Quickstart
Two paths land you on a working Parako.ID. Choose the one that matches your goal.
| Path | Audience | Time |
|---|---|---|
| From source | Contributors, local development | ~3 minutes |
| Installer | Operators deploying to a host | ~5 minutes + operator setup |
Prerequisites
Section titled “Prerequisites”Linux x86_64 or aarch64, Node.js ≥ 24, pnpm ≥ 11. Enable pnpm via Corepack:
corepack enable && corepack prepare pnpm@11 --activateFrom source
Section titled “From source”git clone https://github.com/Dahkenangnon/Parako.ID.gitcd Parako.IDpnpm installcp .env.example .envpnpm db:pushpnpm devJWKS keys are generated automatically on first start and stored in the database. The server listens on http://localhost:9007.
Important:
.envships with development defaults. Production secrets and database choices live in Configuration.
Installer
Section titled “Installer”curl --proto '=https' --tlsv1.2 -fsSL https://get.parako.id | sudo bashThe installer verifies the release via cosign (Sigstore) and places files under /opt/parako-id/. It does not configure your supervisor, database, TLS, or secrets — see Installer for the full contract.
Important: The installer prints a next-steps card on completion. Complete those steps before starting the service.
Operator steps after install:
- Create
/opt/parako-id/runtime/.envfrom/opt/parako-id/current/contrib/.env.sampleand fill in your DB / Redis / secrets. - Wire your process manager to
/opt/parako-id/current(sample PM2 ecosystem ships atcurrent/contrib/ecosystem.config.cjs.sample; nginx examples atdocs/reference/nginx-vhost-examples/). - Apply any database migration named in the release notes.
- Start your service.
- Probe
http://localhost:9007/health.
The parako operator binary is on PATH; see parako CLI for the verb reference and Upgrades for the upgrade runbook.
Create your first admin
Section titled “Create your first admin”Open http://localhost:9007/auth/register and create an account. Promote that user to admin via the admin panel or by editing the user record directly. See Admin Panel.
Register your first OIDC client
Section titled “Register your first OIDC client”Use the admin panel at /admin/oidc-clients — the wizard collects client type, redirect URIs, and scopes, then prints the client_id and client_secret. Store the secret immediately; it is encrypted at rest and not retrievable afterward.
See OIDC Clients for the full client model and presets, or CLI Tools for pnpm client add (file-based single-tenant only).
Test the OIDC flow
Section titled “Test the OIDC flow”Walk through an end-to-end authorization-code + PKCE exchange against your local Parako.ID in Integrating Your App.