add standard files
This commit is contained in:
commit
ef41473e79
|
@ -0,0 +1,5 @@
|
||||||
|
v1.0.0 Document OAuth3 Issuer Reference Server Setup
|
||||||
|
* Resource Password Owner
|
||||||
|
* Implicit Grant
|
||||||
|
* Public/Private Device Key syncing
|
||||||
|
* Application Scope Grant syncing
|
|
@ -0,0 +1,41 @@
|
||||||
|
Copyright 2017 OAuth3
|
||||||
|
|
||||||
|
This is open source software; you can redistribute it and/or modify it under the
|
||||||
|
terms of either:
|
||||||
|
|
||||||
|
a) the "MIT License"
|
||||||
|
b) the "Apache-2.0 License"
|
||||||
|
|
||||||
|
MIT License
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
of this software and associated documentation files (the "Software"), to deal
|
||||||
|
in the Software without restriction, including without limitation the rights
|
||||||
|
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||||
|
copies of the Software, and to permit persons to whom the Software is
|
||||||
|
furnished to do so, subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in all
|
||||||
|
copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||||
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||||
|
SOFTWARE.
|
||||||
|
|
||||||
|
Apache-2.0 License Summary
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
|
@ -0,0 +1,110 @@
|
||||||
|
OAuth3 Issuer Implementation
|
||||||
|
============================
|
||||||
|
|
||||||
|
| [oauth3.js](https://git.oauth3.org/OAuth3/oauth3.js)
|
||||||
|
| [issuer.html](https://git.oauth3.org/OAuth3/issuer.html)
|
||||||
|
| [issuer.rest.walnut.js](https://git.oauth3.org/OAuth3/issuer.rest.walnut.js)
|
||||||
|
| *issuer.srv*
|
||||||
|
| Sponsored by [Daplie](https://daplie.com)
|
||||||
|
|
||||||
|
This is a reference implementation of an OAuth3 identity issuer.
|
||||||
|
|
||||||
|
Instructions
|
||||||
|
------------
|
||||||
|
|
||||||
|
Boot up a Digital Ocean VPS or a Docker or an Ubuntu or whatever it is that you do and then do this:
|
||||||
|
|
||||||
|
Install the Goldilocks Net Server (for automatic HTTPS via ACME):
|
||||||
|
|
||||||
|
```bash
|
||||||
|
curl https://git.daplie.com/Daplie/goldilocks.js/raw/v1.1/installer/get.sh | bash
|
||||||
|
```
|
||||||
|
|
||||||
|
Use the sample goldilocks config file and replace "example.com" with whatever domain you want to use:
|
||||||
|
|
||||||
|
`/etc/goldilocks/goldilocks.yml`:
|
||||||
|
```yml
|
||||||
|
socks5:
|
||||||
|
enabled: false
|
||||||
|
mdns:
|
||||||
|
disabled: true
|
||||||
|
port: 5353
|
||||||
|
broadcast: 224.0.0.251
|
||||||
|
ttl: 300
|
||||||
|
domains:
|
||||||
|
- names:
|
||||||
|
- www.example.com
|
||||||
|
- example.com
|
||||||
|
- api.example.com
|
||||||
|
- assets.example.com
|
||||||
|
- webhooks.example.com
|
||||||
|
- ssh.example.com
|
||||||
|
- vpn.example.com
|
||||||
|
modules:
|
||||||
|
http:
|
||||||
|
- type: proxy
|
||||||
|
port: 3000
|
||||||
|
tls:
|
||||||
|
- type: acme
|
||||||
|
email: coolaj86@gmail.com
|
||||||
|
tcp: []
|
||||||
|
udp:
|
||||||
|
bind: []
|
||||||
|
tcp:
|
||||||
|
modules:
|
||||||
|
- domains:
|
||||||
|
- ssh.example.com
|
||||||
|
port: 22
|
||||||
|
type: proxy
|
||||||
|
- domains:
|
||||||
|
- vpn.example.com
|
||||||
|
port: 1194
|
||||||
|
type: proxy
|
||||||
|
bind:
|
||||||
|
- 80
|
||||||
|
- 443
|
||||||
|
http:
|
||||||
|
modules: []
|
||||||
|
tls:
|
||||||
|
modules: []
|
||||||
|
ddns:
|
||||||
|
modules: []
|
||||||
|
```
|
||||||
|
|
||||||
|
Go update your DNS records for those domains to point to this server. However you do that...
|
||||||
|
|
||||||
|
Install the WALNUT application server:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
curl https://git.daplie.com/Daplie/walnut.js/raw/v1.2/installer/get.sh | bash
|
||||||
|
```
|
||||||
|
|
||||||
|
Then update the walnut grants to allow your site to use the specified APIs and packages:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
echo "issuer@oauth3.org" >> /opt/walnut/etc/client-api-grants/example.com
|
||||||
|
echo "issuer@oauth3.org" >> /opt/walnut/var/sites/example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
Get a mailgun account, verify your domain, and add your API keys:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# example.com will work for specific hard-coded subdomains (api., assets., webhooks.)
|
||||||
|
mkdir -p /opt/walnut/var/example.com/
|
||||||
|
```
|
||||||
|
|
||||||
|
`/opt/walnut/var/example.com/config.json`:
|
||||||
|
```js
|
||||||
|
{ "mailgun.org": {
|
||||||
|
"apiKey": "key-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
|
||||||
|
, "auth": {
|
||||||
|
"user": "mailer@example.com"
|
||||||
|
, "pass": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
|
||||||
|
, "api_key": "key-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
|
||||||
|
, "domain": "example.com"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
Change the email address used to send in `/opt/walnut/packages/rest/issuer@oauth3.org/accounts.js` (make it match your mailgun.org account).
|
Loading…
Reference in New Issue