Auth
Represents a parsed SEP-10 authentication token (JWT).
This class parses JWT tokens returned from Stellar SEP-10 authentication endpoints and exposes standard JWT claims and SEP-10 specific claims. It performs lenient parsing: if the JWT is malformed, it returns an AuthToken with only the raw token string populated, allowing graceful degradation in applications.
Standard JWT Claims (RFC 7519)
iss: Issuer - the authentication server's domain
sub: Subject - the authenticated account ID (may include memo)
iat: Issued At - Unix timestamp when token was created
exp: Expiration Time - Unix timestamp when token expires
jti: JWT ID - unique identifier for this token
SEP-10 Specific Claims
clientDomain: Client domain for domain-signed authentication
Computed Properties
account: Account ID extracted from sub (handles memos and muxed accounts)
memo: Memo extracted from sub (format: "ACCOUNT:MEMO")
Security Considerations
This parser does NOT verify JWT signatures (per SEP-10 spec)
SEP-10 clients receive signed tokens over HTTPS and use them as bearer tokens
Signature verification is the server's responsibility
Always validate token expiry using isExpired before use
Example Usage
// Parse token
val authToken = AuthToken.parse(jwtString)
// Check expiry
if (authToken.isExpired()) {
println("Token expired at epoch ${authToken.exp}")
return
}
// Extract account and memo
val accountId = authToken.account // "GACCOUNT..."
val memo = authToken.memo // "12345" or null
// Access issuer
println("Authenticated by: ${authToken.iss}")
// Use token in API calls (SEP-24, SEP-31, SEP-6, etc.)
val apiResponse = httpClient.get(endpoint) {
headers {
append("Authorization", "Bearer $authToken") // Uses toString()
}
}Graceful Error Handling
If parsing fails (malformed JWT), an AuthToken is returned with:
token: The original JWT string (preserved)
All other properties: null
This allows applications to decide how to handle invalid tokens.