stellar-sdk/com.soneso.stellar.sdk.sep.sep10/ChallengeResponse

ChallengeResponse

@Serializable
data class ChallengeResponse(val transaction: String, val networkPassphrase: String? = null)

Response from a SEP-10 challenge request.

The server returns this response when a client requests a challenge transaction for authentication. The response contains a base64-encoded XDR transaction envelope that the client must validate and sign.

The challenge transaction is a specially-constructed Stellar transaction that:

  • Has sequence number 0 (cannot be submitted to network)

  • Contains only ManageData operations (harmless metadata)

  • Is already signed by the server

  • Has time bounds to prevent replay attacks

  • Proves the server's identity through its signature

Workflow:

  1. Client requests challenge via GET to WEB_AUTH_ENDPOINT

  2. Server returns ChallengeResponse with transaction XDR

  3. Client validates the challenge (critical security step)

  4. Client signs the validated challenge

  5. Client submits signed challenge back to server

  6. Server returns JWT token

Example response JSON:

{
  "transaction": "AAAAAgAAAADR...base64...==",
  "network_passphrase": "Test SDF Network ; September 2015"
}
Content copied to clipboard

Security considerations:

  • Always validate the challenge before signing (use WebAuth.validateChallenge())

  • Verify the server signature matches the stellar.toml SIGNING_KEY

  • Check time bounds are reasonable

  • Ensure all operations are ManageData type

See also:

Constructors

Link copied to clipboard
constructor(transaction: String, networkPassphrase: String? = null)

Properties

Link copied to clipboard
@SerialName(value = "network_passphrase")
val networkPassphrase: String?

Optional network passphrase for additional verification

Link copied to clipboard
@SerialName(value = "transaction")
val transaction: String

Base64-encoded XDR transaction envelope containing the challenge

Generated by Dokka
© 2026 Copyright