Sphinx chat always aims to improve its security, with this change we improve the security of the transport of the users authToken and how it is setup. This is done by introducing a new transport token that will encrypt and guide the authToken to sphinx-relay to then be unlocked and saved.

This is done by creating a contact in sphinx-relay which will be the owner’s contact. This contact will also have an authToken space that will be left empty to be filled. Sphinx-relay then creates a transport token which will then be used to encrypt the newly generated authToken on the user’s client with a timestamp.

The user’s client then sends this newly encrypted value as the x-transport-token and sphinx-relay will then decrypt it and fill the empty authToken with the token that was sent over. Sphinx will now have its authToken setup and now any future request can be authenticated.