Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix fields explanations on SDP's authentication section #239

Merged
merged 4 commits into from
Sep 25, 2023
Merged

Fix fields explanations on SDP's authentication section #239

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2f83802
Fix SDP Authentication section.
marcelosalloum Sep 21, 2023
a227032
Polishes.
marcelosalloum Sep 21, 2023
c22d9de
Fix typo.
marcelosalloum Sep 21, 2023
26f2f7f
Address feedback.
marcelosalloum Sep 25, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 28 additions & 13 deletions docs/stellar-disbursement-platform/getting-started.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -235,26 +235,41 @@ In `docker-compose-sdp-anchor.yml`, update the following:
<CodeExample>

```yaml
# the public key of the account used for authentication
# it should be the same public key for both attributes
SEP10_ACCOUNT:
# The public key of the Stellar account used for SEP-10 authentication:
SEP10_SIGNING_PUBLIC_KEY:
# the private key of the account used for authentication
# it should be the same secret key for both attributes
#
# The private key of the Stellar account used for SEP-10 authentication. It
# should be the same secret key for both attributes below, for the Stellar
# Disbursement Platform and Anchor Platform:
SEP10_SIGNING_PRIVATE_KEY:
SECRET_SEP10_SIGNING_SEED:
# the encryption key (any secret string) for the authentication token shared with wallets
# it should be the same key for both attributes
SEP24_JWT_SECRET:
#
# The encryption key used to sign the resulting SEP-10 JWT token:
SECRET_SEP10_JWT_SECRET:
# the encryption key for the authentication token used for internal services
# These could be different or the same value
ANCHOR_PLATFORM_OUTGOING_JWT_SECRET:
#
# A shared encryption key used to sign JWT tokens in the SEP-24 from the Anchor
# Platform to the Stellar Disbursement Platform. The value needs to be the same
# for all three attributes below:
SEP24_JWT_SECRET:
SECRET_SEP24_INTERACTIVE_URL_JWT_SECRET:
SECRET_SEP24_MORE_INFO_URL_JWT_SECRET:
# used to encrypt passwords of the SDP users
# NOTE: you'll need to recreate any existing users in the database if this is reset
#
# A shared encryption key used to sign JWT tokens in the PlatformAPI
# communications from the Stellar Disbursement Platform to the Anchor Platform.
# The value needs to be the same for both attributes below:
ANCHOR_PLATFORM_OUTGOING_JWT_SECRET:
SECRET_PLATFORM_API_AUTH_SECRET:
#
# The private key is used to sign JWT tokens for authenticating the requests
# incoming to the Stellar Disbursement Platform. The Public key is used to
# validate that the JWT token was signed by the SDP's private key. They can be
# generated with these commands:
# openssl ecparam -name prime256v1 -genkey -noout -out ec_private_key.pem
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if you think it might be helpful to mention briefly what the EC256 encryption scheme is or its use case to provide context to those unfamiliar with it

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's extensive content on elliptic curve encryption on the internet. The goal of this section is to help people configure their instances, rather than explaining these kinds of concepts that are broadly available on the internet.

Also, adding content into comments like we're doing in this section is just for straightforward directions.

Let me know if you think strongly otherwise, I can go back here and edit this section later.

# openssl pkcs8 -topk8 -nocrypt -in ec_private_key.pem -out ec_private_key_pkcs8.pem
# openssl ec -in ec_private_key.pem -pubout -out ec_public_key.pem
EC256_PUBLIC_KEY:
EC256_PRIVATE_KEY:
#
```

</CodeExample>
Expand Down