AJ ONeal
7 years ago
commit
ef41473e79
3 changed files with 156 additions and 0 deletions
@ -0,0 +1,5 @@ |
|||||
|
v1.0.0 Document OAuth3 Issuer Reference Server Setup |
||||
|
* Resource Password Owner |
||||
|
* Implicit Grant |
||||
|
* Public/Private Device Key syncing |
||||
|
* Application Scope Grant syncing |
@ -0,0 +1,41 @@ |
|||||
|
Copyright 2017 OAuth3 |
||||
|
|
||||
|
This is open source software; you can redistribute it and/or modify it under the |
||||
|
terms of either: |
||||
|
|
||||
|
a) the "MIT License" |
||||
|
b) the "Apache-2.0 License" |
||||
|
|
||||
|
MIT License |
||||
|
|
||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy |
||||
|
of this software and associated documentation files (the "Software"), to deal |
||||
|
in the Software without restriction, including without limitation the rights |
||||
|
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
||||
|
copies of the Software, and to permit persons to whom the Software is |
||||
|
furnished to do so, subject to the following conditions: |
||||
|
|
||||
|
The above copyright notice and this permission notice shall be included in all |
||||
|
copies or substantial portions of the Software. |
||||
|
|
||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
||||
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
||||
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
||||
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
||||
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
||||
|
SOFTWARE. |
||||
|
|
||||
|
Apache-2.0 License Summary |
||||
|
|
||||
|
Licensed under the Apache License, Version 2.0 (the "License"); |
||||
|
you may not use this file except in compliance with the License. |
||||
|
You may obtain a copy of the License at |
||||
|
|
||||
|
http://www.apache.org/licenses/LICENSE-2.0 |
||||
|
|
||||
|
Unless required by applicable law or agreed to in writing, software |
||||
|
distributed under the License is distributed on an "AS IS" BASIS, |
||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
|
See the License for the specific language governing permissions and |
||||
|
limitations under the License. |
@ -0,0 +1,110 @@ |
|||||
|
OAuth3 Issuer Implementation |
||||
|
============================ |
||||
|
|
||||
|
| [oauth3.js](https://git.oauth3.org/OAuth3/oauth3.js) |
||||
|
| [issuer.html](https://git.oauth3.org/OAuth3/issuer.html) |
||||
|
| [issuer.rest.walnut.js](https://git.oauth3.org/OAuth3/issuer.rest.walnut.js) |
||||
|
| *issuer.srv* |
||||
|
| Sponsored by [Daplie](https://daplie.com) |
||||
|
|
||||
|
This is a reference implementation of an OAuth3 identity issuer. |
||||
|
|
||||
|
Instructions |
||||
|
------------ |
||||
|
|
||||
|
Boot up a Digital Ocean VPS or a Docker or an Ubuntu or whatever it is that you do and then do this: |
||||
|
|
||||
|
Install the Goldilocks Net Server (for automatic HTTPS via ACME): |
||||
|
|
||||
|
```bash |
||||
|
curl https://git.daplie.com/Daplie/goldilocks.js/raw/v1.1/installer/get.sh | bash |
||||
|
``` |
||||
|
|
||||
|
Use the sample goldilocks config file and replace "example.com" with whatever domain you want to use: |
||||
|
|
||||
|
`/etc/goldilocks/goldilocks.yml`: |
||||
|
```yml |
||||
|
socks5: |
||||
|
enabled: false |
||||
|
mdns: |
||||
|
disabled: true |
||||
|
port: 5353 |
||||
|
broadcast: 224.0.0.251 |
||||
|
ttl: 300 |
||||
|
domains: |
||||
|
- names: |
||||
|
- www.example.com |
||||
|
- example.com |
||||
|
- api.example.com |
||||
|
- assets.example.com |
||||
|
- webhooks.example.com |
||||
|
- ssh.example.com |
||||
|
- vpn.example.com |
||||
|
modules: |
||||
|
http: |
||||
|
- type: proxy |
||||
|
port: 3000 |
||||
|
tls: |
||||
|
- type: acme |
||||
|
email: coolaj86@gmail.com |
||||
|
tcp: [] |
||||
|
udp: |
||||
|
bind: [] |
||||
|
tcp: |
||||
|
modules: |
||||
|
- domains: |
||||
|
- ssh.example.com |
||||
|
port: 22 |
||||
|
type: proxy |
||||
|
- domains: |
||||
|
- vpn.example.com |
||||
|
port: 1194 |
||||
|
type: proxy |
||||
|
bind: |
||||
|
- 80 |
||||
|
- 443 |
||||
|
http: |
||||
|
modules: [] |
||||
|
tls: |
||||
|
modules: [] |
||||
|
ddns: |
||||
|
modules: [] |
||||
|
``` |
||||
|
|
||||
|
Go update your DNS records for those domains to point to this server. However you do that... |
||||
|
|
||||
|
Install the WALNUT application server: |
||||
|
|
||||
|
```bash |
||||
|
curl https://git.daplie.com/Daplie/walnut.js/raw/v1.2/installer/get.sh | bash |
||||
|
``` |
||||
|
|
||||
|
Then update the walnut grants to allow your site to use the specified APIs and packages: |
||||
|
|
||||
|
```bash |
||||
|
echo "issuer@oauth3.org" >> /opt/walnut/etc/client-api-grants/example.com |
||||
|
echo "issuer@oauth3.org" >> /opt/walnut/var/sites/example.com |
||||
|
``` |
||||
|
|
||||
|
Get a mailgun account, verify your domain, and add your API keys: |
||||
|
|
||||
|
```bash |
||||
|
# example.com will work for specific hard-coded subdomains (api., assets., webhooks.) |
||||
|
mkdir -p /opt/walnut/var/example.com/ |
||||
|
``` |
||||
|
|
||||
|
`/opt/walnut/var/example.com/config.json`: |
||||
|
```js |
||||
|
{ "mailgun.org": { |
||||
|
"apiKey": "key-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" |
||||
|
, "auth": { |
||||
|
"user": "mailer@example.com" |
||||
|
, "pass": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" |
||||
|
, "api_key": "key-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" |
||||
|
, "domain": "example.com" |
||||
|
} |
||||
|
} |
||||
|
} |
||||
|
``` |
||||
|
|
||||
|
Change the email address used to send in `/opt/walnut/packages/rest/issuer@oauth3.org/accounts.js` (make it match your mailgun.org account). |
Loading…
Reference in new issue