This reference documents the validate policy for the authorizer service. The validate policy delegates credential and presentation validation to the configured validator service, handling the coordination and result processing within the authorization workflow.
The validate policy is a critical component of the authorization workflow that delegates structural and content validation to the configured validator service. Rather than performing validation directly, the authorizer acts as a coordinator, sending presentation data to the validator service and processing the results within the authorization context.
The policy's primary responsibilities include:
For details on the actual validation processes and policies, see the Validator Service Documentation.
The validate policy delegates validation of presentations using the DIF Presentation Exchange standard:
Validation Type | Description | Validator Endpoint | Authorizer Handling |
---|---|---|---|
DIF Presentation Exchange | Validates VP tokens against presentation definitions | /validate | Formats request and processes validator results |
The authorizer specifically uses the DIF.PresentationExchange
validation type, which includes:
For details on how the validator service performs these validation processes, see the Validator Service Policies.
When processing validation requests, the policy follows these steps:
The validate policy formats presentation data for the validator service's /validate
endpoint:
The authorizer sends a structured validation request containing:
Component | Description | Source | Purpose |
---|---|---|---|
type | Validation type identifier | Fixed value: "DIF.PresentationExchange" | Specifies the validation standard to use |
vp_token | Original VP token string | Authorization request | The presentation to be validated |
presentation_definition | Presentation definition object | Authorization request | Defines the requirements for the presentation |
presentation_submission | Parsed presentation submission | Authorization request (parsed) | Maps presentation contents to definition |
DIF.PresentationExchange
as the validation typeThe validate policy handles different validator service response scenarios:
Aspect | Handling | Result |
---|---|---|
Validator Results | Returns all validator service results directly | Pass-through detailed validation results |
Authorizer Result | Adds successful authorizer policy result with presentation submission data | Includes parsed presentation submission |
Data Preservation | Preserves presentation submission for downstream processing | Enables further authorization processing |
Aspect | Handling | Result |
---|---|---|
Validator Results | Returns all validator service error results | Detailed validation failure information |
Authorizer Error | Adds validate-failed error from authorizer | Clear indication of validation failure |
Error Aggregation | Combines validator and authorizer error information | Comprehensive error reporting |
Aspect | Handling | Result |
---|---|---|
Error Creation | Creates unexpected-validate-error | Generic error for unexpected scenarios |
Error Logging | Logs unexpected errors for system monitoring | System administrator visibility |
Graceful Degradation | Provides meaningful error response | Prevents system failures |
The validate policy is configured through the authorizer service configuration. For complete configuration options, parameters, and examples, see the Authorizer Configuration Reference.
Key configuration aspects:
For details on how the validator service performs structural and content validation, see the Validator Service Documentation and Validator Configuration Reference.