It is the "use once and destroy" key that is generated by the Secondary Access Node (SAN) whenever a Swarm node has to redirect to another. It is not related to authentication and authorization.
What happens is that the Primary Access Node (PAN) says "I can't perform this operation, so who else can?" A SAN replies that it can accept the operation and it gives the PAN the "auth" key to include in the redirect. The SAN responds to the client: