stellar-sdk/com.soneso.stellar.sdk.sep.sep10/WebAuth/signTransaction

signTransaction

suspend fun signTransaction(challengeXdr: String, signers: List<KeyPair>, clientDomainKeyPair: KeyPair? = null, clientDomainSigningDelegate: ClientDomainSigningDelegate? = null): String

Signs a challenge transaction with provided keypairs.

Takes a validated challenge transaction and adds signatures from the provided keypairs. The server's original signature is preserved, and new signatures are appended.

For multi-signature accounts, all required signers must be provided to meet the account's signing threshold.

The signing process:

  1. Parse challenge XDR to transaction envelope

  2. Compute transaction hash for the network

  3. Preserve existing signatures (server's signature)

  4. Optionally sign with client domain keypair or delegate FIRST (if provided)

  5. Then sign transaction hash with each provided user keypair

  6. Append new signatures to the envelope

  7. Return updated envelope as base64 XDR

Signing order: Client domain signing happens BEFORE user keypair signing. This ensures user signatures are not exposed to the delegate and follows the principle of least privilege (domain verification before user signing).

Example - Single signature:

val signedChallenge = webAuth.signTransaction(
    challengeXdr = challenge.transaction,
    signers = listOf(userKeyPair)
)
Content copied to clipboard

Example - Multi-signature account:

val signedChallenge = webAuth.signTransaction(
    challengeXdr = challenge.transaction,
    signers = listOf(signer1, signer2, signer3)
)
Content copied to clipboard

Example - With client domain (local signing):

val signedChallenge = webAuth.signTransaction(
    challengeXdr = challenge.transaction,
    signers = listOf(userKeyPair),
    clientDomainKeyPair = clientDomainKeyPair
)
Content copied to clipboard

Example - With client domain (external signing):

val signedChallenge = webAuth.signTransaction(
    challengeXdr = challenge.transaction,
    signers = listOf(userKeyPair),
    clientDomainSigningDelegate = hsmDelegate
)
Content copied to clipboard

Security warning: Only sign validated challenges. Always call validateChallenge before calling this method.

Return

Base64-encoded signed transaction XDR

Parameters

challengeXdr

Base64-encoded challenge transaction XDR

signers

List of keypairs to sign with (must have private keys)

clientDomainKeyPair

Optional keypair for local client domain signing

clientDomainSigningDelegate

Optional delegate for external client domain signing

Throws

If parsing fails or transaction is invalid, or both signing methods provided

If transaction type is invalid

Generated by Dokka
© 2026 Copyright