The new functionality requires changes to any SDK implementing challenge verification.
Details and Reference Implementations
The Stellar Go SDK is the first SDK we've implemented this new functionality and it can be used as a reference. It has implemented the following changes and similar changes may be required in this SDK:
Deprecated the existing verification function (VerifyChallengeTx).
Added new functions to:
Read the client account ID out of a challenge transaction without verifying client signatures, so that servers can lookup the signers of the account before verifying. (ReadChallengeTx)
Verify signatures on a challenge transaction meet a threshold. (VerifyChallengeTxThreshold)
Verify signatures on a challenge transaction match signers. (VerifyChallengeTxSigners)
Increased the timeout on the challenge transaction from 5 minutes to 15 minutes.
Go SDK Change: stellar/go@8ff0848c31a940ab76f1a9177af0d9dd405ffa9b
Summary
A change has been released in SEP-10 Web Authentication v1.3.0 that adds support for:
SEP-10 v1.3.0 Change: stellar/stellar-protocol@ea0d7edc3bed84a24970c5fe5fc34993e6c97e48
The new functionality requires changes to any SDK implementing challenge verification.
Details and Reference Implementations
The Stellar Go SDK is the first SDK we've implemented this new functionality and it can be used as a reference. It has implemented the following changes and similar changes may be required in this SDK:
VerifyChallengeTx
).ReadChallengeTx
)VerifyChallengeTxThreshold
)VerifyChallengeTxSigners
)Go SDK Change: stellar/go@8ff0848c31a940ab76f1a9177af0d9dd405ffa9b
An example of a SEP-10 server using the v1.3.0 verification process is implemented here: https://github.com/stellar/go/tree/master/exp/services/webauth
If anyone has any questions feel free to join us in
#dev-discussion
instellar.public
Keybase.