Validate Policy Reference

This reference documents the validate policy for the authorizer service. The validate policy delegates credential and presentation validation to the configured validator service, handling the coordination and result processing within the authorization workflow.

Policy Overview

The validate policy is a critical component of the authorization workflow that delegates structural and content validation to the configured validator service. Rather than performing validation directly, the authorizer acts as a coordinator, sending presentation data to the validator service and processing the results within the authorization context.

The policy's primary responsibilities include:

  • Service delegation: Routing validation requests to the configured validator service instance
  • Presentation processing: Formatting and sending presentation data through the validator's API
  • Result integration: Converting validator service responses into authorizer policy results
  • Error translation: Mapping validator service errors to authorizer-specific error types

For details on the actual validation processes and policies, see the Validator Service Documentation.

Supported Validation Types

The validate policy delegates validation of presentations using the DIF Presentation Exchange standard:

Validation TypeDescriptionValidator EndpointAuthorizer Handling
DIF Presentation ExchangeValidates VP tokens against presentation definitions/validateFormats request and processes validator results

The authorizer specifically uses the DIF.PresentationExchange validation type, which includes:

  • VP Token validation: Structural validation of the verifiable presentation
  • Presentation Definition matching: Ensures the VP satisfies the presentation definition requirements
  • Presentation Submission verification: Validates the presentation submission structure and mapping

For details on how the validator service performs these validation processes, see the Validator Service Policies.

Validation Process

When processing validation requests, the policy follows these steps:

  1. Configuration check - Determines if validation should be skipped based on policy configuration
  2. Service client creation - Creates a validator service client using configured service instance reference
  3. Request formatting - Formats the presentation data for the validator service API
  4. Service delegation - Sends the validation request to the configured validator service
  5. Response processing - Handles different response types from the validator service
  6. Result aggregation - Combines validator results with authorizer-specific results
  7. Error handling - Converts validator service errors to appropriate authorizer policy errors

Presentation Validation Request

The validate policy formats presentation data for the validator service's /validate endpoint:

Request Structure

The authorizer sends a structured validation request containing:

{
    "type": "DIF.PresentationExchange",
    "vp_token": "original_vp_token_string",
    "presentation_definition": {
        /* presentation definition object */
    },
    "presentation_submission": {
        /* parsed presentation submission */
    }
}

Request Components

ComponentDescriptionSourcePurpose
typeValidation type identifierFixed value: "DIF.PresentationExchange"Specifies the validation standard to use
vp_tokenOriginal VP token stringAuthorization requestThe presentation to be validated
presentation_definitionPresentation definition objectAuthorization requestDefines the requirements for the presentation
presentation_submissionParsed presentation submissionAuthorization request (parsed)Maps presentation contents to definition

Data Processing

  1. VP Token extraction - Uses the original VP token string from the parsed authorization details
  2. Presentation Definition forwarding - Passes through the presentation definition as received
  3. Presentation Submission parsing - Uses the pre-parsed presentation submission object
  4. Type specification - Always specifies DIF.PresentationExchange as the validation type

Response Handling

The validate policy handles different validator service response scenarios:

Successful Validation (200)

AspectHandlingResult
Validator ResultsReturns all validator service results directlyPass-through detailed validation results
Authorizer ResultAdds successful authorizer policy result with presentation submission dataIncludes parsed presentation submission
Data PreservationPreserves presentation submission for downstream processingEnables further authorization processing

Validation Errors (422)

AspectHandlingResult
Validator ResultsReturns all validator service error resultsDetailed validation failure information
Authorizer ErrorAdds validate-failed error from authorizerClear indication of validation failure
Error AggregationCombines validator and authorizer error informationComprehensive error reporting

Unexpected Errors (Other Status Codes)

AspectHandlingResult
Error CreationCreates unexpected-validate-errorGeneric error for unexpected scenarios
Error LoggingLogs unexpected errors for system monitoringSystem administrator visibility
Graceful DegradationProvides meaningful error responsePrevents system failures

Configuration

The validate policy is configured through the authorizer service configuration. For complete configuration options, parameters, and examples, see the Authorizer Configuration Reference.

Key configuration aspects:

  • skip: Controls whether validation is performed
  • validator: Specifies which validator service instance to use

For details on how the validator service performs structural and content validation, see the Validator Service Documentation and Validator Configuration Reference.

Additional Resources