>[!NOTE] Notes
>- Diagram illustrates the general process of user authentication and how clients receive the [[Transfer Server|transfer server's]] API/obfuscator configurations in a XOR encrypted format.
>- The [[User Token|user's token]]
> - Is a secret shared between the transfer server and [[Client|client]].
> - Never leaves the client, thus preserving confidentiality.
> - Is used by the transfer server to encrypt the payload.
> - Is used by the client to decrypt the payload.
``````mermaid
flowchart
subgraph sg-xfer[Server]
config-file([Skyhook Config File])
recv-auth(Receives auth request) -->
verify-creds(Check credentials) -->
creds-valid{Valid<br>Creds?} -->|Yes| read-config
send-401(Send 401 Unauthorized)
subgraph sg-gen-jwt[Generate JWT]
read-config(Read config file) -.-> config-file -.->|API routes &<br>obfuscator config| read-config -->
xor-encrypt(XOR encrypt config<br>with user token) -->|Insert into| final-jwt(Final JWT) --> send-auth-resp("Respond with JWT")
end
end
subgraph sg-client[Client]
send-auth-req("Send credentials<br>(No Token)")
recv-auth-resp(Receive auth response) -->
is-401{Is 401?} -->|Yes| auth-done(Done)
is-401 -->|No| xor-decrypt(Decrypt config<br>with user token) -->
init-interface(Initialize interface<br>with routes &<br>obfuscators) -->
retrieve-listing(Retrieve file listing)
end
send-auth-req --> recv-auth
creds-valid -->|No| send-401 --> recv-auth-resp
send-auth-resp --> recv-auth-resp
retrieve-listing --> auth-done
``````