Authorizer Configuration Reference
This reference documents the configuration options for the authorizer service. The authorizer works with validator and verifier services to process verification requests and relies on the resolver for DID document retrieval.
Core Configuration
Section titled “Core Configuration”This section documents the complete configuration provided by Vidos.
{ "cors": { "enabled": false, "allowHeaders": [], "allowMethods": ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"], "credentials": false, "exposeHeaders": [], "maxAge": 86400, "origin": ["*"] }, "policies": { "validate": { "skip": false, "validator": { "type": "managed" } }, "verify": { "skip": false, "verifier": { "type": "managed" } } }, "openId4vp": { "authorizationEndpoint": "openid4vp:", "expiresAfter": 300000, "clientMetadata": { "clientName": "Vidos", "clientUri": "https://vidos.id", "location": "vidos.id", "logoUri": "https://vidos.id/docs/vidos-logo-long.svg" }, "trustAnchor": { "type": "vidos", "anchor": "root" } }}Configuration Schema
Section titled “Configuration Schema”The complete JSON Schema for the authorizer configuration is available:
Configuration Options
Section titled “Configuration Options”policies Configuration
Section titled “policies Configuration”The policies section configures how the authorizer integrates with other Vidos services for credential validation and verification.
validate
Section titled “validate”Controls credential validation behavior through the validator service.
- Type:
object - Properties:
skip:booleanvalidator: Service instance reference
- Default:
{"skip": false,"validator": {"type": "managed"}}
- Description: Configures whether and how credential validation should be performed
Example configuration with managed validator:
{ "policies": { "validate": { "skip": false, "validator": { "type": "managed" } } }}Example configuration with custom validator instance:
{ "policies": { "validate": { "skip": false, "validator": { "type": "instance", "resourceId": "custom-validator-instance", "serviceRole": { "owner": "account", "resourceId": "validator-admin-role" } } } }}Example configuration skipping validation:
{ "policies": { "validate": { "skip": true, "validator": { "type": "managed" } } }}verify
Section titled “verify”Controls credential verification behavior through the verifier service.
- Type:
object - Properties:
skip:booleanverifier: Service instance reference
- Default:
{"skip": false,"verifier": {"type": "managed"}}
- Description: Configures whether and how credential verification should be performed
Example configuration with managed verifier:
{ "policies": { "verify": { "skip": false, "verifier": { "type": "managed" } } }}Example configuration with custom verifier instance:
{ "policies": { "verify": { "skip": false, "verifier": { "type": "instance", "resourceId": "custom-verifier-instance", "serviceRole": { "owner": "account", "resourceId": "verifier-admin-role" } } } }}Example configuration skipping verification:
{ "policies": { "verify": { "skip": true, "verifier": { "type": "managed" } } }}openId4vp Configuration
Section titled “openId4vp Configuration”The openId4vp section configures the OpenID for Verifiable Presentations settings.
- Type:
object - Properties:
authorizationEndpoint:stringexpiresAfter:numberclientMetadata: Client metadata object
- Description: Controls OpenID4VP protocol settings and client information
authorizationEndpoint
Section titled “authorizationEndpoint”- Type:
string(enum) - Default:
"openid4vp:" - Description: The authorization endpoint URI scheme
- See: OpenID for Verifiable Presentations
expiresAfter
Section titled “expiresAfter”- Type:
number - Default:
300000(milliseconds = 5 minutes) - Description: Expiration time in milliseconds for authorization requests
- Effects:
- Controls how long authorization requests remain valid
- Affects security window for presentations
- Influences user experience timeframe
clientMetadata
Section titled “clientMetadata”Controls client information displayed to users during authorization flows.
- Type:
object - Properties:
clientName:stringclientUri:stringlocation:stringlogoUri:string
- Default:
{"clientName": "Vidos","clientUri": "https://vidos.id","location": "vidos.id","logoUri": "https://vidos.id/docs/vidos-logo-long.svg"}
- Description: Client metadata used in OpenID4VP flows
Example custom configuration:
{ "openId4vp": { "authorizationEndpoint": "openid4vp:", "expiresAfter": 600000, "clientMetadata": { "clientName": "My Credential Verifier", "clientUri": "https://verifier.example.com", "location": "verifier.example.com", "logoUri": "https://verifier.example.com/logo.svg" } }}trustAnchor
Section titled “trustAnchor”Configures which certificate in the Vidos PKI hierarchy issues the authorization request signing certificate.
- Type:
object - Properties:
type:"vidos"(discriminator)anchor:"root"|"account"|"instance"
- Default:
{"type": "vidos","anchor": "root"}
- Description: Determines which trust anchor issues the authorization request certificate. The certificate is issued directly by the selected anchor. Wallets should be configured to trust the corresponding anchor certificate.
Trust Anchor Options
Section titled “Trust Anchor Options”| Anchor | Description | Use Case |
|---|---|---|
root | Vidos root CA issues the certificate | Default. Wallets trust the Vidos root certificate. |
account | Account-level CA issues the certificate | Wallets trust your account’s intermediate certificate. |
instance | Instance-level CA issues the certificate | Wallets trust this specific authorizer instance certificate. |
HAIP Compliance
Section titled “HAIP Compliance”The authorization request JWT x5c header contains only the leaf certificate (the authorization request signing certificate), issued directly by the selected trust anchor. This complies with HAIP requirements for single-cert x5c chains.
Example configuration with account trust anchor:
{ "openId4vp": { "trustAnchor": { "type": "vidos", "anchor": "account" } }}Example inline override for a specific instance:
{ "instance": { "inlineConfiguration": { "openId4vp": { "trustAnchor": { "type": "vidos", "anchor": "instance" } } } }}Service Instance References
Section titled “Service Instance References”Both the validator and verifier properties use service instance references to specify which service instances should be used. For complete configuration options and examples, see the Service Instances Reference and Service Roles Reference.
Configuration Scenarios
Section titled “Configuration Scenarios”Basic Setup
Section titled “Basic Setup”Minimal configuration using all managed services:
{ "cors": { "enabled": true, "origin": ["https://myapp.example.com"] }, "policies": { "validate": { "skip": false, "validator": { "type": "managed" } }, "verify": { "skip": false, "verifier": { "type": "managed" } } }, "openId4vp": { "clientMetadata": { "clientName": "My Verifier App" } }}Custom Integration
Section titled “Custom Integration”Configuration using custom validator and verifier instances:
{ "policies": { "validate": { "skip": false, "validator": { "type": "instance", "resourceId": "custom-validator", "serviceRole": { "owner": "account", "resourceId": "validator-admin" } } }, "verify": { "skip": false, "verifier": { "type": "instance", "resourceId": "custom-verifier", "serviceRole": { "owner": "account", "resourceId": "verifier-admin" } } } }}Skipping Validation
Section titled “Skipping Validation”Configuration that skips validation but keeps verification:
{ "policies": { "validate": { "skip": true, "validator": { "type": "managed" } }, "verify": { "skip": false, "verifier": { "type": "managed" } } }}