Enable Stellar Authentication
Stellar-based wallet applications create authenticated sessions with Stellar anchors by proving they, or their users, have sufficient control over a Stellar account. Once authenticated, the wallet application uses a session token provided by the anchor in subsequent requests to the anchor's standardized services.
The Anchor Platform supports this form of authentication with minimal configuration from the business.
SECRET_SEP10_SIGNING_SEED="a Stellar private key"
SECRET_SEP10_JWT_SECRET="a secret encryption key"
SEP_10_HOME_DOMAIN is the
home_domain property used by [sep-10]. The configuration value must be equal to the host of the toml file. If you are hosting toml file via the Platform, (
SEP1_ENABLED is set to
true), toml file will be hosted on the SEP server.
SECRET_SEP10_SIGNING_SEED is the private key to the public key you've specified as the
SIGNING_KEY in your
stellar.toml file. It will be used to sign authentication challenges presented to wallet applications, providing that you are in possession of the
SIGNING_KEY. Wallets will check for this signature before signing and sending back the authentication challenge.
SECRET_SEP10_JWT_SECRET is the encryption key that will be used to sign and verify the authentication tokens you issue to wallet applications after they or their users have proven control of their Stellar account.
By default, the Anchor Platform allows anyone with a Stellar account to authenticate with your services. If you'd like to only allow users of a particular wallet application to authenticate, or want to disallow specific users from authenticating, use the following environment variables. This is an optional feature and should only be added if it is a business requirement.
SEP10_CLIENT_ATTRIBUTION_REQUIRED informs the Anchor Platform whether or not it should allow users of non-custodial wallets to authenticate without the wallet also identifying itself, and
SEP10_CLIENT_ATTTRIBUTION_ALLOWLIST is the list of non-custodial wallets that can create authenticated sessions with your services.
SEP10_REQUIRE_KNOWN_OMNIBUS_ACCOUNT informs the Anchor Platform whether or not it should allow users of custodial wallets to authenticate without the custodial wallet's public key being included in the
Modify a Stellar Info File
Next, let's modify
stellar.toml file created earlier. Wallets need to know that SEP-10 functionality is supported by your business.
ACCOUNTS = ["add your public keys for your distribution accounts here"]
SIGNING_KEY = "add your signing key here"
NETWORK_PASSPHRASE = "Test SDF Network ; September 2015"
WEB_AUTH_ENDPOINT = "http://localhost:8080/auth"
ORG_NAME = "Your organization"
ORG_URL = "Your website"
ORG_DESCRIPTION = "A description of your organization"