Documentation

How it works in 4 steps

1. Initiation

Your application redirects to Age4Zero with the minimum required age (example “aged:21”) :

scope: "openid aged:21"

2. Identification

The user verifies their identity via Itsme or another recognized official source.

3. Secure verification

Age4Zero confirms the age without storing or transmitting any personal data.

4. Simple response

Return to your application with only the age_verified:true/false and age_required claims.

Flux OIDC simplifié

Technical integration

Standard OIDC flow

Initiate an OIDC “Authorization code flow” (request code and exchange for an id_token)

// Redirect to Age4Zero
const authUrl = `https://verify.age4zero.io/auth?
  client_id=YOUR_CLIENT_ID&
  response_type=code&
  scope=openid aged:21&
  redirect_uri=YOUR_CALLBACK`;

Response via an ID token (for age over 21)

{
  "age_verified": true,
  "age_required": 21
}

Whole OIDC flow

The three OIDC flows in action are described below:

the Age4Zero service itself
the Age4ZeroBlind service, which will temporarily have knowledge of the user’s personal data
the authority service that knows the birthdate of the user

Flux OIDC complet

The two separate services, Age4Zero and Age4ZeroBlind, ensure that a single server never has both the visitor’s identity and the initiating application’s identity.