Skip to main content

Browser and device compatibility

OpenAge's browser-based verification flow runs in the user's browser and offers multiple verification methods behind the scenes. One of those methods is AgeKey, a reusable low-friction age signal built on WebAuthn passkeys. AgeKey has a higher browser bar than the rest of the flow because it needs Related Origin Requests for passkeys, a Chromium feature that landed in Chrome 129. The widget checks the browser at runtime and only offers AgeKey when the browser supports it; on older browsers the widget still works, but AgeKey is hidden and users complete verification through another method.

How to read this document: Each table shows two minimums per row: the "widget" minimum is where the verification flow runs at all, and the "AgeKey" minimum is where AgeKey is offered as a verification method. End-user device support is determined by whether the device runs a supported OS version and browser. No specific hardware model is required beyond what's needed to run that OS.


Desktop browsers

BrowserWidget minimumAgeKey minimumNotes
Chrome108129AgeKey hidden below Chrome 129.
Edge108129Chromium-based; AgeKey support matches Chrome.
Safari1616Requires macOS 12.4 (Monterey) or later.
Firefox122122AgeKey on macOS also requires macOS 13 (Ventura) or later.
Opera97115Chromium-based; AgeKey hidden below Opera 115.

Mobile browsers

BrowserWidget minimumAgeKey minimumNotes
Chrome (Android)108129Android 9+ required. AgeKey hidden below Chrome 129.
Edge (Android)108129Android 9+ required. AgeKey hidden below Edge 129.
Firefox (Android)128128Android 9+ required. AgeKey via Android Credential Manager.
Opera Mobile (Android)8089Android 9+ required. Opera Mini isn't supported.
Safari (iOS)15.216AgeKey requires iOS 16+.

Apple requires all iOS browsers to use WebKit, so Chrome, Firefox, Edge, and other browsers on iOS follow the Safari (iOS) row rather than their Android or desktop version requirements.


Mobile embed (in-app browsers)

If your integration opens the verification flow inside an embedded browser (rather than launching the device's default browser), the following minimums apply. Both iOS ASWebAuthenticationSession and SFSafariViewController support AgeKey; on Android, Android Custom Tabs is the supported surface.

SurfaceWidget minimumAgeKey minimumNotes
iOS ASWebAuthenticationSessioniOS 15.2iOS 16+Recommended. OS-managed browser view; carries passkey entitlements.
iOS SFSafariViewControlleriOS 15.2iOS 16+Also supported. Same passkey entitlements as ASWebAuthenticationSession.
iOS WKWebView (native app embed)iOS 15.2❌ (widget hides AgeKey)Generic WKWebView instances lack passkey entitlements. The widget detects window.webkit.messageHandlers and hides AgeKey; users complete verification through another method. WKWebView-based browsers with entitlements (Chrome for iOS, Firefox for iOS, Edge for iOS) are allowlisted.
Android Custom TabsChrome 108 / Android 9+Chrome 129 / Android 9+Recommended. AgeKey via Custom Tabs + Credential Manager from Chrome 129.
Android WebViewAndroid 9+❌ (widget hides AgeKey)Android WebView doesn't support WebAuthn. The widget checks the publickey-credentials-create feature policy and hides AgeKey; users complete verification through another method.
Android Trusted Web ActivityRequires digital-asset-link setup on the OpenAge domain, which isn't available. TWA falls back to Custom Tabs; use Custom Tabs directly.

Desktop embed and game engines

Desktop apps, launchers, and game engines often host web content through an embedded Chromium Embedded Framework (CEF) surface, such as CefSharp or the CEF-based browser bundled with a game engine.

The AgeKey requirement is the same as for desktop Chrome: the underlying Chromium branch must include Related Origin Requests, which landed in Chromium 129. Below CEF 129, use ceremonies silently fail, so the widget hides AgeKey and offers other verification methods instead.

CEF branchAgeKey status
CEF below 129Not usable. Widget hides AgeKey and offers other verification methods.
CEF 129+Fully supported. Both AgeKey creation and re-use work through the OS platform authenticator (Windows Hello, Touch ID).

For platforms where the OS default browser or an embedded browser isn't available (for example, some living-room consoles), show a QR code so the user can complete verification on a phone or another device. See the shortUrl guidance for details.


For questions about a specific device or browser configuration, contact your OpenAge representative.