Finalize User Mapping Service Spec

[tgmachina]

Description

This issue is meant to house conversation on finalizing the User Mapping Service Spec.

Exit Criteria

• Consensus reached on spec by hubcast team
• Finalized spec moved to appropriate location e.g. docs/specs

User Mapping Service

sequenceDiagram
	participant GitHub
	participant SiteBoundary
	participant UserMappingService
	participant SiteAuth
	participant Hubcast
	Note right of SiteBoundary: Site Internal
	UserMappingService->>SiteAuth: User authenticates
	UserMappingService->>GitHub: User authenticates
	UserMappingService->>UserMappingService: Link user identities on email
	loop cron
		UserMappingService->>GitHub: Remove deactivated users
	end
	Hubcast->>UserMappingService: Get mapped user

Loading

Description

The UserMappingService is responsible for associating a GitHub user to an internal Site user. The end-user performs Site-local authentication to validate themselves via 2FA. The end-user also performs authentication to GitHub to validate themselves and provide access to their verified, potentially private, email addresses. Linking is performed by looking for an associated and verified Site email address.

From there, Hubcast can query UserMappingService with GitHub usernames from events to validate that this linking has occurred successfully and resolve the internal associated Site user.

API

• Calls authenticate on SiteAuth
• Calls authenticate on GitHub
• Calls DELETE user on GitHub
• user
  • GET user
    • Returns full user mapping with Site user info if a mapping exists