AJ ONeal
7 years ago
commit
ef41473e79
3 changed files with 156 additions and 0 deletions
@ -0,0 +1,5 @@ |
|||
v1.0.0 Document OAuth3 Issuer Reference Server Setup |
|||
* Resource Password Owner |
|||
* Implicit Grant |
|||
* Public/Private Device Key syncing |
|||
* Application Scope Grant syncing |
@ -0,0 +1,41 @@ |
|||
Copyright 2017 OAuth3 |
|||
|
|||
This is open source software; you can redistribute it and/or modify it under the |
|||
terms of either: |
|||
|
|||
a) the "MIT License" |
|||
b) the "Apache-2.0 License" |
|||
|
|||
MIT License |
|||
|
|||
Permission is hereby granted, free of charge, to any person obtaining a copy |
|||
of this software and associated documentation files (the "Software"), to deal |
|||
in the Software without restriction, including without limitation the rights |
|||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
|||
copies of the Software, and to permit persons to whom the Software is |
|||
furnished to do so, subject to the following conditions: |
|||
|
|||
The above copyright notice and this permission notice shall be included in all |
|||
copies or substantial portions of the Software. |
|||
|
|||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
|||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
|||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
|||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
|||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
|||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
|||
SOFTWARE. |
|||
|
|||
Apache-2.0 License Summary |
|||
|
|||
Licensed under the Apache License, Version 2.0 (the "License"); |
|||
you may not use this file except in compliance with the License. |
|||
You may obtain a copy of the License at |
|||
|
|||
http://www.apache.org/licenses/LICENSE-2.0 |
|||
|
|||
Unless required by applicable law or agreed to in writing, software |
|||
distributed under the License is distributed on an "AS IS" BASIS, |
|||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|||
See the License for the specific language governing permissions and |
|||
limitations under the License. |
@ -0,0 +1,110 @@ |
|||
OAuth3 Issuer Implementation |
|||
============================ |
|||
|
|||
| [oauth3.js](https://git.oauth3.org/OAuth3/oauth3.js) |
|||
| [issuer.html](https://git.oauth3.org/OAuth3/issuer.html) |
|||
| [issuer.rest.walnut.js](https://git.oauth3.org/OAuth3/issuer.rest.walnut.js) |
|||
| *issuer.srv* |
|||
| Sponsored by [Daplie](https://daplie.com) |
|||
|
|||
This is a reference implementation of an OAuth3 identity issuer. |
|||
|
|||
Instructions |
|||
------------ |
|||
|
|||
Boot up a Digital Ocean VPS or a Docker or an Ubuntu or whatever it is that you do and then do this: |
|||
|
|||
Install the Goldilocks Net Server (for automatic HTTPS via ACME): |
|||
|
|||
```bash |
|||
curl https://git.daplie.com/Daplie/goldilocks.js/raw/v1.1/installer/get.sh | bash |
|||
``` |
|||
|
|||
Use the sample goldilocks config file and replace "example.com" with whatever domain you want to use: |
|||
|
|||
`/etc/goldilocks/goldilocks.yml`: |
|||
```yml |
|||
socks5: |
|||
enabled: false |
|||
mdns: |
|||
disabled: true |
|||
port: 5353 |
|||
broadcast: 224.0.0.251 |
|||
ttl: 300 |
|||
domains: |
|||
- names: |
|||
- www.example.com |
|||
- example.com |
|||
- api.example.com |
|||
- assets.example.com |
|||
- webhooks.example.com |
|||
- ssh.example.com |
|||
- vpn.example.com |
|||
modules: |
|||
http: |
|||
- type: proxy |
|||
port: 3000 |
|||
tls: |
|||
- type: acme |
|||
email: coolaj86@gmail.com |
|||
tcp: [] |
|||
udp: |
|||
bind: [] |
|||
tcp: |
|||
modules: |
|||
- domains: |
|||
- ssh.example.com |
|||
port: 22 |
|||
type: proxy |
|||
- domains: |
|||
- vpn.example.com |
|||
port: 1194 |
|||
type: proxy |
|||
bind: |
|||
- 80 |
|||
- 443 |
|||
http: |
|||
modules: [] |
|||
tls: |
|||
modules: [] |
|||
ddns: |
|||
modules: [] |
|||
``` |
|||
|
|||
Go update your DNS records for those domains to point to this server. However you do that... |
|||
|
|||
Install the WALNUT application server: |
|||
|
|||
```bash |
|||
curl https://git.daplie.com/Daplie/walnut.js/raw/v1.2/installer/get.sh | bash |
|||
``` |
|||
|
|||
Then update the walnut grants to allow your site to use the specified APIs and packages: |
|||
|
|||
```bash |
|||
echo "issuer@oauth3.org" >> /opt/walnut/etc/client-api-grants/example.com |
|||
echo "issuer@oauth3.org" >> /opt/walnut/var/sites/example.com |
|||
``` |
|||
|
|||
Get a mailgun account, verify your domain, and add your API keys: |
|||
|
|||
```bash |
|||
# example.com will work for specific hard-coded subdomains (api., assets., webhooks.) |
|||
mkdir -p /opt/walnut/var/example.com/ |
|||
``` |
|||
|
|||
`/opt/walnut/var/example.com/config.json`: |
|||
```js |
|||
{ "mailgun.org": { |
|||
"apiKey": "key-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" |
|||
, "auth": { |
|||
"user": "mailer@example.com" |
|||
, "pass": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" |
|||
, "api_key": "key-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" |
|||
, "domain": "example.com" |
|||
} |
|||
} |
|||
} |
|||
``` |
|||
|
|||
Change the email address used to send in `/opt/walnut/packages/rest/issuer@oauth3.org/accounts.js` (make it match your mailgun.org account). |
Loading…
Reference in new issue