Explanations
How to guides
Tutorials
Reference
Support
Vidos Homepage
Vidos Dashboard
Explanations
How to guides
Tutorials
Reference
Support
Vidos Homepage
Vidos Dashboard

About Authorizer

The authorizer is a coordinating service in the Vidos ecosystem that orchestrates OpenID for Verifiable Presentations (OpenID4VP) authorization workflows by intelligently delegating credential validation and verification to specialized services. Rather than performing validation or verification directly, the authorizer acts as a protocol-aware coordinator that manages the complex authorization decision process across multiple services.

Why use an Authorizer?

When implementing OpenID4VP authorization flows, applications need to handle complex protocol requirements, coordinate multiple verification steps, and make authorization decisions based on diverse credential formats. The Authorizer simplifies this by:

  • Coordinating complex workflows across validation and verification services without duplicating logic
  • Managing OpenID4VP protocol specifics while delegating credential processing to specialized services
  • Supporting multiple authorization types including JWT-based and device response flows through unified processing
  • Providing parallel processing of validation and verification for optimal performance
  • Maintaining separation of concerns by leveraging purpose-built services for their specialized functions
  • Standardizing authorization results into consistent OpenID4VP-compliant responses

By orchestrating the authorization workflow rather than implementing all capabilities directly, the Authorizer enables robust, standards-compliant authorization while maintaining the flexibility and scalability that comes from service composition.

What is an Authorizer?

An authorizer functions as an intelligent coordinator that manages OpenID4VP authorization workflows by parsing authorization requests, delegating processing to appropriate services, and synthesizing results into authorization decisions. It handles the protocol-specific aspects of OpenID4VP while leveraging other Vidos services for the actual credential processing work.

The Authorizer operates through three coordinated authorization policies:

  • Format Policy - Performs direct JWT parsing, presentation submission processing, and data normalization within the authorizer service
  • Validate Policy - Delegates structural and content validation to the configured validator service instance
  • Verify Policy - Delegates cryptographic verification to the configured verifier service instance

This hybrid approach combines direct protocol handling with intelligent service delegation, optimizing both performance and maintainability while ensuring OpenID4VP compliance.

Authorizer Architecture

The authorizer in Vidos has two main components that work together to provide authorization coordination:

  1. Authorizer Service: The core implementation that orchestrates the authorization workflow through coordinated policies
  2. Authorizer Management Service: Enables configuration and management of authorizer instances for different authorization requirements

Vidos supports creating multiple authorizer instances, each with its own policy configuration and service delegation settings, to support different authorization requirements within your organization.

The Authorizer coordinates with other Vidos services through configurable service instance references:

  • Delegates to Validator Service for presentation definition validation and credential query processing
  • Delegates to Verifier Service for signature verification and cryptographic proof validation
  • Indirectly utilizes Resolver Service through the verifier for DID document retrieval

Authorization Process

When an OpenID4VP authorization request is received, the Authorizer orchestrates processing through a coordinated workflow:

  1. Format Processing - The format policy directly parses JWT tokens, extracts presentation submissions, and normalizes data structures
  2. Parallel Delegation - After successful formatting, validate and verify policies execute concurrently:
    • Validation Delegation - Sends structured data to the validator service for presentation definition compliance
    • Verification Delegation - Sends credentials to the verifier service for cryptographic validation
  3. Result Synthesis - Combines results from all policies into a unified authorization decision
  4. Response Generation - Returns OpenID4VP-compliant authorization responses with detailed result information

This coordinated approach ensures comprehensive evaluation while maintaining optimal performance through parallel processing and intelligent service delegation.

Use Cases

The Authorizer Service supports various OpenID4VP authorization scenarios:

  • Credential presentation authorization - Coordinate validation and verification of credential presentations against presentation definitions
  • Mobile device authorization - Support device response authorization flows optimized for mobile wallet interactions
  • Multi-format credential processing - Handle JWT, mDL, and Data Integrity credentials through unified authorization workflows
  • Policy-based authorization - Apply configurable validation and verification policies through service delegation
  • Standards-compliant authorization - Ensure OpenID4VP protocol compliance while leveraging specialized service capabilities
  • High-performance authorization - Optimize authorization workflows through parallel policy execution and intelligent coordination

By providing coordinated authorization capabilities, the Authorizer Service enables robust OpenID4VP implementations that leverage the full power of the Vidos service ecosystem.

Summary

The Authorizer is a coordinating service in the Vidos ecosystem that:

  • Orchestrates OpenID4VP authorization workflows through intelligent service delegation
  • Combines direct protocol processing with specialized service coordination for optimal performance
  • Supports multiple authorization types and credential formats through unified policy coordination
  • Provides parallel processing of validation and verification for efficient authorization decisions
  • Maintains OpenID4VP compliance while leveraging the specialized capabilities of other Vidos services
  • Enables flexible, scalable authorization implementations through configurable service delegation

By acting as an intelligent coordinator rather than implementing all capabilities directly, the Authorizer provides the benefits of service composition while ensuring robust, standards-compliant OpenID4VP authorization workflows.

ON THIS PAGE