blob: a93e876cc5fcc5eec51ac3ba5b43e6a9b1be6787 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
#!/bin/sh
set -eu
## BEGIN configuration
# Where is WooCommerce?
WOOHOST=http://127.0.0.1:9999
# Name of the shop for the user
SHOP_NAME="WooTaler Shop"
# Ego of the zone for the RP in GNS
SHOP_ZONE=wootaler-shop
# Which attributes does WooCommerce want from the IdP?
OIDC_SCOPE="openid given_name family_name email address phone"
# URL where GNUnet REST service is listening for requests
GNUNET_REST="http://localhost:7776/openid/"
## END configuration
# Download and install GNUnet
apt install \
screen \
gcc \
make\
autoconf\
automake \
libtool\
libmicrohttpd-dev\
libgcrypt20-dev\
libsqlite3-dev\
gettext\
libgnutls28-dev\
libcurl4-gnutls-dev\
libunistring-dev\
libidn2-dev\
libjansson-dev\
openssl\
pkgconf\
libltdl-dev\
zlib1g-dev\
libsodium-dev\
python3.7\
texi2html\
texinfo
cd /root
git clone git://git.gnunet.org/gnunet.git
cd gnunet
./bootstrap
./configure --prefix=/usr/
make install
# Configure GNUnet
# Setup GNUnet REST credentials
OIDC_CLIENT_SECRET=`uuid`
gnunet-config -s reclaim-rest-plugin -o OIDC_CLIENT_SECRET -V "$OIDC_CLIENT_SECRET"
# Restart GNUnet
systemctl restart gnunet
# Setup Zone for RP
gnunet-identity -C "$SHOP_ZONE"
OIDC_CLIENT_IDENTITY=`gnunet-identity -dq -e $SHOP_ZONE`
# Tell reclaim where the RP expects the authorization callback
gnunet-namestore -a -z "$SHOP_ZONE" -n @ -t RECLAIM_OIDC_REDIRECT -V ${WOOHOST}/wp-admin/admin-ajax.php?action=openid-connect-authorize -e 1h -p
# Tell reclaim the name of the shop that asks for permissions (to be shown to the user)
gnunet-namestore -a -z "$SHOP_ZONE" -n @ -t RECLAIM_OIDC_CLIENT -V "$SHOP_NAME" -e 1h -p
# Setup ReClaim as OIDC provider with WooCommerce
cd /var/www/wordpress
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings client_id "${OIDC_CLIENT_IDENTITY}"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings client_secret "${OIDC_CLIENT_SECRET}"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings scope "${OIDC_SCOPE}"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings endpoint_login "https://api.reclaim/openid/authorize"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings endpoint_userinfo "${GNUNET_REST}/userinfo"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings endpoint_token "${GNUNET_REST}/token"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings endpoint_end_session ""
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings identity_key "sub"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings no_sslverify "1"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings nickname_key "sub"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings displayname_format "{given_name} {full_name}"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings identify_with_username "1"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings enable_logging "1"
sudo -u www-data wp --user=admin option patch update openid_connect_generic_settings redirect_user_back "1"
|
