Step 01

Connect
GitHub.

First run opens with an empty context. One CTA — connect the account that backs your first claim.

Opening flow

From tap to authorized.

1

Your context (empty)

App opens straight to context — no biometric nag, no loading wall. Immediate first paint.

Hack 1 · DNS/TLS warm starts in background
2

Pre-sheet explainer

First run only: a medium sheet explains what will happen before OAuth. Never shown again.

Hack 3 · one-time trust primer
3

Continue with GitHub

Real mode: Safari opens GitHub with your existing session. Mock mode: instant handoff for UX testing.

4

Auto-return via Universal Link

Callback hits flexrep.xyz/oauth/github/callback. iOS routes back into REP — no manual swipe.

Hack 4 · AASA on this domain
5

Token exchange (server-side)

GitHub code → REP backend on Fly. Client secret never ships in the app bundle.

Pre-sheet · first run
Prove your GitHub

We'll open GitHub, mint a cryptographic proof of your public stats, and return here automatically.

Continue with GitHub
Under the hood

OAuth without leaking secrets.

GitHub App (not classic OAuth) for refresh tokens. PKCE on device. Backend at rep-oauth.fly.dev holds the client secret.

On device

Client ID, PKCE verifier, Keychain storage after mint.

On server

Code → token exchange, refresh rotation, redirect URI match.

Overview Next: Mint proof → Proof