Key commitment fetch for non-Chrome browsers

[abhisagw]

Currently PST issuer registration is being done through this Google Chrome repository.

We are observing that for issuers registered through the above repository, tokens are getting issued not just on Google Chrome but across other Chromium family browsers (like Edge, Chromium) as well. Can you please help with the below queries regarding this:

1. Is the Chrome repository extending support for browsers like Edge and Chromium by design?
2. If yes, what is the exhaustive list of such browsers which will be supported through Google Chrome issuer registration repository? Is there a way to recognize such browsers (perhaps through a set flag) ?
3. How do browsers other than Chrome fetch the key commitment? Is there an API contract with certain browsers as we see that other Chromium browsers like Opera don't fetch the key commitment registered through the above repository?

[dvorak42]

Chrome fetches the key commitments and distributes them to Chrome clients through a mechanism called Component Updater. Chromium and some Chromium derivatives use a combination of the same components as deployed by Chrome or generate their own components.

You can check "chrome://components/" on Chrome (and similar pages on other browsers) to see if there's a "Trust Token Key Commitment" component installed. (the name is historical from when PST was originally called Trust Token).

As other browsers add more complete support for the API, they'll need to establish a process for getting the key commitments to the client, either through a component updater-style method or some other method.