stellar-sdk/com.soneso.stellar.sdk.sep.sep10/WebAuth/jwtToken

jwtToken

suspend fun jwtToken(clientAccountId: String, signers: List<KeyPair>, memo: Long? = null, homeDomain: String? = null, clientDomain: String? = null, clientDomainKeyPair: KeyPair? = null, clientDomainSigningDelegate: ClientDomainSigningDelegate? = null): AuthToken

Performs complete SEP-10 authentication flow.

This is the high-level API that handles the entire challenge-response flow:

  1. Requests challenge from server

  2. Validates challenge transaction (13 security checks)

  3. Signs challenge with provided keypairs

  4. Submits signed challenge to server

  5. Returns JWT authentication token

This method is recommended for most use cases as it handles all the complexity of the SEP-10 protocol and performs all required security validations.

Example - Basic authentication:

val webAuth = WebAuth.fromDomain("example.com", Network.PUBLIC)
val userKeyPair = KeyPair.fromSecretSeed("S...")

val authToken = webAuth.jwtToken(
    clientAccountId = userKeyPair.getAccountId(),
    signers = listOf(userKeyPair)
)

println("Token: ${authToken.token}")
println("Expires: ${authToken.exp}")
Content copied to clipboard

Example - Multi-signature account:

val authToken = webAuth.jwtToken(
    clientAccountId = "GACCOUNT...",
    signers = listOf(signer1, signer2, signer3)  // All required signers
)
Content copied to clipboard

Example - Account with memo:

// For custodial services using memos for sub-accounts
val authToken = webAuth.jwtToken(
    clientAccountId = custodialAccountId,
    signers = listOf(userKeyPair),
    memo = 12345  // Sub-account identifier
)
Content copied to clipboard

Example - Client domain verification (local signing):

val authToken = webAuth.jwtToken(
    clientAccountId = userAccountId,
    signers = listOf(userKeyPair),
    clientDomain = "wallet.mycompany.com",
    clientDomainKeyPair = clientDomainSigningKey
)
Content copied to clipboard

Example - Client domain verification (HSM/external signing):

val authToken = webAuth.jwtToken(
    clientAccountId = userAccountId,
    signers = listOf(userKeyPair),
    clientDomain = "wallet.mycompany.com",
    clientDomainSigningDelegate = hsmSigningDelegate
)
Content copied to clipboard

Return

AuthToken containing JWT token and parsed claims

Parameters

clientAccountId

Stellar account ID to authenticate (G... or M... address)

signers

List of keypairs to sign the challenge (must include all required signers)

memo

Optional ID memo for sub-account identification (used with G... addresses)

homeDomain

Optional home domain for multi-domain authentication servers

clientDomain

Optional client domain for domain verification

clientDomainKeyPair

Optional keypair for local client domain signing (from client domain's stellar.toml SIGNING_KEY)

clientDomainSigningDelegate

Optional delegate for external client domain signing (HSM, custody, etc.)

Throws

If challenge request fails

If challenge validation fails

If token submission fails

If signers list is empty or both clientDomainKeyPair and clientDomainSigningDelegate are provided

Generated by Dokka
© 2026 Copyright