 + type: proxy + - domains: + - vpn.example.com + port: 1194 + type: proxy + bind: + - 80 + - 443 +http: + modules: [] +tls: + modules: [] +ddns: + modules: [] +``` + +Go update your DNS records for those domains to point to this server. However you do that... + +Install the WALNUT application server: + +```bash +curl https://git.daplie.com/Daplie/walnut.js/raw/v1.2/installer/get.sh | bash +``` + +Then update the walnut grants to allow your site to use the specified APIs and packages: + +```bash +echo "issuer@oauth3.org" >> /opt/walnut/etc/client-api-grants/example.com +echo "issuer@oauth3.org" >> /opt/walnut/var/sites/example.com +``` + +Get a mailgun account, verify your domain, and add your API keys: + +```bash +# example.com will work for specific hard-coded subdomains (api., assets., webhooks.) +mkdir -p /opt/walnut/var/example.com/ +``` + +`/opt/walnut/var/example.com/config.json`: +```js +{ "mailgun.org": { + "apiKey": "key-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" + , "auth": { + "user": "mailer@example.com" + , "pass": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" + , "api_key": "key-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" + , "domain": "example.com" + } + } +} +``` + +Change the email address used to send in `/opt/walnut/packages/rest/issuer@oauth3.org/accounts.js` (make it match your mailgun.org account).