Testing early versions of DBSC

How to try the current status of DBSC:

• Must use Windows, Mac, or Linux. On Mac or Linux, you must enable the chrome://flags entry enable-bound-session-credentials-software-keys-for-manual-testing. This flag eliminates any security guarantees from DBSC, but allows for broader testing.
  • Note that the software keys enabled by enable-bound-session-credentials-software-keys-for-manual-testing only support ES256
• Download a recent Chrome or build yourself. Official releases after version 134.0.6988.0 or local builds after https://chromium.googlesource.com/chromium/src.git/+/00256d047d3cd331085b09f5e4d417bc3b35681c are expected to support basic refresh flows.
• Set the chrome://flags entries enable-standard-device-bound-session-credentials and enable-standard-device-bound-session-persistence.
  • Note: starting in M135 it's recommended to set enable-standard-device-bound-session-credentials to "Enabled - Without Origin Trial tokens" and enable-standard-device-bound-session-credentials-refresh quota to "Disabled"
• Go to a webpage that sets the DBSC registration headers. A test server is provided at https://dbsc-prototype-server.glitch.me/

If you're participating in the Origin Trial, we encourage you to check the changelog regularly for any updates to Chrome. We will aim to minimize backwards-incompatible changes, but the API is still under active development.

Debugging tips:

• DBSC requests are not currently integrated with DevTools. They can be directly inspected via chrome://net-export
• UMA histograms can help debug DBSC. To use them:
  • Open chrome://histograms/#Net.DeviceBoundSessions and switch to Monitoring Mode
  • Leave that tab open and attempt a DBSC flow.
  • Return to that tab and see the histogram definitions here.

Any questions please open an issue here or email drubery@google.com.