Skip to content

Verifier Configuration Reference

This reference documents the configuration options for the verifier service.

This section documents the complete configuration provided by Vidos.

{
"cors": {
"enabled": false,
"origin": ["*"],
"credentials": false,
"allowMethods": ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"],
"exposeHeaders": [],
"allowHeaders": [],
"maxAge": 86400
},
"policies": {
"credentialSchema": {
"validation": {
"onInvalid": "error",
"onUnsupported": "warning"
},
"skip": false
},
"credentialStatus": {
"skip": false,
"onMissing": "valid",
"onUnsupported": "warning",
"statusTypes": {
"bitstringStatusList": {
"statusChecks": {
"revocation": {
"onMissingStatus": "valid",
"onRevocation": "error"
},
"suspension": {
"onMissingStatus": "valid",
"onSuspension": "error"
}
}
},
"credentialStatus2021": {
"statusChecks": {
"revocation": {
"onMissingStatus": "valid",
"onRevocation": "error"
},
"suspension": {
"onMissingStatus": "valid",
"onSuspension": "error"
}
}
}
}
},
"format": {
"standards": {
"w3c": {
"vc-data-model": {
"v1.1": {
"enabled": true
},
"v2.0": {
"enabled": true
}
}
},
"iso": {
"18013-5:2021": {
"enabled": true
}
}
}
},
"notAfter": {
"credentials": {
"verifiableCredential": {
"enabled": true,
"onOutOfRange": "error",
"onMissingDate": "warning",
"tolerance": 300000
},
"verifiablePresentation": {
"enabled": true,
"onOutOfRange": "error",
"onMissingDate": "warning",
"tolerance": 300000
}
},
"skip": false
},
"notBefore": {
"skip": false,
"credentials": {
"verifiableCredential": {
"enabled": true,
"onOutOfRange": "error",
"onMissingDate": "warning",
"tolerance": 300000
},
"verifiablePresentation": {
"enabled": true,
"onOutOfRange": "error",
"onMissingDate": "warning",
"tolerance": 300000
}
}
},
"proof": {
"skip": false,
"formats": {
"jwt": {
"enabled": true,
"proofPurpose": "assertionMethod"
},
"w3c": {
"enabled": true,
"proofPurpose": {
"assertionMethod": {
"enabled": true
},
"authentication": {
"enabled": true,
"challenge": "",
"domain": ""
}
},
"suites": {
"community": {
"di-eddsa-2020": {
"enabled": true
}
},
"vc-data-integrity": {
"1.0": {
"enabled": true,
"cryptosuite": {
"bbs-2023": {
"enabled": true,
"expectedPresentationHeader": ""
},
"ecdsa-jcs-2019": {
"enabled": true
},
"ecdsa-rdfc-2019": {
"enabled": true
},
"ecdsa-sd-2023": {
"enabled": true
},
"eddsa-2022": {
"enabled": true
},
"eddsa-jcs-2022": {
"enabled": true
},
"eddsa-rdfc-2022": {
"enabled": true
}
}
}
}
}
}
}
}
},
"resolver": {
"type": "managed"
}
}

The complete JSON Schema for the verifier configuration is available:

For CORS configuration options see the CORS Configuration Reference.

Controls which resolver service to use for DID (Decentralized Identifier) resolution and other resource lookups. See Service Instance configuration

Example managed resolver configuration:

{
"resolver": {
"type": "managed"
}
}

Example custom resolver instance configuration:

{
"resolver": {
"type": "instance",
"resourceId": "my-resolver-instance",
"serviceRole": {
"owner": "account",
"resourceId": "my-resolver"
}
}
}

The verifier uses the resolver service to:

  • Resolve DIDs referenced in credentials
  • Fetch verification methods and public keys
  • Verify proof chains
  • Retrieve status information and schemas

The policies section consists of independent verification policies that can be configured separately. Each policy controls a specific aspect of credential verification and can be integrated with the Authorizer service for comprehensive verification flows. Policies can be:

  • Enabled or disabled independently using skip: true/false
  • Configured with different validation behaviors (error/warning)
  • Set with policy-specific parameters

The verifier supports the following independent policies:

  • credentialSchema: Schema validation against the credential type
  • credentialStatus: Status checks (revocation/suspension)
  • format: Format and version validation
  • notAfter: Expiration validation
  • notBefore: Not-yet-valid validation
  • proof: Cryptographic proof verification

Example of policy mix-and-match:

{
"policies": {
"credentialSchema": {
"skip": true
},
"credentialStatus": {
"skip": false,
"onMissing": "valid",
"onUnsupported": "warning"
},
"notAfter": {
"skip": false,
"credentials": {
"verifiableCredential": {
"enabled": true,
"onOutOfRange": "error"
}
}
},
"proof": {
"skip": false,
"formats": {
"jwt": {
"enabled": true
},
"w3c": {
"enabled": false
}
}
}
}
}

Each policy section below details its specific configuration options.

Controls schema validation for credentials.

  • Type: object
  • Properties:
    • skip: boolean
    • validation:
      • onInvalid: "error" | "warning" | "valid"
      • onSchemaError: "error" | "warning" | "valid"
      • onUnsupported: "error" | "warning" | "valid"
  • Description: Configures schema validation behavior and error handling
  • See: W3C VC Data Model - Credential Schema

Example credential with schema:

{
"@context": ["https://www.w3.org/2018/credentials/v1", "https://www.w3.org/2018/credentials/examples/v1"],
"type": ["VerifiableCredential", "UniversityDegreeCredential"],
"credentialSchema": {
"id": "https://example.org/examples/degree.json",
"type": "JsonSchemaValidator2018"
}
}

Example configuration:

{
"credentialSchema": {
"validation": {
"onInvalid": "error",
"onSchemaError": "warning",
"onUnsupported": "warning"
},
"skip": false
}
}

Controls credential status validation.

  • Type: object
  • Properties:
    • skip: boolean
    • onMissing: "valid" | "error"
    • onUnsupported: "error" | "warning"
    • statusTypes: Configuration for different status list types
  • Description: Configures how different types of credential status are verified
  • See: W3C VC Status List v2021

Example configuration:

{
"credentialStatus": {
"skip": false,
"onMissing": "valid",
"onUnsupported": "warning",
"statusTypes": {
"bitstringStatusList": {
"statusChecks": {
"revocation": {
"onMissingStatus": "valid",
"onRevocation": "error"
},
"suspension": {
"onMissingStatus": "valid",
"onSuspension": "error"
}
}
}
}
}
}
ActionDescriptionUse Case
onRevocationWhat happens when a credential is revokedCheck revocation status
onSuspensionWhat happens when a credential is suspendedCheck suspension status
onMissingStatusAction when status information is missingHandle incomplete status

Controls credential format validation.

  • Type: object
  • Properties:
    • standards: Supported credential format standards
      • w3c: W3C Verifiable Credentials Data Model
      • iso: ISO standard formats
  • Description: Configures supported credential format standards and versions

Example configuration:

{
"format": {
"standards": {
"w3c": {
"vc-data-model": {
"v1.1": {
"enabled": true
},
"v2.0": {
"enabled": true
}
}
},
"iso": {
"18013-5:2021": {
"enabled": true
}
}
}
}
}

Controls temporal validation of credentials.

  • Type: object
  • Properties:
    • skip: boolean
    • credentials:
      • verifiableCredential:
        • enabled: boolean
        • onOutOfRange: "error" | "warning"
        • onMissingDate: "error" | "warning"
        • tolerance: Time tolerance in milliseconds
      • verifiablePresentation: Same structure as verifiableCredential
  • Description: Configures temporal validity checks

Example configuration:

{
"notAfter": {
"credentials": {
"verifiableCredential": {
"enabled": true,
"onOutOfRange": "error",
"onMissingDate": "warning",
"tolerance": 300000
}
},
"skip": false
}
}
OptionDescriptionUse Case
onOutOfRangeAction when current time is outside valid rangeEnforce time validity
onMissingDateAction when required dates are missingHandle incomplete credentials
toleranceTime buffer in millisecondsAllow for clock skew

Controls validation of cryptographic proofs.

  • Type: object
  • Properties:
    • skip: boolean
    • formats: Supported proof formats
      • jwt: JWT proof format configuration
      • w3c: W3C proof format configuration

Example JWT configuration:

{
"proof": {
"formats": {
"jwt": {
"enabled": true,
"proofPurpose": "assertionMethod"
}
}
}
}

Example W3C configuration:

{
"proof": {
"formats": {
"w3c": {
"enabled": true,
"proofPurpose": {
"assertionMethod": {
"enabled": true
}
},
"suites": {
"community": {
"di-eddsa-2020": {
"enabled": true
}
}
}
}
}
}
}

Supports JWT/JWS-based proofs with configurable proof purposes.

Supports Data Integrity proofs with multiple cryptosuites:

SuiteDescriptionBest For
bbs-2023BBS+ signatures with selective disclosurePrivacy-preserving credentials
ecdsa-jcs-2019ECDSA with JSON canonicalizationCross-platform compatibility
ecdsa-rdfc-2019ECDSA with RDF canonicalizationSemantic web applications
ecdsa-sd-2023ECDSA with selective disclosurePrivacy-preserving presentations
eddsa-2022EdDSA base suiteHigh performance verification

The verifier supports three validation outcomes:

  • error: Stops processing
  • warning: Continues processing
  • valid: Successful validation

Common scenarios:

ScenarioDefault ActionConfiguration Option
Credential fails schema validationErrorcredentialSchema.validation.onInvalid
Schema load errorWarningcredentialSchema.validation.onSchemaError
Unsupported schema validation typeWarningcredentialSchema.validation.onUnsupported
Missing statusValidcredentialStatus.onMissing
Expired credentialErrornotAfter.credentials.verifiableCredential.onOutOfRange
Missing datesWarningnotAfter.credentials.verifiableCredential.onMissingDate
Revoked credentialErrorcredentialStatus.statusTypes.bitstringStatusList.statusChecks.revocation.onRevocation