Login with Xident

Login with Xident is an OAuth 2.0 / OpenID Connect provider that lets your users sign in with their Xident ID. Unlike traditional social logins, Xident provides verified age information without exposing any personally identifiable information (PII).

How it works in 30 seconds

  1. User clicks "Login with Xident" on your site
  2. They authenticate with their Xident ID (passkey, password, or face)
  3. They consent to share their verified age bracket with your site
  4. Your site receives an authorization code
  5. You exchange the code for tokens — including verified age claims

Why Login with Xident?

The age_verification scope — Xident's unique advantage

Most OAuth providers give you a name and email. Xident gives you something no one else can: a cryptographically verified age bracket. When a user logs in with the age_verification scope, you get a claim like "age_bracket": "18+" that was verified through ML-based liveness detection, document verification, or both — not just self-reported. 

{
  "sub": "xid_abc123def456",
  "age_verified": true,
  "age_bracket": "18+",
  "verification_level": "ml",
  "verified_at": "2026-02-15T10:30:00Z"
}

Key benefits

Benefit Description
Verified age, zero PII You get a pass/fail age bracket — no name, birthdate, or document images
Verify once, access everywhere Users verify their age once, then reuse it across every site that supports Xident
80% cheaper for returning users Token lookups cost a fraction of full ML or document verification
Higher conversion Users skip repeated selfies and document uploads — they just click "Allow"
Network effects More sites adopt Xident, more users create accounts, cheaper for everyone
Standards-based OAuth 2.0 + OpenID Connect — works with any language, framework, or library

How it compares

Feature Google GitHub Apple Xident
Email Yes Yes Yes (relay) Optional
Profile info Yes Yes Name only Optional
Verified age No No No Yes
Liveness-checked No No No Yes
No PII required No No Partial Yes
PKCE mandatory No No Yes Yes
OpenID Connect Yes No Yes Yes

The flow at a glance

Your Site                        Xident                          User
   |                               |                              |
   |  1. Redirect to /oauth/authorize                              |
   |-----------------------------→ |                              |
   |                               |  2. Show login + consent     |
   |                               | ----------------------------→|
   |                               |  3. User approves            |
   |                               | ←----------------------------|
   |  4. Redirect with ?code=xxx   |                              |
   |←------------------------------ |                              |
   |                               |                              |
   |  5. POST /oauth/token         |                              |
   |      (code + code_verifier)   |                              |
   |-----------------------------→ |                              |
   |  6. Access token + ID token   |                              |
   |←------------------------------ |                              |
   |                               |                              |
   |  7. GET /oauth/userinfo       |                              |
   |-----------------------------→ |                              |
   |  8. Verified age claims       |                              |
   |←------------------------------ |                              |

Minimal example

<a href="https://api.xident.io/oauth/authorize?
  client_id=YOUR_CLIENT_ID&
  redirect_uri=https://yoursite.com/callback&
  response_type=code&
  scope=openid age_verification&
  code_challenge=CHALLENGE&
  code_challenge_method=S256">
  Login with Xident
</a>

Next steps