Recently, we made an important update to SEP-10, the Stellar Web Authentication protocol. At this point, SEP-10 v3.0 has been implemented in all the Stellar SDKs, and we urge you to install up-to-date versions of any SDKs you use as soon as possible, especially if you use SEP-10 in your application or service.
Also, the vote to upgrade the Stellar public network to Protocol 15 is scheduled for Monday, which is 11/23. Since anyone and everyone needs to make sure they're running up-to-date versions of their SDKs anyway, we're looking at two birds, one stone here.
Wallets: upgrade your SDK ASAP to support SEP-10 3.0. Anchors that upgrade before you will be incompatible with your wallet.
Anchors: You should be at SEP-10 2.1 currently. If you aren't, Wallets won't be compatible with your service when they upgrade to 3.0. Once the wallet or client applications that consume your APIs have upgraded, you should upgrade, too.
You can find links to the latest SDK releases here:
About SEP-10 3.0
is more secure than SEP-10 2.1
. 3.0 requires wallets to verify the homeDomain value included in the SEP-10 challenge transaction’s Manage Data operation, compared to SEP-10 2.1 which included the homeDomain value in SEP-10 challenges but didn’t require verification of the homeDomain.
SEP-10 3.0 also clarifies that the homeDomain value is the domain that hosts the SEP-1 stellar.toml file
at the path /.well-known/stellar.toml.
By adding this verification requirement, SEP-10 v3.0 ensures that the JWT issued can only be used for the service it was issued for. The SDF will be making additional upgrades to SEP-10 in the future, so remember to upgrade to the latest version of the Stellar SDK used by your application.