Kiosk mode detection

PWA kiosk apps can implement ChromeOS kiosk detection with the Chrome Verified Access API. It builds on the existing Verified Access API technology with just a few key differences detailed in this guide.

Setup

The setup steps needed for using the Verified Access API to do kiosk mode detection are the same as those listed in the prerequisites for Verified Access. There are some additional steps to setup and launch your kiosk app on the managed Chromebook device.

In the Google Admin Console, do the following:

  • Follow this guide to install your kiosk app (step 1) and add your companion extension to the kiosk app (step 3).
  • For the kiosk companion extension, enable the Allow enterprise challenge setting under Certificate management

Implementation

There are three main components to implement Verified Access kiosk detection: a PWA kiosk app, companion Chrome extension, and network service.

PWA kiosk app

The PWA is your main kiosk app. It kicks off the process of kiosk mode detection by sending a message to the companion extension, letting it know to start the verification process.

Companion Chrome extension

The companion Chrome extension runs with the kiosk PWA and should listen to incoming messages from the PWA. Upon receiving the message to start the verification process,

  1. Call the Verified Access API to create a challenge
  2. Call the enterprise.platformKeys API on the generated challenge to create a challenge-response with an Enterprise User Key (user the "USER" scope)
  3. Send a request with the challenge-response to the network service to be verified

Refer to the developer guide for more information and code samples.

Network service

When your network service receives the request from the extension to verify the challenge-response, use the verify method. For kiosk mode detection, set expectedIdentity to "KIOSK_MODE". If successful, you should see a response body of an empty string or empty JSON, meaning the device is in kiosk mode. If the device is not in kiosk mode, a 404 code is returned in the response body with error message "Requested entity was not found".