Integration with full stack app

[LanderDK]

Hello everyone,

I'm interested in exploring how to integrate Google Chrome's Device Bound Session Credentials (DBSC) into a PoC, to test this. Specifically, I aim to use React for the frontend and Node.js for the backend, leveraging DBSC for secure session management.

However, I'm not sure how to approach the integration process effectively. Here are some specific questions I have:

1. Frontend Integration: How can I incorporate DBSC into my (React) frontend to manage user sessions securely? Are there any JavaScript APIs or libraries provided that I can use for this purpose?
2. Backend Implementation: What steps should I take to implement DBSC within my (Node.js) backend?
3. Compatibility and Best Practices: Are there any best practices or considerations I should keep in mind when integrating DBSC with React and Node.js? How can I ensure compatibility and seamless interaction between frontend and backend components?

Any insights, tips, or resources on these topics would be greatly appreciated. I'm excited to learn more about DBSC and explore its capabilities in my project.

Thank you in advance for your assistance!

Best regards,
Lander

[peterfritz]

Hi @LanderDK,

While Device Bound Session Credentials (DBSC) offers a promising approach for securing user sessions, it's still in an early development stage. This means that creating a proof of concept (PoC) right now might be impractical.

There are two Chrome flags you can enable to experiment with DBSC: chrome://flags/#enable-bound-session-credentials and chrome://flags/#enable-bound-session-credentials-software-keys-for-manual-testing. However, implementing a proof of concept right now might be challenging due to a few reasons:

• Limited Documentation: As DBSC is still under development, there aren't extensive resources or documentation available yet. This can make the integration process more complex.
• No Established Libraries: There aren't any established JavaScript libraries or frameworks specifically designed for DBSC integration at this point. You might need to explore custom solutions or wait for libraries to emerge alongside the technology's development.
• Potential for Changes: Since DBSC is in proposal stage, there's a chance the implementation details or APIs might change in the future. This could require adjustments to your PoC if you build it now.

However, if you're still keen on experimenting with DBSC, these Chrome flags can provide a starting point for your exploration. Even if you encounter challenges due to DBSC's developmental stage, creating a PoC could be a valuable learning experience. If you do build one, I'd love to see it!

If you'd like to discuss this further, feel free to reach out.

Best regards,
Peter

[LanderDK]

Thank you for your detailed response!

Okay, I understand now. I'm certainly still open to making a PoC for this, if I manage to work something out, I'll be happy to share it with the community.

Best regards,
Lander

[LanderDK]

Hello, I have another question: these flags, I have enabled them in Google Chrome Canary, how can they be used? This obviously is the first time I'm working with any chrome flags. Thank you for your help.

Best regards,
Lander

[peterfritz]

Hi Lander,

Great question! Enabling those flags activates DBSC in Canary, but after some digging through Chromium's commit history and source code, it seems the API access is currently limited to Google and YouTube. This limited access, combined with the need to delve into source code to understand what functionalities are available and how to use them, is a perfect example of why creating a proof of concept (PoC) can be so challenging in the early stages of a proposal. Until this proposal gets implemented and browser support becomes more widespread, building a PoC might not be entirely feasible.

Code: /chrome/browser/signin/bound_session_credentials/bound_session_params_util.cc#L44-L50
Commit: chromium/chromium@921703d

Best,
Peter