NonceStoreInterface
Tracks which signed-envelope nonces (see {@see StateSignerInterface}) have already been consumed, so a captured, still-signature-valid request cannot be replayed within the signature's TTL. A nonce is a one-time ticket: the first {@see consume()} call for a given nonce succeeds and marks it spent; every subsequent call for that same nonce — whether the original caller resubmitting or an attacker who captured the request — MUST fail. Implementations own pruning: `$expiresAt` gives them enough information to forget a nonce once the signature it belonged to could no longer verify anyway, without needing a separate sweep/cron process.
NonceStoreInterface::consume()
abstract public function consume(string $nonce, int $expiresAt): boolAtomically checks whether `$nonce` has already been consumed and, if not, marks it consumed. MUST be atomic under concurrent callers for the same nonce — two concurrent calls for the same nonce MUST NOT both observe "not yet consumed".
Parameters
| Name | Type | Description |
|---|---|---|
| $nonce | string | |
| $expiresAt | int | Unix timestamp after which `$nonce` may be pruned; implementations SHOULD retain it at least until this point so a resubmission within the signature's own TTL is reliably caught as a replay. |
Returns
`true` if this call is the first to consume `$nonce` (the caller may proceed); `false` if `$nonce` was already consumed by a prior call (a replay).