This reference documentation provides comprehensive details about the authorizer service, its OpenID4VP capabilities, authorization policies, and integration with other Vidos services.
The authorizer service orchestrates the OpenID for Verifiable Presentations (OpenID4VP) authorization workflow by coordinating credential validation and verification through other Vidos services. Rather than performing validation or verification directly, the authorizer acts as an intelligent coordinator that parses authorization requests, delegates processing to specialized services, and manages the overall authorization decision process.
The authorizer handles multiple authorization flows including JWT-based authorization and device response authorization, supporting various credential formats while maintaining OpenID4VP protocol compliance. By leveraging the validator and verifier services, it ensures comprehensive evaluation of presentations while providing a unified authorization interface.
The Authorizer service exposes RESTful APIs for performing authorization requests. The API provides endpoints for:
For detailed API documentation, including request/response formats, error codes, and usage examples, see the API Reference.
The authorizer implements modular authorization policies that process OpenID4VP requests through a coordinated workflow:
Policy | Description | Processing Type |
---|---|---|
Format | Parses and formats authorization request data | Direct processing |
Validate | Delegates structural validation to validator service | Service delegation |
Verify | Delegates cryptographic verification to verifier service | Service delegation |
The format policy performs direct JWT parsing and data normalization within the authorizer, while validate and verify policies coordinate with external services for specialized processing. This hybrid approach optimizes performance through parallel service delegation while maintaining OpenID4VP-specific protocol handling.
See the Policies Reference for comprehensive details on all authorization policies, execution order, and coordination workflows.
The authorizer supports different OpenID4VP authorization flows based on request structure:
Authorization Type | Description | Use Case | Policy Support |
---|---|---|---|
JWT-based Authorization | Standard OpenID4VP with JWT VP tokens | Standard OpenID4VP flows | Format + Validate + Verify |
Device Response Authorization | Mobile device authorization flows | Mobile device optimization | Format + Validate + Verify |
ID Token Flows | Enhanced authentication context | Additional identity verification | Format + Verify (no validate) |
The authorizer coordinates verification across multiple credential and presentation standards through service delegation:
Standard | Organization | Support Level | Processing Method | Notes |
---|---|---|---|---|
OpenID4VP | OpenID | Full | Direct + Delegation | Core authorization protocol |
DIF Presentation Exchange | DIF | Full | Delegation | Presentation definition validation |
W3C Verifiable Credentials v1.1 | W3C | Full | Delegation | Via validator/verifier services |
W3C Verifiable Credentials v2.0 | W3C | Full | Delegation | Via validator/verifier services |
IETF JWT Credentials | IETF | Full | Direct + Delegation | JWT parsing + service verification |
IETF SD-JWT Credentials | IETF | Full | Direct + Delegation | Selective disclosure support |
ISO 18013-5 (mDL) | ISO | Full | Delegation | Via validator/verifier services |
The authorizer directly handles OpenID4VP protocol specifics and JWT parsing, while delegating credential-specific validation and verification to specialized services. This architecture enables comprehensive standards support while maintaining clear separation of concerns.
The authorizer service configuration controls OpenID4VP behavior, service delegation, and client presentation settings. Key configuration areas include:
For comprehensive information about configuring the authorizer service, including all available options, policy settings, service instance references, and integration capabilities, see the Configuration Reference.
The authorizer integrates with other Vidos services through configurable service instance references:
The authorizer delegates structural and content validation to the validator service through the validate policy. This includes:
For details on validation processes, see the Validator Service Documentation.
The authorizer delegates cryptographic verification to the verifier service through the verify policy. This includes:
For details on verification processes, see the Verifier Service Documentation.
The authorizer relies on the resolver service for DID document retrieval during the verification process, though this integration is handled transparently through the verifier service.
For details on DID resolution, see the Resolver Service Documentation.