Update challenge transaction helpers for SEP-10 v1.3.0

[leighmcculloch]

Summary

A change has been released in SEP-10 Web Authentication v1.3.0 that adds support for:

1. Accounts not using the master key as a signer.
2. Accounts multiple signers.

SEP-10 v1.3.0 Change: stellar/stellar-protocol@ea0d7ed

The new functionality requires changes to any SDK implementing challenge verification.

Details and Reference Implementations

The Stellar Go SDK is the first SDK we've implemented this new functionality and it can be used as a reference. It has implemented the following changes and similar changes may be required in this SDK:

• Deprecated the existing verification function (VerifyChallengeTx).
• Added new functions to:
  • Read the client account ID out of a challenge transaction without verifying client signatures, so that servers can lookup the signers of the account before verifying. (ReadChallengeTx)
  • Verify signatures on a challenge transaction meet a threshold. (VerifyChallengeTxThreshold)
  • Verify signatures on a challenge transaction match signers. (VerifyChallengeTxSigners)
• Increased the timeout on the challenge transaction from 5 minutes to 15 minutes.

Go SDK Change: stellar/go@8ff0848

An example of a SEP-10 server using the v1.3.0 verification process is implemented here:
https://github.com/stellar/go/tree/master/exp/services/webauth

If anyone has any questions feel free to join us in #dev-discussion in stellar.public Keybase.

[fracek]

This issue was fixed in #232. We imported all tests from go.

[leighmcculloch]

Nice, that was fast! 🎉

I took a quick look post merge at how the signatures were being matched and left one suggestion on the PR. I left the comment here: #232 (review).