What is the "auth" token I see in my debug logs?

It is the "use once and destroy" key that is generated by the Secondary Access Node (SAN) whenever a Swarm node has to redirect to another.  It is not related to authentication and authorization. 

What happens is that the Primary Access Node (PAN) says "I can't perform this operation, so who else can?"  A SAN replies that it can accept the operation and it gives the PAN the "auth" key to include in the redirect. The SAN responds to the client: 

HTTP/1.1 301 Redirect
Location: http://SAN/dbb8582edc...6f9c0cf346?alias=yes&auth=9712c833b18dc4168ac1b91b5f772307 

When the SAN gets the request from the client, it verifies the auth key is one that it has given out recently then it removes the key from its internal list. 

If the auth key is not valid, the Swarm node ignores "auth" and acts like a PAN and asks other nodes if they can perform the operation.

© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.