You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It doesn't make sense for the wallet backend to use SEP-24's callback signature as a means for authenticating clients. Instead, the wallet backend should use an authentication method that is more familiar to clients of backend web services.
What would you like to see?
First, we should determine the wallet backend should enforce any form of authentication. If the wallet backend is intended to always be deployed within a business' internal infrastructure then it may be acceptable to make authentication optional or omit it entirely. Another approach may be to recommend businesses deploy a the wallet backend with a proxy server that handles client authentication before forwarding requests.
If we do decide to implement authentication directly into the wallet backend, we should consider the tried-and-true approaches we see implemented by other backend web services.
The text was updated successfully, but these errors were encountered:
What problem does your feature solve?
It doesn't make sense for the wallet backend to use SEP-24's callback signature as a means for authenticating clients. Instead, the wallet backend should use an authentication method that is more familiar to clients of backend web services.
What would you like to see?
First, we should determine the wallet backend should enforce any form of authentication. If the wallet backend is intended to always be deployed within a business' internal infrastructure then it may be acceptable to make authentication optional or omit it entirely. Another approach may be to recommend businesses deploy a the wallet backend with a proxy server that handles client authentication before forwarding requests.
If we do decide to implement authentication directly into the wallet backend, we should consider the tried-and-true approaches we see implemented by other backend web services.
The text was updated successfully, but these errors were encountered: