From 2f83802a180914bd26f280ad167ae53d798ac13c Mon Sep 17 00:00:00 2001 From: Marcelo Salloum Date: Thu, 21 Sep 2023 11:26:12 -0700 Subject: [PATCH 1/4] Fix SDP Authentication section. --- .../getting-started.mdx | 34 ++++++++++++------- 1 file changed, 21 insertions(+), 13 deletions(-) diff --git a/docs/stellar-disbursement-platform/getting-started.mdx b/docs/stellar-disbursement-platform/getting-started.mdx index 21a7b88b5..059729fac 100644 --- a/docs/stellar-disbursement-platform/getting-started.mdx +++ b/docs/stellar-disbursement-platform/getting-started.mdx @@ -235,25 +235,33 @@ In `docker-compose-sdp-anchor.yml`, update the following: ```yaml -# the public key of the account used for authentication -# it should be the same public key for both attributes -SEP10_ACCOUNT: +# the public key of the Stellar account used for SEP-10 authentication SEP10_SIGNING_PUBLIC_KEY: -# the private key of the account used for authentication -# it should be the same secret key for both attributes +# +# the private key of the Stellar account used for SEP-10 authentication +# it should be the same secret key for both attributes, in SDP and AP SEP10_SIGNING_PRIVATE_KEY: SECRET_SEP10_SIGNING_SEED: -# the encryption key (any secret string) for the authentication token shared with wallets -# it should be the same key for both attributes -SEP24_JWT_SECRET: +# +# The secret used to sign the resulting SEP-10 JWT token. This should be a strong random string for encryption. SECRET_SEP10_JWT_SECRET: -# the encryption key for the authentication token used for internal services -# These could be different or the same value -ANCHOR_PLATFORM_OUTGOING_JWT_SECRET: +# +# A shared encryption key used to sign JWT tokens in the SEP24 communications from AP->SDP. +# The value needs to be the same for all three attributes below. +SEP24_JWT_SECRET: SECRET_SEP24_INTERACTIVE_URL_JWT_SECRET: SECRET_SEP24_MORE_INFO_URL_JWT_SECRET: -# used to encrypt passwords of the SDP users -# NOTE: you'll need to recreate any existing users in the database if this is reset +# +# A shared encryption key used to sign JWT tokens in the PlatformAPI communications from SDP->AP. +# The value needs to be the same for both attributes below. +ANCHOR_PLATFORM_OUTGOING_JWT_SECRET: +SECRET_PLATFORM_API_AUTH_SECRET: +# The private key is used to sign JWT tokens for authenticating the requests incoming to the SDP. The Public key is used +# to validate that the JWT token was signed by the SDP's prvate key. They can be generated with these commands: +# openssl ecparam -name prime256v1 -genkey -noout -out ec_private_key.pem +# openssl pkcs8 -topk8 -nocrypt -in ec_private_key.pem -out ec_private_key_pkcs8.pem +# openssl ec -in ec_private_key.pem -pubout -out ec_public_key.pem +EC256_PUBLIC_KEY: EC256_PRIVATE_KEY: ``` From a227032ed6e2069e00bdc5f96d67f5036cafc258 Mon Sep 17 00:00:00 2001 From: Marcelo Salloum Date: Thu, 21 Sep 2023 11:57:24 -0700 Subject: [PATCH 2/4] Polishes. --- docs/stellar-disbursement-platform/getting-started.mdx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/stellar-disbursement-platform/getting-started.mdx b/docs/stellar-disbursement-platform/getting-started.mdx index 059729fac..2d2af732f 100644 --- a/docs/stellar-disbursement-platform/getting-started.mdx +++ b/docs/stellar-disbursement-platform/getting-started.mdx @@ -256,6 +256,7 @@ SECRET_SEP24_MORE_INFO_URL_JWT_SECRET: # The value needs to be the same for both attributes below. ANCHOR_PLATFORM_OUTGOING_JWT_SECRET: SECRET_PLATFORM_API_AUTH_SECRET: +# # The private key is used to sign JWT tokens for authenticating the requests incoming to the SDP. The Public key is used # to validate that the JWT token was signed by the SDP's prvate key. They can be generated with these commands: # openssl ecparam -name prime256v1 -genkey -noout -out ec_private_key.pem @@ -263,6 +264,7 @@ SECRET_PLATFORM_API_AUTH_SECRET: # openssl ec -in ec_private_key.pem -pubout -out ec_public_key.pem EC256_PUBLIC_KEY: EC256_PRIVATE_KEY: +# ``` From c22d9de3b8bb7830d38698a73377e45bd6d3dc20 Mon Sep 17 00:00:00 2001 From: Marcelo Salloum Date: Thu, 21 Sep 2023 15:14:18 -0700 Subject: [PATCH 3/4] Fix typo. --- docs/stellar-disbursement-platform/getting-started.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/stellar-disbursement-platform/getting-started.mdx b/docs/stellar-disbursement-platform/getting-started.mdx index 2d2af732f..77731187c 100644 --- a/docs/stellar-disbursement-platform/getting-started.mdx +++ b/docs/stellar-disbursement-platform/getting-started.mdx @@ -258,7 +258,7 @@ ANCHOR_PLATFORM_OUTGOING_JWT_SECRET: SECRET_PLATFORM_API_AUTH_SECRET: # # The private key is used to sign JWT tokens for authenticating the requests incoming to the SDP. The Public key is used -# to validate that the JWT token was signed by the SDP's prvate key. They can be generated with these commands: +# to validate that the JWT token was signed by the SDP's private key. They can be generated with these commands: # openssl ecparam -name prime256v1 -genkey -noout -out ec_private_key.pem # openssl pkcs8 -topk8 -nocrypt -in ec_private_key.pem -out ec_private_key_pkcs8.pem # openssl ec -in ec_private_key.pem -pubout -out ec_public_key.pem From 26f2f7ff0bcc7ca3d1f8d59927095e26e9e4d379 Mon Sep 17 00:00:00 2001 From: Marcelo Salloum Date: Mon, 25 Sep 2023 11:10:30 -0700 Subject: [PATCH 4/4] Address feedback. --- .../getting-started.mdx | 25 +++++++++++-------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/docs/stellar-disbursement-platform/getting-started.mdx b/docs/stellar-disbursement-platform/getting-started.mdx index 77731187c..13b4661cb 100644 --- a/docs/stellar-disbursement-platform/getting-started.mdx +++ b/docs/stellar-disbursement-platform/getting-started.mdx @@ -235,30 +235,35 @@ In `docker-compose-sdp-anchor.yml`, update the following: ```yaml -# the public key of the Stellar account used for SEP-10 authentication +# The public key of the Stellar account used for SEP-10 authentication: SEP10_SIGNING_PUBLIC_KEY: # -# the private key of the Stellar account used for SEP-10 authentication -# it should be the same secret key for both attributes, in SDP and AP +# The private key of the Stellar account used for SEP-10 authentication. It +# should be the same secret key for both attributes below, for the Stellar +# Disbursement Platform and Anchor Platform: SEP10_SIGNING_PRIVATE_KEY: SECRET_SEP10_SIGNING_SEED: # -# The secret used to sign the resulting SEP-10 JWT token. This should be a strong random string for encryption. +# The encryption key used to sign the resulting SEP-10 JWT token: SECRET_SEP10_JWT_SECRET: # -# A shared encryption key used to sign JWT tokens in the SEP24 communications from AP->SDP. -# The value needs to be the same for all three attributes below. +# A shared encryption key used to sign JWT tokens in the SEP-24 from the Anchor +# Platform to the Stellar Disbursement Platform. The value needs to be the same +# for all three attributes below: SEP24_JWT_SECRET: SECRET_SEP24_INTERACTIVE_URL_JWT_SECRET: SECRET_SEP24_MORE_INFO_URL_JWT_SECRET: # -# A shared encryption key used to sign JWT tokens in the PlatformAPI communications from SDP->AP. -# The value needs to be the same for both attributes below. +# A shared encryption key used to sign JWT tokens in the PlatformAPI +# communications from the Stellar Disbursement Platform to the Anchor Platform. +# The value needs to be the same for both attributes below: ANCHOR_PLATFORM_OUTGOING_JWT_SECRET: SECRET_PLATFORM_API_AUTH_SECRET: # -# The private key is used to sign JWT tokens for authenticating the requests incoming to the SDP. The Public key is used -# to validate that the JWT token was signed by the SDP's private key. They can be generated with these commands: +# The private key is used to sign JWT tokens for authenticating the requests +# incoming to the Stellar Disbursement Platform. The Public key is used to +# validate that the JWT token was signed by the SDP's private key. They can be +# generated with these commands: # openssl ecparam -name prime256v1 -genkey -noout -out ec_private_key.pem # openssl pkcs8 -topk8 -nocrypt -in ec_private_key.pem -out ec_private_key_pkcs8.pem # openssl ec -in ec_private_key.pem -pubout -out ec_public_key.pem