Function authorize_once

Restricts access to an external private or public function so that it can only be called by an authorized account.

Receives the name of a from AztecAddress variable which will be the default authorized account, and the name of a nonce Field variable which is used by from to grant one-time-only access to other accounts.

Usage

The from account can always call an authorize_once function by passing a value of 0 as the nonce. Any other caller requires explicit permission granted by the from account, which 1) will be tied to a specific nonce value that must be passed by the caller, and which can only be used once, and 2) will restrict all other function params to be exactly the ones that have been authorized by from.

Cost

Private functions perform a private authwit check by calling the standard account contract verify_private_authwit function on from with the hash resulting of all function params and the nonce. A nullifier is then emitted, preventing the same permission from being used again. Note that this requires that the caller has access to from's contract class ID and salted initialization hash, as it would otherwise not be possible to call the verify_private_authwit function.

Public functions call the consume function on the AuthRegistry contract, which requires that either a) from first calls the set_authorized public function, or b) that a private authwit check by from is passed for the registry's set_authorized_private function, allowing in turn the caller to privately call set_authorized_private in the same transaction in which the authorize_once function is invoked.