>[!NOTE] Notes >- Diagram illustrates the general process of user authentication and how clients receive the [[Transfer Server|transfer server's]] API/obfuscator configurations in a XOR encrypted format. >- The [[User Token|user's token]] > - Is a secret shared between the transfer server and [[Client|client]]. > - Never leaves the client, thus preserving confidentiality. > - Is used by the transfer server to encrypt the payload. > - Is used by the client to decrypt the payload. ``````mermaid flowchart subgraph sg-xfer[Server] config-file([Skyhook Config File]) recv-auth(Receives auth request) --> verify-creds(Check credentials) --> creds-valid{Valid<br>Creds?} -->|Yes| read-config send-401(Send 401 Unauthorized) subgraph sg-gen-jwt[Generate JWT] read-config(Read config file) -.-> config-file -.->|API routes &<br>obfuscator config| read-config --> xor-encrypt(XOR encrypt config<br>with user token) -->|Insert into| final-jwt(Final JWT) --> send-auth-resp("Respond with JWT") end end subgraph sg-client[Client] send-auth-req("Send credentials<br>(No Token)") recv-auth-resp(Receive auth response) --> is-401{Is 401?} -->|Yes| auth-done(Done) is-401 -->|No| xor-decrypt(Decrypt config<br>with user token) --> init-interface(Initialize interface<br>with routes &<br>obfuscators) --> retrieve-listing(Retrieve file listing) end send-auth-req --> recv-auth creds-valid -->|No| send-401 --> recv-auth-resp send-auth-resp --> recv-auth-resp retrieve-listing --> auth-done ``````