Skip to content

JackJey/private-state-token-demo

Repository files navigation

Private State Token DEMO

Private State Token The Private State Token API is a web platform API that allows propagating a limited amount of signals across sites, using the Privacy Pass protocol as an underlying primitive.

Private State Tokens enable an origin to issue cryptographic tokens to a user it trusts. Tokens are stored by the user's browser, and can later be redeemed in other contexts to confirm that the user is a real human.

For example, authenticity established for a user on a social media or email site can be conveyed to another site such as a news publisher or online store.

Find out more: Private State Tokens | Chrome Developers

This repo provides code to demonstrate Private State Token using BoringSSL to create an issuance service.

You can try out this demo online at private-state-token-demo.glitch.me or download, build and run it yourself.

Install and run this demo

The following instructions are oriented to a Linux environment.

Note that it takes several minutes to download the code, install and build BoringSSL (and cmake if necessary).

Download the code

git clone [email protected]:JackJey/private-state-token-demo.git

All the commands below should be run from the top-level private-state-token-demo directory:

cd private-state-token-demo

If necessary, install cmake

To build this demo you will need the cmake build tool.

Install BoringSSL

Run the install-boringssl.sh script to download and build BoringSSL:

./install-boringssl.sh

Build executables

Build the executable files required for the demo, using the BoringSSL library and the C files in the src directory as defined in the Makefile:

make

Install Node dependencies

The demo uses the Express HTTP server and other dependencies defined in package.json.

npm install

Run the demo server

Run npm start (defined in server.js) to start the demo server.

npm start

Open the demo page

Open demo with Chrome which enabled Private State Token API & Key Commitment for Issuer.

$ open -a Google\ Chrome \
  --args \
  --enable-features=PrivateStateTokens,PrivateStateTokensAlwaysAllowIssuance,PrivacySandboxSettings3 \
  --additional-private-state-token-key-commitments='{ "https://private-state-token-issuer.glitch.me": { "PrivateStateTokenV1VOPRF": { "protocol_version": "PrivateStateTokenV1VOPRF", "id": 1, "batchsize": 1, "keys": { "1": { "Y": "AAAAAQQ7W5gOubJT3kTpzNGsekT9RZPXgXGrOMB2+QPw/ZzAuLrM3kc8eyHuTc1KmKjH4sh5+ev5GCI4HVVd46o6rWvNvk0iZQtVuUPhT8X54Ajebng8v5zUnpnPuTjGqlc7+MM=", "expiry": "1715356984440000" } } } } }'

Open localhost:3000 to view the demo page.

By default, this demo runs on port 3000. You can change this by adding PORT environment like below.

PORT=8080 npm start

API details

Key commitment

GET /.well-known/private-state-token/key-commitment

key-commitment in JSON format used by the browser.

Issue request

GET /private-state-token/issuance

Private State Token issuance request endpoint.

Redemption

GET /private-state-token/redemption

Private State Token redemption request endpoint.

Send SRR

GET /private-state-token/send-srr

Send SRR endpoint. This parses Sec-Redemption-Record header which the client send and send back Redemption Record as a response.

Commands and flags

bin/main is the build result of src/main.c.

There is a flag for each Private State Token operation:

$ main --issue $REQUEST
$ main --redeem $REQUEST
$ main --key-generate

--issue

Take an issuance request (Sec-Trust-Token HTTP Header) and return an issuance response.

--redeem

Take a redemption request (Sec-Trust-Token HTTP Header) and return a redemption response.

--key-generate

Generate private/public keys for a Private State Token and ED25519 key pair and save them in the ./keys directory.

Find out more


This is not a Google product.

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published