💬 This week I’m revisiting a discussion that I highlighted in Issue #54: a protocol that outlines how a client can prove to a web server that the application requesting the relevant operation is owned by the client.
To recap how this discussion started: Several SEP-24 and SEP-6 anchors have asked for a standardized way to verify the wallet application used to process a particular transaction. The original proposal mentioned that this functionality could be added to SEP-24, but has since evolved into a completely separate proposal: SEP-0034: Wallet Attribution.
SEP-0034 allows wallets to pass cryptographically signed tokens containing a transaction ID to anchor servers. An anchor can verify that the token was signed using the wallet’s signing server’s
SIGNING_KEY, listed on the wallet server’s
stellar.toml. This verification ensures the wallet takes ownership of the client requesting the particular transaction with the anchor. By having access to this type of information anchors could wave the fees for the users of a particular wallet, or simply track the client applications used to connect to the anchor server.