# CAcert OpenID connect parent project

This repository references several repositories for the CAcert OpenID connect
setup.

## Clone the repository

```shell
git clone --recurse-submodules https://code.cacert.org/cacert/oidc-parent.git
cd oidc-parent
# cause pull, fetch and other git commands to consider submodules
git config submodule.recurse true
```

## Get started

- [setup Hydra](https://code.cacert.org/cacert/oidc-hydra-config/src/branch/main/README.md)
- build CAcert web application resources
- setup IDP (provides login and consent screens)
- setup demo application
- setup OpenID Connect client registration application

## Local development setup

Make sure you have the necessary prerequisites installed (tested on Debian 11
Bullseye) and `~/.local/bin` is in your `$PATH` variable:

```shell
sudo apt update
sudo apt install make python3-pip python3-psycopg2 golang-go yarnpkg
python3 -m pip install --user -U pip
python3 -m pip install --user ansible
export PATH=$HOME/.local/bin:$PATH
```

*Note:* It is a good idea to put the `PATH` export line into your `.bashrc` or
`.zshenv`.

Use `make` to build the web app resources and applications:

```shell
go install github.com/nicksnyder/go-i18n/v2/goi18n@latest
make
```

Use `ansible-playbook` to deploy Hydra, IDP, Client registration and the demo
application:

```shell
cd deployment
ansible-playbook 01_install_cacert_oidc.yml
```

Note: If ansible-playbook fails early in the process with "sudo: a password is required," 
then confirm that your user has sudo privileges and execute that command like

```shell
ansible-playbook -K 01_install_cacert_oidc.yml
```


## Vagrant setup

```shell
sudo apt install vagrant-libvirt virt-manager libvirt-clients
vagrant up
vagrant ssh -- cat .local/share/mkcert/rootCA.pem | sudo tee /usr/local/share/ca-certificates/mkcert-vagrant-oidc.crt
sudo update-ca-certificates
```