Verifier Configuration Reference
This reference documents the configuration options for the verifier service.
Core Configuration
Section titled “Core Configuration”This section documents the complete configuration provided by Vidos.
{ "cors": { "enabled": false, "origin": ["*"], "credentials": false, "allowMethods": ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"], "exposeHeaders": [], "allowHeaders": [], "maxAge": 86400 }, "policies": { "credentialSchema": { "validation": { "onInvalid": "error", "onUnsupported": "warning" }, "skip": false }, "credentialStatus": { "skip": false, "onMissing": "valid", "onUnsupported": "warning", "statusTypes": { "bitstringStatusList": { "statusChecks": { "revocation": { "onMissingStatus": "valid", "onRevocation": "error" }, "suspension": { "onMissingStatus": "valid", "onSuspension": "error" } } }, "credentialStatus2021": { "statusChecks": { "revocation": { "onMissingStatus": "valid", "onRevocation": "error" }, "suspension": { "onMissingStatus": "valid", "onSuspension": "error" } } } } }, "format": { "standards": { "w3c": { "vc-data-model": { "v1.1": { "enabled": true }, "v2.0": { "enabled": true } } }, "iso": { "18013-5:2021": { "enabled": true } } } }, "notAfter": { "credentials": { "verifiableCredential": { "enabled": true, "onOutOfRange": "error", "onMissingDate": "warning", "tolerance": 300000 }, "verifiablePresentation": { "enabled": true, "onOutOfRange": "error", "onMissingDate": "warning", "tolerance": 300000 } }, "skip": false }, "notBefore": { "skip": false, "credentials": { "verifiableCredential": { "enabled": true, "onOutOfRange": "error", "onMissingDate": "warning", "tolerance": 300000 }, "verifiablePresentation": { "enabled": true, "onOutOfRange": "error", "onMissingDate": "warning", "tolerance": 300000 } } }, "proof": { "skip": false, "formats": { "jwt": { "enabled": true, "proofPurpose": "assertionMethod" }, "w3c": { "enabled": true, "proofPurpose": { "assertionMethod": { "enabled": true }, "authentication": { "enabled": true, "challenge": "", "domain": "" } }, "suites": { "community": { "di-eddsa-2020": { "enabled": true } }, "vc-data-integrity": { "1.0": { "enabled": true, "cryptosuite": { "bbs-2023": { "enabled": true, "expectedPresentationHeader": "" }, "ecdsa-jcs-2019": { "enabled": true }, "ecdsa-rdfc-2019": { "enabled": true }, "ecdsa-sd-2023": { "enabled": true }, "eddsa-2022": { "enabled": true }, "eddsa-jcs-2022": { "enabled": true }, "eddsa-rdfc-2022": { "enabled": true } } } } } } } } }, "resolver": { "type": "managed" }}
Configuration Schema
Section titled “Configuration Schema”The complete JSON Schema for the verifier configuration is available:
Configuration Options
Section titled “Configuration Options”cors Configuration
Section titled “cors Configuration”For CORS configuration options see the CORS Configuration Reference.
resolver Configuration
Section titled “resolver Configuration”Controls which resolver service to use for DID (Decentralized Identifier) resolution and other resource lookups. See Service Instance configuration
Example managed resolver configuration:
{ "resolver": { "type": "managed" }}
Example custom resolver instance configuration:
{ "resolver": { "type": "instance", "resourceId": "my-resolver-instance", "serviceRole": { "owner": "account", "resourceId": "my-resolver" } }}
The verifier uses the resolver service to:
- Resolve DIDs referenced in credentials
- Fetch verification methods and public keys
- Verify proof chains
- Retrieve status information and schemas
policies Configuration
Section titled “policies Configuration”The policies section consists of independent verification policies that can be configured separately. Each policy controls a specific aspect of credential verification and can be integrated with the Authorizer service for comprehensive verification flows. Policies can be:
- Enabled or disabled independently using
skip: true/false
- Configured with different validation behaviors (error/warning)
- Set with policy-specific parameters
The verifier supports the following independent policies:
credentialSchema
: Schema validation against the credential typecredentialStatus
: Status checks (revocation/suspension)format
: Format and version validationnotAfter
: Expiration validationnotBefore
: Not-yet-valid validationproof
: Cryptographic proof verification
Example of policy mix-and-match:
{ "policies": { "credentialSchema": { "skip": true }, "credentialStatus": { "skip": false, "onMissing": "valid", "onUnsupported": "warning" }, "notAfter": { "skip": false, "credentials": { "verifiableCredential": { "enabled": true, "onOutOfRange": "error" } } }, "proof": { "skip": false, "formats": { "jwt": { "enabled": true }, "w3c": { "enabled": false } } } }}
Each policy section below details its specific configuration options.
credentialSchema
Section titled “credentialSchema”Controls schema validation for credentials.
- Type:
object
- Properties:
skip
:boolean
validation
:onInvalid
:"error" | "warning" | "valid"
onSchemaError
:"error" | "warning" | "valid"
onUnsupported
:"error" | "warning" | "valid"
- Description: Configures schema validation behavior and error handling
- See: W3C VC Data Model - Credential Schema
Example credential with schema:
{ "@context": ["https://www.w3.org/2018/credentials/v1", "https://www.w3.org/2018/credentials/examples/v1"], "type": ["VerifiableCredential", "UniversityDegreeCredential"], "credentialSchema": { "id": "https://example.org/examples/degree.json", "type": "JsonSchemaValidator2018" }}
Example configuration:
{ "credentialSchema": { "validation": { "onInvalid": "error", "onSchemaError": "warning", "onUnsupported": "warning" }, "skip": false }}
credentialStatus
Section titled “credentialStatus”Controls credential status validation.
- Type:
object
- Properties:
skip
:boolean
onMissing
:"valid" | "error"
onUnsupported
:"error" | "warning"
statusTypes
: Configuration for different status list types
- Description: Configures how different types of credential status are verified
- See: W3C VC Status List v2021
Example configuration:
{ "credentialStatus": { "skip": false, "onMissing": "valid", "onUnsupported": "warning", "statusTypes": { "bitstringStatusList": { "statusChecks": { "revocation": { "onMissingStatus": "valid", "onRevocation": "error" }, "suspension": { "onMissingStatus": "valid", "onSuspension": "error" } } } } }}
Status Check Options
Section titled “Status Check Options”Action | Description | Use Case |
---|---|---|
onRevocation | What happens when a credential is revoked | Check revocation status |
onSuspension | What happens when a credential is suspended | Check suspension status |
onMissingStatus | Action when status information is missing | Handle incomplete status |
format
Section titled “format”Controls credential format validation.
- Type:
object
- Properties:
standards
: Supported credential format standardsw3c
: W3C Verifiable Credentials Data Modeliso
: ISO standard formats
- Description: Configures supported credential format standards and versions
Example configuration:
{ "format": { "standards": { "w3c": { "vc-data-model": { "v1.1": { "enabled": true }, "v2.0": { "enabled": true } } }, "iso": { "18013-5:2021": { "enabled": true } } } }}
notAfter/notBefore
Section titled “notAfter/notBefore”Controls temporal validation of credentials.
- Type:
object
- Properties:
skip
:boolean
credentials
:verifiableCredential
:enabled
:boolean
onOutOfRange
:"error" | "warning"
onMissingDate
:"error" | "warning"
tolerance
: Time tolerance in milliseconds
verifiablePresentation
: Same structure as verifiableCredential
- Description: Configures temporal validity checks
Example configuration:
{ "notAfter": { "credentials": { "verifiableCredential": { "enabled": true, "onOutOfRange": "error", "onMissingDate": "warning", "tolerance": 300000 } }, "skip": false }}
Temporal Validation Options
Section titled “Temporal Validation Options”Option | Description | Use Case |
---|---|---|
onOutOfRange | Action when current time is outside valid range | Enforce time validity |
onMissingDate | Action when required dates are missing | Handle incomplete credentials |
tolerance | Time buffer in milliseconds | Allow for clock skew |
Controls validation of cryptographic proofs.
- Type:
object
- Properties:
skip
:boolean
formats
: Supported proof formatsjwt
: JWT proof format configurationw3c
: W3C proof format configuration
Example JWT configuration:
{ "proof": { "formats": { "jwt": { "enabled": true, "proofPurpose": "assertionMethod" } } }}
Example W3C configuration:
{ "proof": { "formats": { "w3c": { "enabled": true, "proofPurpose": { "assertionMethod": { "enabled": true } }, "suites": { "community": { "di-eddsa-2020": { "enabled": true } } } } } }}
Supported Proof Formats
Section titled “Supported Proof Formats”JWT Proofs
Section titled “JWT Proofs”Supports JWT/JWS-based proofs with configurable proof purposes.
W3C Data Integrity
Section titled “W3C Data Integrity”Supports Data Integrity proofs with multiple cryptosuites:
Suite | Description | Best For |
---|---|---|
bbs-2023 | BBS+ signatures with selective disclosure | Privacy-preserving credentials |
ecdsa-jcs-2019 | ECDSA with JSON canonicalization | Cross-platform compatibility |
ecdsa-rdfc-2019 | ECDSA with RDF canonicalization | Semantic web applications |
ecdsa-sd-2023 | ECDSA with selective disclosure | Privacy-preserving presentations |
eddsa-2022 | EdDSA base suite | High performance verification |
Error Handling
Section titled “Error Handling”The verifier supports three validation outcomes:
error
: Stops processingwarning
: Continues processingvalid
: Successful validation
Common scenarios:
Scenario | Default Action | Configuration Option |
---|---|---|
Credential fails schema validation | Error | credentialSchema.validation.onInvalid |
Schema load error | Warning | credentialSchema.validation.onSchemaError |
Unsupported schema validation type | Warning | credentialSchema.validation.onUnsupported |
Missing status | Valid | credentialStatus.onMissing |
Expired credential | Error | notAfter.credentials.verifiableCredential.onOutOfRange |
Missing dates | Warning | notAfter.credentials.verifiableCredential.onMissingDate |
Revoked credential | Error | credentialStatus.statusTypes.bitstringStatusList.statusChecks.revocation.onRevocation |
Additional Resources
Section titled “Additional Resources”- Understanding Configuration in Vidos
- Resolver Service Documentation
- Resolver Configuration Reference
- Authorizer Configuration Reference
- Create Verifier Instance Guide
- W3C Verifiable Credentials Data Model
- W3C Verifiable Credentials Implementation Guidelines
- W3C Status List 2021
- Data Integrity Specification