Authorizer Configuration Reference

This reference documents the configuration options for the authorizer service. The authorizer works with validator and verifier services to process verification requests and relies on the resolver for DID document retrieval.

Core Configuration

This section documents the complete configuration provided by Vidos.

{
    "cors": {
        "enabled": false,
        "allowHeaders": [],
        "allowMethods": ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"],
        "credentials": false,
        "exposeHeaders": [],
        "maxAge": 86400,
        "origin": ["*"]
    },
    "policies": {
        "validate": {
            "skip": false,
            "validator": {
                "type": "managed"
            }
        },
        "verify": {
            "skip": false,
            "verifier": {
                "type": "managed"
            }
        }
    },
    "openId4vp": {
        "authorizationEndpoint": "openid4vp:",
        "expiresAfter": 300000,
        "clientMetadata": {
            "clientName": "Vidos",
            "clientUri": "https://vidos.id",
            "location": "vidos.id",
            "logoUri": "https://vidos.id/docs/vidos-logo-long.svg"
        }
    }
}

Configuration Schema

The complete JSON Schema for the authorizer configuration is available:

Configuration Options

cors Configuration

For CORS configuration options see the CORS Configuration Reference.

policies Configuration

The policies section configures how the authorizer integrates with other Vidos services for credential validation and verification.

validate

Controls credential validation behavior through the validator service.

  • Type: object
  • Properties:
    • skip: boolean
    • validator: Service instance reference
  • Default:
    {
        "skip": false,
        "validator": {
            "type": "managed"
        }
    }
  • Description: Configures whether and how credential validation should be performed

Example configuration with managed validator:

{
    "policies": {
        "validate": {
            "skip": false,
            "validator": {
                "type": "managed"
            }
        }
    }
}

Example configuration with custom validator instance:

{
    "policies": {
        "validate": {
            "skip": false,
            "validator": {
                "type": "instance",
                "resourceId": "custom-validator-instance",
                "serviceRole": {
                    "owner": "account",
                    "resourceId": "validator-admin-role"
                }
            }
        }
    }
}

Example configuration skipping validation:

{
    "policies": {
        "validate": {
            "skip": true,
            "validator": {
                "type": "managed"
            }
        }
    }
}

verify

Controls credential verification behavior through the verifier service.

  • Type: object
  • Properties:
    • skip: boolean
    • verifier: Service instance reference
  • Default:
    {
        "skip": false,
        "verifier": {
            "type": "managed"
        }
    }
  • Description: Configures whether and how credential verification should be performed

Example configuration with managed verifier:

{
    "policies": {
        "verify": {
            "skip": false,
            "verifier": {
                "type": "managed"
            }
        }
    }
}

Example configuration with custom verifier instance:

{
    "policies": {
        "verify": {
            "skip": false,
            "verifier": {
                "type": "instance",
                "resourceId": "custom-verifier-instance",
                "serviceRole": {
                    "owner": "account",
                    "resourceId": "verifier-admin-role"
                }
            }
        }
    }
}

Example configuration skipping verification:

{
    "policies": {
        "verify": {
            "skip": true,
            "verifier": {
                "type": "managed"
            }
        }
    }
}

openId4vp Configuration

The openId4vp section configures the OpenID for Verifiable Presentations settings.

  • Type: object
  • Properties:
    • authorizationEndpoint: string
    • expiresAfter: number
    • clientMetadata: Client metadata object
  • Description: Controls OpenID4VP protocol settings and client information

authorizationEndpoint

expiresAfter

  • Type: number
  • Default: 300000 (milliseconds = 5 minutes)
  • Description: Expiration time in milliseconds for authorization requests
  • Effects:
    • Controls how long authorization requests remain valid
    • Affects security window for presentations
    • Influences user experience timeframe

clientMetadata

Controls client information displayed to users during authorization flows.

  • Type: object
  • Properties:
    • clientName: string
    • clientUri: string
    • location: string
    • logoUri: string
  • Default:
    {
        "clientName": "Vidos",
        "clientUri": "https://vidos.id",
        "location": "vidos.id",
        "logoUri": "https://vidos.id/docs/vidos-logo-long.svg"
    }
  • Description: Client metadata used in OpenID4VP flows

Example custom configuration:

{
    "openId4vp": {
        "authorizationEndpoint": "openid4vp:",
        "expiresAfter": 600000,
        "clientMetadata": {
            "clientName": "My Credential Verifier",
            "clientUri": "https://verifier.example.com",
            "location": "verifier.example.com",
            "logoUri": "https://verifier.example.com/logo.svg"
        }
    }
}

Service Instance References

Both the validator and verifier properties use service instance references to specify which service instances should be used. For complete configuration options and examples, see the Service Instances Reference and Service Roles Reference.

Configuration Scenarios

Basic Setup

Minimal configuration using all managed services:

{
    "cors": {
        "enabled": true,
        "origin": ["https://myapp.example.com"]
    },
    "policies": {
        "validate": {
            "skip": false,
            "validator": {
                "type": "managed"
            }
        },
        "verify": {
            "skip": false,
            "verifier": {
                "type": "managed"
            }
        }
    },
    "openId4vp": {
        "clientMetadata": {
            "clientName": "My Verifier App"
        }
    }
}

Custom Integration

Configuration using custom validator and verifier instances:

{
    "policies": {
        "validate": {
            "skip": false,
            "validator": {
                "type": "instance",
                "resourceId": "custom-validator",
                "serviceRole": {
                    "owner": "account",
                    "resourceId": "validator-admin"
                }
            }
        },
        "verify": {
            "skip": false,
            "verifier": {
                "type": "instance",
                "resourceId": "custom-verifier",
                "serviceRole": {
                    "owner": "account",
                    "resourceId": "verifier-admin"
                }
            }
        }
    }
}

Skipping Validation

Configuration that skips validation but keeps verification:

{
    "policies": {
        "validate": {
            "skip": true,
            "validator": {
                "type": "managed"
            }
        },
        "verify": {
            "skip": false,
            "verifier": {
                "type": "managed"
            }
        }
    }
}

Additional Resources