Validate Policy Reference

This reference documents the validate policy for the authorizer service. The validate policy delegates credential and presentation validation to the configured validator service, handling the coordination and result processing within the authorization workflow.

Policy Overview

The validate policy is a critical component of the authorization workflow that delegates structural and content validation to the configured validator service. Rather than performing validation directly, the authorizer acts as a coordinator, sending presentation data to the validator service and processing the results within the authorization context.

The policy’s primary responsibilities include:

Service delegation: Routing validation requests to the configured validator service instance
Presentation processing: Formatting and sending presentation data through the validator’s API
Result integration: Converting validator service responses into authorizer policy results
Error translation: Mapping validator service errors to authorizer-specific error types

For details on the actual validation processes and policies, see the Validator Service Documentation.

Supported Validation Types

The validate policy delegates validation of presentations using the DIF Presentation Exchange standard:

Validation Type	Description	Validator Endpoint	Authorizer Handling
DIF Presentation Exchange	Validates VP tokens against presentation definitions	`/validate`	Formats request and processes validator results

The authorizer specifically uses the DIF.PresentationExchange validation type, which includes:

VP Token validation: Structural validation of the verifiable presentation
Presentation Definition matching: Ensures the VP satisfies the presentation definition requirements
Presentation Submission verification: Validates the presentation submission structure and mapping

For details on how the validator service performs these validation processes, see the Validator Service Policies.

Validation Process

flowchart TD
    subgraph "Validate Policy Processing"
        Input[Authorization Request] --> CheckSkip{Skip Validate?}
        CheckSkip -->|Yes| Skip[Skip Validation]
        CheckSkip -->|No| CreateClient[Create Validator Client]

        CreateClient --> FormatRequest[Format Validation Request]
        FormatRequest --> SendRequest[Send to Validator Service]

        SendRequest --> CheckResponse{Response Status?}

        CheckResponse -->|200| Success[Validation Success]
        CheckResponse -->|422| ValidationError[Validation Error]
        CheckResponse -->|Other| UnexpectedError[Unexpected Error]

        Success --> ProcessResults[Process Validator Results]
        ValidationError --> ProcessValidationError[Process Validation Error]
        UnexpectedError --> ProcessUnexpectedError[Process Unexpected Error]

        ProcessResults --> AddAuthorizerResult[Add Authorizer Result]
        ProcessValidationError --> AddAuthorizerError[Add Authorizer Error]
        ProcessUnexpectedError --> AddAuthorizerError

        AddAuthorizerResult --> CombineResults[Combine Results]
        AddAuthorizerError --> CombineResults
        Skip --> CombineResults

        CombineResults --> PolicyResult[Policy Result]
    end

    subgraph "Validator Service Integration"
        ValidatorClient[Validator Service Client] -.-> |"/validate"| SendRequest
    end

    style Input fill:#f9f9f9,stroke:#333,stroke-width:1px
    style CheckSkip fill:#e1f5fe,stroke:#333,stroke-width:1px
    style FormatRequest fill:#e8f5e8,stroke:#333,stroke-width:1px
    style SendRequest fill:#e8f5e8,stroke:#333,stroke-width:1px
    style Success fill:#dcedc8,stroke:#333,stroke-width:1px
    style ValidationError fill:#ffcdd2,stroke:#333,stroke-width:1px
    style UnexpectedError fill:#ffcdd2,stroke:#333,stroke-width:1px
    style Skip fill:#f3e5f5,stroke:#333,stroke-width:1px
    style ValidatorClient fill:#fff9c4,stroke:#333,stroke-width:1px

When processing validation requests, the policy follows these steps:

Configuration check - Determines if validation should be skipped based on policy configuration
Service client creation - Creates a validator service client using configured service instance reference
Request formatting - Formats the presentation data for the validator service API
Service delegation - Sends the validation request to the configured validator service
Response processing - Handles different response types from the validator service
Result aggregation - Combines validator results with authorizer-specific results
Error handling - Converts validator service errors to appropriate authorizer policy errors

Presentation Validation Request

The validate policy formats presentation data for the validator service’s /validate endpoint:

Request Structure

The authorizer sends a structured validation request containing:

{
    "type": "DIF.PresentationExchange",
    "vp_token": "original_vp_token_string",
    "presentation_definition": {
        /* presentation definition object */
    },
    "presentation_submission": {
        /* parsed presentation submission */
    }
}

Request Components

Component	Description	Source	Purpose
type	Validation type identifier	Fixed value: `"DIF.PresentationExchange"`	Specifies the validation standard to use
vp_token	Original VP token string	Authorization request	The presentation to be validated
presentation_definition	Presentation definition object	Authorization request	Defines the requirements for the presentation
presentation_submission	Parsed presentation submission	Authorization request (parsed)	Maps presentation contents to definition

Data Processing

VP Token extraction - Uses the original VP token string from the parsed authorization details
Presentation Definition forwarding - Passes through the presentation definition as received
Presentation Submission parsing - Uses the pre-parsed presentation submission object
Type specification - Always specifies DIF.PresentationExchange as the validation type

Response Handling

The validate policy handles different validator service response scenarios:

Successful Validation (200)

Aspect	Handling	Result
Validator Results	Returns all validator service results directly	Pass-through detailed validation results
Authorizer Result	Adds successful authorizer policy result with presentation submission data	Includes parsed presentation submission
Data Preservation	Preserves presentation submission for downstream processing	Enables further authorization processing

Validation Errors (422)

Aspect	Handling	Result
Validator Results	Returns all validator service error results	Detailed validation failure information
Authorizer Error	Adds `validate-failed` error from authorizer	Clear indication of validation failure
Error Aggregation	Combines validator and authorizer error information	Comprehensive error reporting

Unexpected Errors (Other Status Codes)

Aspect	Handling	Result
Error Creation	Creates `unexpected-validate-error`	Generic error for unexpected scenarios
Error Logging	Logs unexpected errors for system monitoring	System administrator visibility
Graceful Degradation	Provides meaningful error response	Prevents system failures

Configuration

The validate policy is configured through the authorizer service configuration. For complete configuration options, parameters, and examples, see the Authorizer Configuration Reference.

Key configuration aspects:

skip: Controls whether validation is performed
validator: Specifies which validator service instance to use

For details on how the validator service performs structural and content validation, see the Validator Service Documentation and Validator Configuration Reference.

Additional Resources

Authorizer Configuration Reference
Validator Service Documentation - For details on validation processes and logic
Validator Configuration Reference - For validator service configuration options
Validator Service Policies - For detailed validation policy documentation
DIF Presentation Exchange - Core validation standard
W3C Verifiable Credentials Data Model