This reference documents the authorization policies supported by the authorizer service. These policies coordinate the OpenID4VP authorization workflow by parsing authorization requests, delegating validation and verification to external services, and orchestrating the overall authorization decision process.
The authorizer service implements the following policies for authorization request processing:
Policy | Description | Key Function |
---|---|---|
Format | Parses and formats authorization request data | Transforms raw requests into structured data for processing |
Validate | Delegates structural validation to validator service | Ensures presentations meet definition requirements |
Verify | Delegates cryptographic verification to verifier service | Validates digital signatures and credential integrity |
Each policy can be individually configured through the authorizer configuration. For detailed configuration options for all policies, see the Configuration Reference.
The authorizer executes policies in a specific sequence to ensure efficient authorization processing:
If the format policy fails, subsequent policies are skipped as they require the structured data output. The validate and verify policies run in parallel to optimize authorization performance.
The authorizer policies follow a simple architecture that combines direct processing with service coordination:
This hybrid approach enables the authorizer to:
The authorizer policies support different OpenID4VP authorization flows:
Authorization Type | Format Policy Support | Validate Policy Support | Verify Policy Support | Use Case |
---|---|---|---|---|
JWT-based Authorization | ✅ | ✅ | ✅ | Standard OpenID4VP flows |
Device Response Authorization | ✅ | ✅ | ✅ | Mobile device optimization |
ID Token Flows | ✅ | ❌ | ✅ | Enhanced authentication context |
The authorizer policies coordinate verification across multiple credential and presentation standards:
Standard | Organization | Format Policy | Validate Policy | Verify Policy | Notes |
---|---|---|---|---|---|
OpenID4VP | OpenID | ✅ | ✅ | ✅ | Core authorization protocol |
DIF Presentation Exchange | DIF | ✅ | ✅ | ✅ | Presentation definition validation |
W3C Verifiable Credentials v1.1 | W3C | ❌ | ✅ | ✅ | Delegated to validation/verification services |
W3C Verifiable Credentials v2.0 | W3C | ❌ | ✅ | ✅ | Delegated to validation/verification services |
W3C Data Integrity | W3C | ❌ | ✅ | ✅ | Delegated to validation/verification services |
IETF JWT Credentials | IETF | ✅ | ✅ | ✅ | JWT parsing and delegation |
IETF SD-JWT Credentials | IETF | ✅ | ✅ | ✅ | Selective disclosure support |
ISO 18013-5 (mDL) | ISO | ❌ | ✅ | ✅ | Delegated to validation/verification services |