stellar-sdk/com.soneso.stellar.sdk.sep.sep45/WebAuthForContracts/validateChallenge

validateChallenge

suspend fun validateChallenge(authEntries: List<SorobanAuthorizationEntryXdr>, clientAccountId: String, homeDomain: String? = null, clientDomainAccountId: String? = null)

Validates the authorization entries from the challenge response.

This performs the security validation checks required by SEP-45:

  1. No sub-invocations in any entry

  2. Contract address matches WEB_AUTH_CONTRACT_ID

  3. Function name is "web_auth_verify"

  4. Arguments validation (account, home_domain, web_auth_domain, nonce, etc.)

  5. Server entry exists with valid signature

  6. Client entry exists

  7. Client domain entry exists (if client domain provided)

Parameters

authEntries

Entries to validate

clientAccountId

Expected client contract account

homeDomain

Expected home domain. Defaults to server home domain.

clientDomainAccountId

Expected client domain account (if using client domain)

Throws

If any validation check fails

Generated by Dokka
© 2026 Copyright