Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Key commitment fetch for non-Chrome browsers #296

Open
abhisagw opened this issue Mar 29, 2024 · 1 comment
Open

Key commitment fetch for non-Chrome browsers #296

abhisagw opened this issue Mar 29, 2024 · 1 comment

Comments

@abhisagw
Copy link

Currently PST issuer registration is being done through this Google Chrome repository.

We are observing that for issuers registered through the above repository, tokens are getting issued not just on Google Chrome but across other Chromium family browsers (like Edge, Chromium) as well. Can you please help with the below queries regarding this:

  1. Is the Chrome repository extending support for browsers like Edge and Chromium by design?
  2. If yes, what is the exhaustive list of such browsers which will be supported through Google Chrome issuer registration repository? Is there a way to recognize such browsers (perhaps through a set flag) ?
  3. How do browsers other than Chrome fetch the key commitment? Is there an API contract with certain browsers as we see that other Chromium browsers like Opera don't fetch the key commitment registered through the above repository?
@dvorak42
Copy link
Collaborator

Chrome fetches the key commitments and distributes them to Chrome clients through a mechanism called Component Updater. Chromium and some Chromium derivatives use a combination of the same components as deployed by Chrome or generate their own components.

You can check "chrome://components/" on Chrome (and similar pages on other browsers) to see if there's a "Trust Token Key Commitment" component installed. (the name is historical from when PST was originally called Trust Token).

As other browsers add more complete support for the API, they'll need to establish a process for getting the key commitments to the client, either through a component updater-style method or some other method.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants