Skip to content
Vidos Logo Vidos

About the authorizer

The authorizer is a coordinating service in the Vidos ecosystem that orchestrates OpenID for Verifiable Presentations (OpenID4VP) authorization workflows by intelligently delegating credential validation and verification to specialized services. Rather than performing validation or verification directly, the authorizer acts as a protocol-aware coordinator that manages the complex authorization decision process across multiple services.

Why use an authorizer?

Section titled “Why use an authorizer?”

When implementing OpenID4VP authorization flows, applications need to handle complex protocol requirements, coordinate multiple verification steps, and make authorization decisions based on diverse credential formats. The Authorizer simplifies this by:

  • Coordinating complex workflows across validation and verification services without duplicating logic
  • Managing OpenID4VP protocol specifics while delegating credential processing to specialized services
  • Supporting multiple authorization types including JWT-based and device response flows through unified processing
  • Providing parallel processing of validation and verification for optimal performance
  • Maintaining separation of concerns by leveraging purpose-built services for their specialized functions
  • Standardizing authorization results into consistent OpenID4VP-compliant responses

By orchestrating the authorization workflow rather than implementing all capabilities directly, the Authorizer enables robust, standards-compliant authorization while maintaining the flexibility and scalability that comes from service composition.

What is an authorizer?

Section titled “What is an authorizer?”

An authorizer orchestrates OpenID4VP authorization workflows by parsing requests, delegating processing to specialized services, and synthesizing results into authorization decisions. It handles protocol-specific aspects while leveraging other Vidos services for credential processing.

The authorizer operates through three policies:

  • Format policy: JWT parsing, presentation submission processing, and data normalization
  • Validate policy: Delegates to validator service for structural and content validation
  • Verify policy: Delegates to verifier service for cryptographic verification

Authorizer architecture

Section titled “Authorizer architecture”

The authorizer in Vidos has two main components that work together to provide authorization coordination:

  1. Authorizer Service: The core implementation that orchestrates the authorization workflow through coordinated policies
  2. Authorizer Management Service: Enables configuration and management of authorizer instances for different authorization requirements

Vidos supports creating multiple authorizer instances, each with its own policy configuration and service delegation settings, to support different authorization requirements within your organization.

flowchart TD
    A[Applications] --> B[Authorizer Instance]
    B --> C[Authorization Policies]
    C --> C1[Format Policy]
    C --> C2[Validate Policy]
    C --> C3[Verify Policy]

    C1 --> D1[JWT Parsing
Direct Processing]
    C2 --> D2[Validator Service
Delegation]
    C3 --> D3[Verifier Service
Delegation]

    D2 --> E1[Structural Validation]
    D3 --> E2[Cryptographic Verification]

    style C1 fill:#e1f5fe
    style C2 fill:#e8f5e8
    style C3 fill:#fff3e0
    style D1 fill:#e1f5fe
    style D2 fill:#e8f5e8
    style D3 fill:#fff3e0

The Authorizer coordinates with other Vidos services through configurable service instance references:

  • Delegates to Validator Service for presentation definition validation and credential query processing
  • Delegates to Verifier Service for signature verification and cryptographic proof validation
  • Indirectly utilizes Resolver Service through the verifier for DID document retrieval

Authorization process

Section titled “Authorization process”

The authorizer orchestrates processing through three stages:

  1. Format processing: Parses JWT tokens, extracts presentation submissions, and normalizes data
  2. Parallel delegation: Sends data to validator and verifier services concurrently
  3. Result synthesis: Combines results into unified authorization decision

Use cases

Section titled “Use cases”
  • Credential presentation authorization: Validate presentations against presentation definitions
  • Mobile device authorization: Support device response flows for mobile wallets
  • Multi-format processing: Handle JWT, mDL, and Data Integrity credentials
  • Standards compliance: Ensure OpenID4VP protocol compliance

Summary

Section titled “Summary”

The authorizer coordinates OpenID4VP authorization workflows by combining direct protocol handling with intelligent service delegation, ensuring standards-compliant authorization while leveraging specialized Vidos service capabilities.