SEP-10 Client Attribution Support

[JakeUrban]

SEP-10 Client Attribution Support

A web service requiring SEP-10 authentication may want to attribute each HTTP request made to it to a specific client software. For example, a web service may want to offer reduced fees for the users of a specific client.

SEP-10 client attribution, detailed in the protocol specification, adds support for this capability.

Changes

The following changes are required to support this functionality:

• Building the challenge transaction:
  • Add client_domain (clientDomain) and client_signing_key (clientSigningKey) optional parameters
  • Adding a ManageData operation with 'client_domain' as the key and the client_signing_key parameter value as the value if these parameters are passed
• Verifying the challenge transaction:
  • Checking for a ManageData op with 'client_domain' as the key and checking for a signature from the operation's source account if present
  • Allowing the source of the 'client_domain' ManageData operation to not equal the server's account

For reference, the Python SDK has implemented the above changes.

Please implement and release a new version of the SDK with these changes, thank you!

[JakeUrban]

For tracking: stellar/go#3780 @leighmcculloch