SEP-10¶
Configuration¶
Add SEP-10 to your list of active SEPs in settings.py:
POLARIS_ACTIVE_SEPS = ["sep-1", "sep-10", ...]
Add the following variables environment variables file:
- SIGNING_SEED
- The secret key of the keypair used to sign challenge transactions. If SEP-1 is also active, its public key will be added to your SEP-1 TOML file under
SIGNING_KEY
. Do not check this into version control. - SERVER_JWT_KEY
- The secret string for encoding authentication tokens. Do not check this into version control.
- SEP10_HOME_DOMAINS (optional)
- The home domains of the services accepting authentication tokens issued by Polaris’ SEP-10 implementation. By default it contains a single domain: the domain portion of
HOST_URL
. If services not hosted onHOST_URL
’s domain want to accept SEP-10 tokens issued by Polaris, the domains of those services must also be listed inSEP10_HOME_DOMAINS
.
SEP10_HOME_DOMAINS=polaris.anchor.com,not-polaris.anchor.com
- SEP10_CLIENT_ATTRIBUTION_REQUIRED (optional)
- If true, requires client applications to verify their identity by passing a domain in the challenge transaction request and signing the challenge with the
SIGNING_KEY
on that domain’s SEP-1 stellar.toml. Defaults to false. See the SEP-10 section Verifying Client Application Identity for more information. - SEP10_CLIENT_ATTRIBUTION_REQUEST_TIMEOUT (optional)
An integer for the number of seconds to wait before canceling a server-side request to the
client_domain
parameter specified in the request, if present. This request is made from the API server and therefore an unresponsiveclient_domain
can slow down request processing.Defaults to 3 seconds.
Ex.
SEP10_CLIENT_ATTRIBUTION_REQUEST_TIMEOUT=10
- SEP10_CLIENT_ATTRIBUTION_ALLOWLIST (optional)
- A list of domains that the server will issue challenge transactions containing
client_domain
Manage Data operations for. IfSEP10_CLIENT_ATTRIBUTION_REQUIRED
is true, client applications must pass aclient_domain
parameter whose value matches one of the elements in this list, otherwise the request will be rejected. IfSEP10_CLIENT_ATTRIBUTION_REQUIRED
is false, Polaris will return a challenge transaction without the requestedclient_domain
Manage Data operation. - SEP10_CLIENT_ATTRIBUTION_DENYLIST (optional)
- A list of domains that the server will not issue challenge transactions containing
client_domain
Manage Data operations for. IfSEP10_CLIENT_ATTRIBUTION_REQUIRED
is true, client applications that pass aclient_domain
parameter value that matches one of the elements in this list will be rejected. IfSEP10_CLIENT_ATTRIBUTION_REQUIRED
is false, Polaris will return a challenge transaction without the requestedclient_domain
Manage Data operation.
The ALLOWLIST
and DENYLIST
variables are mutually exclusive.
The client_domain
of client applications who successfully verify their identity during SEP-10 will be saved to Transaction.client_domain
for all transactions created by such clients.
Integrations¶
There are no integrations for SEP-10. It just works.