Implement SEP-10 2.1.0 Support

TL;DR

The SEP-10 protocol has been updated to relax the requirements of the single Manage Data operation included in SEP-10 challenge transactions, and should be implemented by October 21st. On this date the SDF will announce the SDK updates to Anchors and Wallets, urging them to update as soon as possible.

Background

To provide context, the SEP-10 2.0 changes replaced SEP-10 challenges' Manage Data operation anchorName key with a home_domain key. However, we quickly realized there was confusion and misunderstanding about the value of the home_domain parameter introduced in most SDKs earlier. Specifically, some users of the SDK believe the home_domain value is the home domain used to request the SEP-10 challenge, while others believe it is the home domain that requires the JWT authentication token.

This is problematic because SDK's implemented equality checks on the home_domain value of the Manage Data operation, so mismatched domains would result in client-server (wallet-anchor) incompatibility.

SEP-10 2.1.0 Changes

The following changes have been made to the SEP-10 protocol:

Clients are no longer required to validate the home_domain value in a SEP-10 challenge's first Manage Data operation
SEP-10 challenge transactions may now have additional Manage Data operations as long as the source account of the operation is the SEP-10 server's SIGNING_KEY
- Note: additional Manage Data operations will be added in future changes, so any added Manage Data operations added by the issuer of the challenge will need to come after the Manage Data operations defined in this document

References

SEP-10 2.1.0 Changes Go SDK SEP-10 2.1.0 Support JavaScript SDK SEP-10 2.1.0 Support

Looking Forward

Soon after SEP-10 2.1.0 is implmenented and announced, the SDF will ask SDK's to upgrade to SEP-10 3.0, but no action needs to be taken for this yet.

elucidsoft / dotnet-stellar-sdk