-
Notifications
You must be signed in to change notification settings - Fork 2
Github App Installation Channels Diagram
The below diagram describes the service communication channel during installation of the Github app. The flow effectively creates a cognito user from the Github user using a temporary password and sends an an email with further instructions to login and change the temporary password. This process is not as straight forward as it may seem since there are a few complexities of identifying the users email address, storing access tokens, and additional attributes for bypassing manual signup inside cognito.
sequenceDiagram
Vertigo->>Github: Exchange access
Note over Vertigo, Github: Redirect from Github provides access code.
Github-->>Vertigo: Access Token
Vertigo->>Github: Get user
Github-->>Vertigo: User Info
Vertigo->>Github: List Emails
Github-->>Vertigo: Email Addresses
Note over Github, Vertigo: Identify FIRST verified email address
Vertigo->>Cognito: Signup User
Note over Vertigo, Cognito: Include githubAccessToken and githubRefreshToken as custom attributes
Cognito-->>Vertigo: User Info
Vertigo->>Cognito: Force email verification
Cognito-->>Vertigo: Email verification forced
Vertigo->>Cognito: Force user confirmation
Cognito-->>Vertigo: User confirmation forced
Vertigo->>Cognito: Force password reset
Note over Vertigo, Cognito: Users required to change temporary password upon first login
Cognito-->>Vertigo: Password reset forced
Vertigo->>SES: Send transactional email
Note over Vertigo, SES: Email includes instructions to login and temporary password
SES-->>Vertigo: Transactional email sent
When user exists check whether name and email match. When name and email match update custom attributes with new tokens. If email matches existing user I think it is safe to assume that user maps to the Github user although the name will not match between the two.