Comments (2)
Thanks Leigh,
This should do the trick:
def _generate_jwt(request, envelope_xdr):
"""
Generates the JSON web token from the challenge transaction XDR.
See: https://github.com/stellar/stellar-protocol/blob/master/ecosystem/sep-0010.md#token
"""
issued_at = time.time()
transaction_envelope = TransactionEnvelope.from_xdr(
envelope_xdr,
network_passphrase=settings.STELLAR_NETWORK_PASSPHRASE
)
transaction = transaction_envelope.transaction
hash_hex = binascii.hexlify(transaction_envelope.hash()).decode()
jwt_dict = {
"iss": request.build_absolute_uri("/auth"),
"sub": transaction.source.public_key,
"iat": issued_at,
"exp": issued_at + 24 * 60 * 60,
"jti": hash_hex,
}
encoded_jwt = jwt.encode(jwt_dict, settings.SERVER_JWT_KEY, algorithm="HS256")
return encoded_jwt.decode("ascii")
We'll release this adjustment in v0.9.3
from django-polaris.
Turns out the transaction's source is the anchor's account since its a challenge generated by the server. So instead of assigning sub
to transaction.source.public_key
, we'll use transaction.operations[0].source
as defined in SEP-10:
transaction
: an XDR-encoded Stellar transaction with the following:
- source account set to server's signing account
- invalid sequence number (set to 0) so the transaction cannot be run on the Stellar network
- time bounds:
{min: now(), max: now() + 300 }
(we recommend expiration of 5 minutes to give user time to sign transaction)- operations:
manage_data(source: client_account, key: '<anchor name> auth', value: random_nonce())
- The value of key is not important, but can be the name of the anchor followed by
auth
. It can be at most 64 bytes.- The value must be 64 bytes long. It contains a 48 byte cryptographic-quality random string encoded using base64 (for a total of 64 bytes after encoding).
- signature by the web service signing account
...
- use operations's source account to determine the authenticating client and perform any additional service-specific validations.
from django-polaris.
Related Issues (20)
- `process_pending_deposits` uses Unix-specific python standard library functions HOT 5
- SEP-24: Add first-class support for using non-Polaris interactive flows HOT 3
- Network passphrase is necessary HOT 2
- Deposits completed but polaris says they failed HOT 5
- ENABLE_SEP_0023="true" missing on documentation HOT 7
- SEP-6: `Asset.distribution_account` is always used as anchor's receiving address HOT 4
- CLI command for callback requests
- Documentation Enable Hosted Deposits HOT 2
- watch_transactions: support fee-bump transactions
- Never send incoming payment to stellar network HOT 2
- Occasional "The token is not yet valid (iat)" in SEP-24
- Migrate to Python 3.11 HOT 1
- UI Issue HOT 1
- MIssing SEP9 KYC/AML Fields (bank_account_type) from SEP_9_FIELDS utils.py HOT 1
- MIssing OPERATION_SEND constant from polaris settings.py file. HOT 1
- SEP-12: default to memo type of ID HOT 2
- Autorestart watch_transactions HOT 1
- feeTable commas HOT 1
- Wrong callback signature calculation HOT 1
- Bug with sep6 deposit
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-polaris.