Which is true. Irma/Yivi [1] in NL/BE proves that to be the case. But it always works with a trusted third party. The client, after confirming auth with the human, generates a unique key for the platform. The platform asks the trusted third party to verify this key, and then a scope is defined. For example: 'is this person 18+?' the response to the platform is then 'Yes' or 'No'.

[1] https://yivi.app