Validate Policy Reference
This reference documents the validate policy for the authorizer service. The validate policy delegates credential and presentation validation to the configured validator service, handling the coordination and result processing within the authorization workflow.
Policy Overview
The validate policy is a critical component of the authorization workflow that delegates structural and content validation to the configured validator service. Rather than performing validation directly, the authorizer acts as a coordinator, sending presentation data to the validator service and processing the results within the authorization context.
The policy's primary responsibilities include:
- Service delegation: Routing validation requests to the configured validator service instance
- Presentation processing: Formatting and sending presentation data through the validator's API
- Result integration: Converting validator service responses into authorizer policy results
- Error translation: Mapping validator service errors to authorizer-specific error types
For details on the actual validation processes and policies, see the Validator Service Documentation.
Supported Validation Types
The validate policy delegates validation of presentations using the DIF Presentation Exchange standard:
| Validation Type | Description | Validator Endpoint | Authorizer Handling |
|---|---|---|---|
| DIF Presentation Exchange | Validates VP tokens against presentation definitions | /validate | Formats request and processes validator results |
The authorizer specifically uses the DIF.PresentationExchange validation type, which includes:
- VP Token validation: Structural validation of the verifiable presentation
- Presentation Definition matching: Ensures the VP satisfies the presentation definition requirements
- Presentation Submission verification: Validates the presentation submission structure and mapping
For details on how the validator service performs these validation processes, see the Validator Service Policies.
Validation Process
When processing validation requests, the policy follows these steps:
- Configuration check - Determines if validation should be skipped based on policy configuration
- Service client creation - Creates a validator service client using configured service instance reference
- Request formatting - Formats the presentation data for the validator service API
- Service delegation - Sends the validation request to the configured validator service
- Response processing - Handles different response types from the validator service
- Result aggregation - Combines validator results with authorizer-specific results
- Error handling - Converts validator service errors to appropriate authorizer policy errors
Presentation Validation Request
The validate policy formats presentation data for the validator service's /validate endpoint:
Request Structure
The authorizer sends a structured validation request containing:
Request Components
| Component | Description | Source | Purpose |
|---|---|---|---|
| type | Validation type identifier | Fixed value: "DIF.PresentationExchange" | Specifies the validation standard to use |
| vp_token | Original VP token string | Authorization request | The presentation to be validated |
| presentation_definition | Presentation definition object | Authorization request | Defines the requirements for the presentation |
| presentation_submission | Parsed presentation submission | Authorization request (parsed) | Maps presentation contents to definition |
Data Processing
- VP Token extraction - Uses the original VP token string from the parsed authorization details
- Presentation Definition forwarding - Passes through the presentation definition as received
- Presentation Submission parsing - Uses the pre-parsed presentation submission object
- Type specification - Always specifies
DIF.PresentationExchangeas the validation type
Response Handling
The validate policy handles different validator service response scenarios:
Successful Validation (200)
| Aspect | Handling | Result |
|---|---|---|
| Validator Results | Returns all validator service results directly | Pass-through detailed validation results |
| Authorizer Result | Adds successful authorizer policy result with presentation submission data | Includes parsed presentation submission |
| Data Preservation | Preserves presentation submission for downstream processing | Enables further authorization processing |
Validation Errors (422)
| Aspect | Handling | Result |
|---|---|---|
| Validator Results | Returns all validator service error results | Detailed validation failure information |
| Authorizer Error | Adds validate-failed error from authorizer | Clear indication of validation failure |
| Error Aggregation | Combines validator and authorizer error information | Comprehensive error reporting |
Unexpected Errors (Other Status Codes)
| Aspect | Handling | Result |
|---|---|---|
| Error Creation | Creates unexpected-validate-error | Generic error for unexpected scenarios |
| Error Logging | Logs unexpected errors for system monitoring | System administrator visibility |
| Graceful Degradation | Provides meaningful error response | Prevents system failures |
Configuration
The validate policy is configured through the authorizer service configuration. For complete configuration options, parameters, and examples, see the Authorizer Configuration Reference.
Key configuration aspects:
- skip: Controls whether validation is performed
- validator: Specifies which validator service instance to use
For details on how the validator service performs structural and content validation, see the Validator Service Documentation and Validator Configuration Reference.
Additional Resources
- Authorizer Configuration Reference
- Validator Service Documentation - For details on validation processes and logic
- Validator Configuration Reference - For validator service configuration options
- Validator Service Policies - For detailed validation policy documentation
- DIF Presentation Exchange - Core validation standard
- W3C Verifiable Credentials Data Model