Important! Before you proceed, please read the Age Verification Solution Technical Specification
The Age Verification (AV) Issuer is an implementation of a (Q)EAA Provider service, following the Age Verification Specification. It is based on release 0.8.0 of the EUDI Issuer. New features will be introduced in this implementation, which will later be ported back to the EUDI Issuer.
The service provides support for the mso_mdoc format of the "Proof of Age" attestation with the namespace “eu.europa.ec.av.1”.
For authenticating the user, it requires the use of eIDAS node, OAUTH2 server or a simple form (for testing purposes).
You can use the Age Verification Issuer at https://issuer.ageverification.dev/, or install it locally (see installation instructions) |
The following is the coverage according to the Age Verification Specification.
| Feature | Coverage |
|---|---|
| Authorization Code flow | ✅ scope |
| mso_mdoc format | ✅ |
| Token Endpoint | ✅ (scope only) |
| Credential Endpoint | ✅ Including proofs and repeatable invocations |
| Credential Issuer MetaData | ✅ Unsigned metadata |
| Proof | ✅ JWT |
| PKCE | ✅ |
Additional coverage can be found at OpenId4VCI coverage.
You can use the Age Verification Issuer at https://issuer.ageverification.dev/, or install it locally by following the instructions in this section.
Pre-requisites:
- Python v. 3.9 or 3.10
- Flask v. 2.3 or higher
Click here for detailed installation instructions.
Click here for detailed instructions.
Please see detailed instructions on how to make your local AV Issuer available on the Internet install.md, and on how to get a free HTTPS certificate.
Yes. You must copy your IACA trusted certificate(s) (in PEM format) to the trusted_CAs_path folder. If you don't have an IACA certificate, we provide an example test IACA certificate for the country AgeVerification (AV).
See more information in api_docs/configuration.md.
Yes. Please follow the instructions in api_docs/configuration.md. If you don't have Document Signer private key and certificate, we provide test private DS keys and certificates, for country AgeVerification (AV).
Yes. Please see how in Install Docker.
The IACA included in a trusted list can be found at api_docs/test_tokens/IACA-token/AgeVerificationIssuer.IACA.01.EU.pem
The following channels are available for discussions, feedback, and support requests:
| Type | Channel |
|---|---|
| Issues |  |
| Discussion |  |
| Other requests |  |
This white-label application is a reference implementation of the Age Verification solution that should be customised before publishing it. The current version is not feature complete and will require further integration work before production deployment. In particular, any national-specific enrolment procedures must be implemented by the respective Member States or publishing parties.
Please note that this application is still under active development. It is regularly updated and new features and improvements are continuously being added.
We welcome contributions to this project. To ensure that the process is smooth for everyone involved, follow the guidelines found in CONTRIBUTING.md.
This project has adopted the Contributor Covenant in version 2.1 as our code of conduct. Please see the details in our CODE_OF_CONDUCT.md. All contributors must abide by the code of conduct.
By participating in this project, you agree to abide by its Code of Conduct at all times.
Copyright (c) 2025 European Commission
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.