OAuth3 Issuer Implementation
============================

| [oauth3.js](https://git.oauth3.org/OAuth3/oauth3.js)
| [issuer.html](https://git.oauth3.org/OAuth3/issuer.html)
| [issuer.rest.walnut.js](https://git.oauth3.org/OAuth3/issuer.rest.walnut.js)
| *issuer.srv*
| Sponsored by [ppl](https://ppl.family)

This is a reference implementation of an OAuth3 identity issuer.

Instructions
------------

Boot up a Digital Ocean VPS or a Docker or an Ubuntu or whatever it is that you do and then do this:

Install the Goldilocks Net Server (for automatic HTTPS via ACME):

```bash
curl https://git.coolaj86.com/coolaj86/goldilocks.js/raw/v1.1/installer/get.sh | bash
```

Use the sample goldilocks config file and replace "example.com" with whatever domain you want to use:

`/etc/goldilocks/goldilocks.yml`:
```yml
socks5:
  enabled: false
mdns:
  disabled: true
  port: 5353
  broadcast: 224.0.0.251
  ttl: 300
domains:
  - names:
      - www.example.com
      - example.com
      - api.example.com
      - assets.example.com
      - webhooks.example.com
      - ssh.example.com
      - vpn.example.com
    modules:
      http:
        - type: proxy
          port: 3000
      tls:
        - type: acme
          email: coolaj86@gmail.com
      tcp: []
udp:
  bind: []
tcp:
  modules:
    - domains:
        - ssh.example.com
      port: 22
      type: proxy
    - domains:
        - vpn.example.com
      port: 1194
      type: proxy
  bind:
    - 80
    - 443
http:
  modules: []
tls:
  modules: []
ddns:
  modules: []
```

Go update your DNS records for those domains to point to this server. However you do that...

Install the WALNUT application server:

```bash
curl https://git.coolaj86.com/coolaj86/walnut.js/raw/v1.2/installer/get.sh | bash
```

Then update the walnut grants to allow your site to use the specified APIs and packages:

```bash
echo "issuer@oauth3.org" >> /opt/walnut/etc/client-api-grants/example.com
echo "issuer@oauth3.org" >> /opt/walnut/var/sites/example.com
```

Get a mailgun account, verify your domain, and add your API keys:

```bash
# example.com will work for specific hard-coded subdomains (api., assets., webhooks.)
mkdir -p /opt/walnut/var/example.com/
```

`/opt/walnut/var/example.com/config.json`:
```js
{ "mailgun.org": {
    "apiKey": "key-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
   , "auth": {
      "user": "mailer@example.com"
    , "pass": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    , "api_key": "key-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    , "domain": "example.com"
    }
  }
}
```

Change the email address used to send in `/opt/walnut/packages/rest/issuer@oauth3.org/accounts.js` (make it match your mailgun.org account).