Private State Token API Development - Registration Required?

[thegreatfatzby]

Coming to PST way after some of the other PS APIs, have read a lot but am not fluent so to speak so sorry if I'm missing something.

I was trying to play around with PST, issuing tokens to a test site, testing the redemption path, query APIs, etc. When trying to issue tokens I got a few errors which make perfect sense, one in particular:

"...DOMException: No keys currently available for PST issuer. Issuer may need to register their key commitments."

Spent some more time digging around: I see that registration is still required for usage (maybe not for long?), and I don't see any chrome://flags to bypass that for a particular site (similar to what you can do with the PS RM API attestation), and I don't think I've seen any dev guides in either of the Github repos or articles I've found.

Is there a doc on this? Or do we need to register to test?

[dvorak42]

Registration will continue to be required for the foreseeable future. Part of this is because the issuer needs to provide key material to get distributed to Chrome (this is also why there isn't a flag to bypass the requirement as the client would still need to get the key material).

We'll try to surface it a bit more on the dev documentation, but you can use a command-line flag to develop a new issuer as described under Experimenting here: https://www.chromium.org/updates/trust-token/.