This reference documents the format policy for the authorizer service. The format policy parses and formats authorization request data into a structured format that can be processed by other authorizer policies, handling JWT parsing, presentation submission processing, and data normalization.
The format policy is the foundational component of the authorization workflow that prepares incoming authorization request data for processing. Rather than delegating to external services, this policy performs direct parsing and formatting of the authorization request elements to create a standardized data structure.
The policy's primary responsibilities include:
The format policy must succeed before other authorizer policies (validate and verify) can execute, as they depend on the structured data it produces.
The format policy handles different types of authorization requests based on the presence of specific data elements:
Authorization Type | Description | Key Characteristics | VP Token Handling |
---|---|---|---|
JWT-based Authorization | Standard OpenID4VP with JWT VP tokens | VP token is JWT format, optional ID token | Parses JWT structure, extracts audience and nonce |
Device Response Authorization | Mobile device authorization flows | Includes nonce parameter, device response format | Treats VP token as device response string |
When processing authorization requests, the format policy follows these steps:
The format policy handles JWT parsing for both ID tokens and VP tokens using a consistent approach:
kid
fieldProcessing Step | Description | Validation |
---|---|---|
Presence check | Handles optional ID token gracefully | Returns undefined if not provided |
JWT structure parsing | Validates JWT header and payload format | Ensures well-formed JWT structure |
Schema validation | Validates against ID token payload schema | Checks required claims (sub, aud, iss, etc.) |
VP token extraction | Extracts _vp_token claim when present | Supports presentation submission in ID token |
Processing Step | Description | Validation |
---|---|---|
JWT structure parsing | Validates JWT header and payload format | Ensures well-formed JWT structure |
Schema validation | Validates against VP token payload schema | Checks required claims (iss, exp, iat, etc.) |
Audience extraction | Extracts optional audience claim | Validates audience format when present |
Nonce extraction | Extracts optional nonce claim | Used for verification flow correlation |
The format policy manages presentation submission data from multiple sources with fallback logic:
Source | Priority | Description | Processing |
---|---|---|---|
Provided | 1 | Directly provided in authorization request | Parses JSON string or object format |
ID Token | 2 | Embedded in ID token _vp_token claim | Extracts from parsed ID token payload |
The format policy operates without external configuration as it performs direct parsing. However, its behavior is influenced by the authorization request structure and the presence of specific data elements.
Key aspects:
For overall authorizer configuration, see the Authorizer Configuration Reference.