-
Notifications
You must be signed in to change notification settings - Fork 2
Github App Installation Channels Diagram
ng-druid edited this page Sep 20, 2022
·
14 revisions
The below diagram describes the service communication channel during installation of the Github app. The flow effectively creates a cognito user from the Github user using a temporary password and sends an an email with further instructions to login and change the temporary password. This process is not as straight forward as it may seem since there are a few complexities of identifying the users email address, storing access tokens, and additional attributes for bypassing manual signup inside cognito.
sequenceDiagram
Vertigo->>Github: Exchange access
Note over Vertigo, Github: Redirect from Github provides access code.
Github-->>Vertigo: Access Token
Vertigo->>Github: Get user
Github-->>Vertigo: User Info
Vertigo->>Github: List Emails
Github-->>Vertigo: Email Addresses
Note over Github, Vertigo: Identify FIRST verified email address
Vertigo->>Cognito: Signup User
Note over Vertigo, Cognito: Include githubAccessToken and githubRefreshToken as custom attributes
Cognito-->>Vertigo: User Info
Vertigo->>Cognito: Set Email verified
Cognito-->>Vertigo: Email Verified
Vertigo->>Cognito: Confirm User Signup
Cognito-->>Vertigo: Signup Confirmed
Vertigo->>Cognito: Force password reset
Note over Vertigo, Cognito: Users required to change temporary password upon first login
Cognito-->>Vertigo: Password reset forced
Vertigo->>SES: Send registration email
Note over Vertigo, SES: Includes instructions to login and temporary password
SES-->>Vertigo: Registration email sent