Comment by cloudfudge

mTLS is no good because the target service could then uniquely identify you. I think you explicitly want a three-party scheme where the target service just accepts the idp's assertion about your age in a cryptographically secure way.