Create an authenticator function

Account Abstraction Beta

Account Abstraction is currently in beta and therefore only available on Devnet.
If you test it out, please share your feedback with us in the IOTA Builders Discord.

This how-to demonstrates how to create a basic authenticator function in Move.

Recommended reading

This guide builds on the Create an Account Using the Builder Pattern how-to. Reviewing that one first will help you understand the account creation used here.

Example Code

1. First create a function which has the #[authenticator] attribute. This makes the function eligible to be used as an authenticator for an account.
2. Make sure the function parameters conform with the authenticator requirements. In this example as a middle parameter we take a message of type String which the authenticator will check.

#[authenticator]
public fun authenticate_function(
    _account: &Account,
    msg: std::ascii::String,
    _auth_ctx: &iota::auth_context::AuthContext,
    _ctx: &TxContext,
) {

3. Implement the authentication logic. In this example, the authenticator simply checks that the provided message is "hello". If the assertion fails, the transaction will be rejected.

    assert!(msg == std::ascii::string(b"hello"), 0);

Going further with AuthContext

The authenticator above only uses TxContext (to access the transaction digest for signature verification). More advanced authenticators can also use AuthContext to inspect what the transaction will do — which functions it calls, which objects it involves, and what values it passes — before deciding to authorize it. See the following how-tos:

• Control function call permissions of Account
• Enforce a Per-Transaction Spending Limit
• Create Time-Locked Account

Full Code Example

#[authenticator]
public fun authenticate_function(
    _account: &Account,
    msg: std::ascii::String,
    _auth_ctx: &iota::auth_context::AuthContext,
    _ctx: &TxContext,
) {
    assert!(msg == std::ascii::string(b"hello"), 0);
}