Session tokens are valid because they come from the service themselves, that’s how they know they’re good.
That doesn’t work here because if there’s no identifying information in this token from a 3rd party service (the ID verification service), then it is useless because it can simply be reused by everyone.
So you’d have to create a unique one for each site, which would involve the login website and verification service to link to each other, which is extremely privacy violating.
If it is NOT unique (ex: anonymous person request verification for site A), then that service can reuse that verification token and break it. So identifying the sites together is required for this to work and is a massive issue.
The solution is simple on-device parental controls and have the browser flag this. Yes it can be cheated just like “are you 18+?” prompts, and that’s how it should be.
It’s also important to point out that you’re saying social media. ID verification would not stop there, it would then be used for sites like porn, which nonsense laws have already passed for this without proper solutions. Which the government should have zero business seeing what legal porn you watch, nor is there anything wrong with porn that it should be banned.
Love factorio