Explanations
How to guides
Tutorials
Reference
Home
Dashboard
Explanations
How to guides
Tutorials
Reference
Home
Dashboard

Verifier Configuration Reference

This reference documents the configuration options for the verifier service.

Core Configuration

This section documents the complete configuration provided by Vidos.

{
    "cors": {
        "enabled": false,
        "origin": ["*"],
        "credentials": false,
        "allowMethods": ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"],
        "exposeHeaders": [],
        "allowHeaders": [],
        "maxAge": 86400
    },
    "policies": {
        "credentialSchema": {
            "validation": {
                "onInvalid": "error",
                "onUnsupported": "warning"
            },
            "skip": false
        },
        "credentialStatus": {
            "skip": false,
            "onMissing": "valid",
            "onUnsupported": "warning",
            "statusTypes": {
                "bitstringStatusList": {
                    "statusChecks": {
                        "revocation": {
                            "onMissingStatus": "valid",
                            "onRevocation": "error"
                        },
                        "suspension": {
                            "onMissingStatus": "valid",
                            "onSuspension": "error"
                        }
                    }
                },
                "credentialStatus2021": {
                    "statusChecks": {
                        "revocation": {
                            "onMissingStatus": "valid",
                            "onRevocation": "error"
                        },
                        "suspension": {
                            "onMissingStatus": "valid",
                            "onSuspension": "error"
                        }
                    }
                }
            }
        },
        "format": {
            "standards": {
                "w3c": {
                    "vc-data-model": {
                        "v1.1": {
                            "enabled": true
                        },
                        "v2.0": {
                            "enabled": true
                        }
                    }
                },
                "iso": {
                    "18013-5:2021": {
                        "enabled": true
                    }
                }
            }
        },
        "notAfter": {
            "credentials": {
                "verifiableCredential": {
                    "enabled": true,
                    "onOutOfRange": "error",
                    "onMissingDate": "warning",
                    "tolerance": 300000
                },
                "verifiablePresentation": {
                    "enabled": true,
                    "onOutOfRange": "error",
                    "onMissingDate": "warning",
                    "tolerance": 300000
                }
            },
            "skip": false
        },
        "notBefore": {
            "skip": false,
            "credentials": {
                "verifiableCredential": {
                    "enabled": true,
                    "onOutOfRange": "error",
                    "onMissingDate": "warning",
                    "tolerance": 300000
                },
                "verifiablePresentation": {
                    "enabled": true,
                    "onOutOfRange": "error",
                    "onMissingDate": "warning",
                    "tolerance": 300000
                }
            }
        },
        "proof": {
            "skip": false,
            "formats": {
                "jwt": {
                    "enabled": true,
                    "proofPurpose": "assertionMethod"
                },
                "w3c": {
                    "enabled": true,
                    "proofPurpose": {
                        "assertionMethod": {
                            "enabled": true
                        },
                        "authentication": {
                            "enabled": true,
                            "challenge": "",
                            "domain": ""
                        }
                    },
                    "suites": {
                        "community": {
                            "di-eddsa-2020": {
                                "enabled": true
                            }
                        },
                        "vc-data-integrity": {
                            "1.0": {
                                "enabled": true,
                                "cryptosuite": {
                                    "bbs-2023": {
                                        "enabled": true,
                                        "expectedPresentationHeader": ""
                                    },
                                    "ecdsa-jcs-2019": {
                                        "enabled": true
                                    },
                                    "ecdsa-rdfc-2019": {
                                        "enabled": true
                                    },
                                    "ecdsa-sd-2023": {
                                        "enabled": true
                                    },
                                    "eddsa-2022": {
                                        "enabled": true
                                    },
                                    "eddsa-jcs-2022": {
                                        "enabled": true
                                    },
                                    "eddsa-rdfc-2022": {
                                        "enabled": true
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    },
    "resolver": {
        "type": "managed"
    }
}

Configuration Schema

The complete JSON Schema for the verifier configuration is available:

Configuration Options

cors Configuration

For CORS configuration options see the CORS Configuration Reference.

resolver Configuration

Controls which resolver service to use for DID (Decentralized Identifier) resolution and other resource lookups. See Service Instance configuration

Example managed resolver configuration:

{
    "resolver": {
        "type": "managed"
    }
}

Example custom resolver instance configuration:

{
    "resolver": {
        "type": "instance",
        "resourceId": "my-resolver-instance",
        "serviceRole": {
            "owner": "account",
            "resourceId": "my-resolver"
        }
    }
}

The verifier uses the resolver service to:

  • Resolve DIDs referenced in credentials
  • Fetch verification methods and public keys
  • Verify proof chains
  • Retrieve status information and schemas

policies Configuration

The policies section consists of independent verification policies that can be configured separately. Each policy controls a specific aspect of credential verification and can be integrated with the Authorizer service for comprehensive verification flows. Policies can be:

  • Enabled or disabled independently using skip: true/false
  • Configured with different validation behaviors (error/warning)
  • Set with policy-specific parameters

The verifier supports the following independent policies:

  • credentialSchema: Schema validation against the credential type
  • credentialStatus: Status checks (revocation/suspension)
  • format: Format and version validation
  • notAfter: Expiration validation
  • notBefore: Not-yet-valid validation
  • proof: Cryptographic proof verification

Example of policy mix-and-match:

{
    "policies": {
        "credentialSchema": {
            "skip": true
        },
        "credentialStatus": {
            "skip": false,
            "onMissing": "valid",
            "onUnsupported": "warning"
        },
        "notAfter": {
            "skip": false,
            "credentials": {
                "verifiableCredential": {
                    "enabled": true,
                    "onOutOfRange": "error"
                }
            }
        },
        "proof": {
            "skip": false,
            "formats": {
                "jwt": {
                    "enabled": true
                },
                "w3c": {
                    "enabled": false
                }
            }
        }
    }
}

Each policy section below details its specific configuration options.

credentialSchema

Controls schema validation for credentials.

  • Type: object
  • Properties:
    • skip: boolean
    • validation:
      • onInvalid: "error" | "warning" | "valid"
      • onSchemaError: "error" | "warning" | "valid"
      • onUnsupported: "error" | "warning" | "valid"
  • Description: Configures schema validation behavior and error handling
  • See: W3C VC Data Model - Credential Schema

Example credential with schema:

{
    "@context": ["https://www.w3.org/2018/credentials/v1", "https://www.w3.org/2018/credentials/examples/v1"],
    "type": ["VerifiableCredential", "UniversityDegreeCredential"],
    "credentialSchema": {
        "id": "https://example.org/examples/degree.json",
        "type": "JsonSchemaValidator2018"
    }
}

Example configuration:

{
    "credentialSchema": {
        "validation": {
            "onInvalid": "error",
            "onSchemaError": "warning",
            "onUnsupported": "warning"
        },
        "skip": false
    }
}

credentialStatus

Controls credential status validation.

  • Type: object
  • Properties:
    • skip: boolean
    • onMissing: "valid" | "error"
    • onUnsupported: "error" | "warning"
    • statusTypes: Configuration for different status list types
  • Description: Configures how different types of credential status are verified
  • See: W3C VC Status List v2021

Example configuration:

{
    "credentialStatus": {
        "skip": false,
        "onMissing": "valid",
        "onUnsupported": "warning",
        "statusTypes": {
            "bitstringStatusList": {
                "statusChecks": {
                    "revocation": {
                        "onMissingStatus": "valid",
                        "onRevocation": "error"
                    },
                    "suspension": {
                        "onMissingStatus": "valid",
                        "onSuspension": "error"
                    }
                }
            }
        }
    }
}
Status Check Options
ActionDescriptionUse Case
onRevocationWhat happens when a credential is revokedCheck revocation status
onSuspensionWhat happens when a credential is suspendedCheck suspension status
onMissingStatusAction when status information is missingHandle incomplete status

format

Controls credential format validation.

  • Type: object
  • Properties:
    • standards: Supported credential format standards
      • w3c: W3C Verifiable Credentials Data Model
      • iso: ISO standard formats
  • Description: Configures supported credential format standards and versions

Example configuration:

{
    "format": {
        "standards": {
            "w3c": {
                "vc-data-model": {
                    "v1.1": {
                        "enabled": true
                    },
                    "v2.0": {
                        "enabled": true
                    }
                }
            },
            "iso": {
                "18013-5:2021": {
                    "enabled": true
                }
            }
        }
    }
}

notAfter/notBefore

Controls temporal validation of credentials.

  • Type: object
  • Properties:
    • skip: boolean
    • credentials:
      • verifiableCredential:
        • enabled: boolean
        • onOutOfRange: "error" | "warning"
        • onMissingDate: "error" | "warning"
        • tolerance: Time tolerance in milliseconds
      • verifiablePresentation: Same structure as verifiableCredential
  • Description: Configures temporal validity checks

Example configuration:

{
    "notAfter": {
        "credentials": {
            "verifiableCredential": {
                "enabled": true,
                "onOutOfRange": "error",
                "onMissingDate": "warning",
                "tolerance": 300000
            }
        },
        "skip": false
    }
}
Temporal Validation Options
OptionDescriptionUse Case
onOutOfRangeAction when current time is outside valid rangeEnforce time validity
onMissingDateAction when required dates are missingHandle incomplete credentials
toleranceTime buffer in millisecondsAllow for clock skew

proof

Controls validation of cryptographic proofs.

  • Type: object
  • Properties:
    • skip: boolean
    • formats: Supported proof formats
      • jwt: JWT proof format configuration
      • w3c: W3C proof format configuration

Example JWT configuration:

{
    "proof": {
        "formats": {
            "jwt": {
                "enabled": true,
                "proofPurpose": "assertionMethod"
            }
        }
    }
}

Example W3C configuration:

{
    "proof": {
        "formats": {
            "w3c": {
                "enabled": true,
                "proofPurpose": {
                    "assertionMethod": {
                        "enabled": true
                    }
                },
                "suites": {
                    "community": {
                        "di-eddsa-2020": {
                            "enabled": true
                        }
                    }
                }
            }
        }
    }
}
Supported Proof Formats
JWT Proofs

Supports JWT/JWS-based proofs with configurable proof purposes.

W3C Data Integrity

Supports Data Integrity proofs with multiple cryptosuites:

SuiteDescriptionBest For
bbs-2023BBS+ signatures with selective disclosurePrivacy-preserving credentials
ecdsa-jcs-2019ECDSA with JSON canonicalizationCross-platform compatibility
ecdsa-rdfc-2019ECDSA with RDF canonicalizationSemantic web applications
ecdsa-sd-2023ECDSA with selective disclosurePrivacy-preserving presentations
eddsa-2022EdDSA base suiteHigh performance verification

Error Handling

The verifier supports three validation outcomes:

  • error: Stops processing
  • warning: Continues processing
  • valid: Successful validation

Common scenarios:

ScenarioDefault ActionConfiguration Option
Credential fails schema validationErrorcredentialSchema.validation.onInvalid
Schema load errorWarningcredentialSchema.validation.onSchemaError
Unsupported schema validation typeWarningcredentialSchema.validation.onUnsupported
Missing statusValidcredentialStatus.onMissing
Expired credentialErrornotAfter.credentials.verifiableCredential.onOutOfRange
Missing datesWarningnotAfter.credentials.verifiableCredential.onMissingDate
Revoked credentialErrorcredentialStatus.statusTypes.bitstringStatusList.statusChecks.revocation.onRevocation

Additional Resources

ON THIS PAGE