Fix: Remove SEP-45 client domain attribution and fix server signing (#981)

philipliu · web-flow · commit 526bef7fc46d · 2025-12-09T12:03:16.000-05:00
### What

This removes the SEP-45 client attribution requirement since embedded
wallets currently do not have a concept of a client domain. It also
fixes a bug where the server auth entry is not present in the challenge
auth entries.

### Why

Blocking SEP-45 client-side implementation.

### Known limitations

N/A

### Checklist

- [x] Title follows `SDP-1234: Add new feature` or `Chore: Refactor
package xyz` format. The Jira ticket code was included if available.
- [x] PR has a focused scope and doesn't mix features with refactoring
- [x] Tests are included (if applicable)
- [ ] `CHANGELOG.md` is updated (if applicable)
- [ ] CONFIG/SECRETS changes are updated in helmcharts and deployments
(if applicable)
- [ ] Preview deployment works as expected
- [ ] Ready for production
diff --git a/internal/services/sep45_service.go b/internal/services/sep45_service.go
@@ -253,8 +253,7 @@ func (s *sep45Service) CreateChallenge(ctx context.Context, req SEP45ChallengeRe
 			TimeBounds: txnbuild.NewTimeout(300),
 		},
 		Operations: []txnbuild.Operation{&txnbuild.InvokeHostFunction{
-			SourceAccount: s.signingKP.Address(),
-			HostFunction:  hostFunction,
+			HostFunction: hostFunction,
 		}},
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -253,8 +253,7 @@ func (s *sep45Service) CreateChallenge(ctx context.Context, req SEP45ChallengeRe`
`253`	`253`	`TimeBounds: txnbuild.NewTimeout(300),`
`254`	`254`	`},`
`255`	`255`	`Operations: []txnbuild.Operation{&txnbuild.InvokeHostFunction{`
`256`		`- SourceAccount: s.signingKP.Address(),`
`257`		`- HostFunction: hostFunction,`
	`256`	`+ HostFunction: hostFunction,`
`258`	`257`	`}},`
`259`	`258`	`}`
`260`	`259`