Authorizer Service Reference
This reference documentation provides comprehensive details about the authorizer service, its OpenID4VP capabilities, authorization policies, and integration with other Vidos services.
Overview
The authorizer service orchestrates the OpenID for Verifiable Presentations (OpenID4VP) authorization workflow by coordinating credential validation and verification through other Vidos services. Rather than performing validation or verification directly, the authorizer acts as an intelligent coordinator that parses authorization requests, delegates processing to specialized services, and manages the overall authorization decision process.
The authorizer handles multiple authorization flows including JWT-based authorization and device response authorization, supporting various credential formats while maintaining OpenID4VP protocol compliance. By leveraging the validator and verifier services, it ensures comprehensive evaluation of presentations while providing a unified authorization interface.
API Reference
The Authorizer service exposes RESTful APIs for performing authorization requests. The API provides endpoints for:
For detailed API documentation, including request/response formats, error codes, and usage examples, see the API Reference.
Authorization Policies
The authorizer implements modular authorization policies that process OpenID4VP requests through a coordinated workflow:
| Policy | Description | Processing Type |
|---|---|---|
| Format | Parses and formats authorization request data | Direct processing |
| Validate | Delegates structural validation to validator service | Service delegation |
| Verify | Delegates cryptographic verification to verifier service | Service delegation |
The format policy performs direct JWT parsing and data normalization within the authorizer, while validate and verify policies coordinate with external services for specialized processing. This hybrid approach optimizes performance through parallel service delegation while maintaining OpenID4VP-specific protocol handling.
See the Policies Reference for comprehensive details on all authorization policies, execution order, and coordination workflows.
Supported Authorization Types
The authorizer supports different OpenID4VP authorization flows based on request structure:
| Authorization Type | Description | Use Case | Policy Support |
|---|---|---|---|
| JWT-based Authorization | Standard OpenID4VP with JWT VP tokens | Standard OpenID4VP flows | Format + Validate + Verify |
| Device Response Authorization | Mobile device authorization flows | Mobile device optimization | Format + Validate + Verify |
| ID Token Flows | Enhanced authentication context | Additional identity verification | Format + Verify (no validate) |
Standards Support
The authorizer coordinates verification across multiple credential and presentation standards through service delegation:
| Standard | Organization | Support Level | Processing Method | Notes |
|---|---|---|---|---|
| OpenID4VP | OpenID | Full | Direct + Delegation | Core authorization protocol |
| DIF Presentation Exchange | DIF | Full | Delegation | Presentation definition validation |
| W3C Verifiable Credentials v1.1 | W3C | Full | Delegation | Via validator/verifier services |
| W3C Verifiable Credentials v2.0 | W3C | Full | Delegation | Via validator/verifier services |
| IETF JWT Credentials | IETF | Full | Direct + Delegation | JWT parsing + service verification |
| IETF SD-JWT Credentials | IETF | Full | Direct + Delegation | Selective disclosure support |
| ISO 18013-5 (mDL) | ISO | Full | Delegation | Via validator/verifier services |
The authorizer directly handles OpenID4VP protocol specifics and JWT parsing, while delegating credential-specific validation and verification to specialized services. This architecture enables comprehensive standards support while maintaining clear separation of concerns.
Configuration
The authorizer service configuration controls OpenID4VP behavior, service delegation, and client presentation settings. Key configuration areas include:
- CORS Configuration: Controls cross-origin access for web-based authorization flows
- Policy Configuration: Specifies validator and verifier service instances and delegation behavior
- OpenID4VP Settings: Configures authorization endpoints, expiration times, and client metadata
For comprehensive information about configuring the authorizer service, including all available options, policy settings, service instance references, and integration capabilities, see the Configuration Reference.
Service Integration
The authorizer integrates with other Vidos services through configurable service instance references:
Validator Service Integration
The authorizer delegates structural and content validation to the validator service through the validate policy. This includes:
- Presentation Definition Validation: Ensures VP tokens satisfy presentation definition requirements
- Credential Query Processing: Validates presentation submissions against credential queries
- Format Validation: Confirms credential structural integrity
For details on validation processes, see the Validator Service Documentation.
Verifier Service Integration
The authorizer delegates cryptographic verification to the verifier service through the verify policy. This includes:
- Signature Verification: Validates cryptographic proofs and digital signatures
- Trust Chain Validation: Verifies issuer trust relationships
- Credential Status Checking: Confirms credentials have not been revoked
For details on verification processes, see the Verifier Service Documentation.
Resolver Service Integration
The authorizer relies on the resolver service for DID document retrieval during the verification process, though this integration is handled transparently through the verifier service.
For details on DID resolution, see the Resolver Service Documentation.
Additional Resources
- Authorization Policies Reference - Detailed policy documentation and coordination workflows
- Authorizer Configuration Reference - Complete configuration options and examples
- Validator Service Documentation - For validation processes and policies
- Verifier Service Documentation - For verification processes and policies
- Resolver Service Documentation - For DID resolution capabilities
- OpenID for Verifiable Presentations - Core authorization standard
- DIF Presentation Exchange - Presentation definition standard
- Understanding Vidos Services - Service architecture and composition patterns