Unpair device method

[JamesB7]

Hello,

This isn't strictly necessary, but it would be a nice symmetry, if one is offering their users a Pair option, to also offer them an Unpair option. Certainly, when some sort of unique identifier is added, one could store a 'don't use' based on that, but out of respect to my users I'd really like to offer them the ability to genuinely unpair the device. :)

Other than the lack of unique identifiers, WebHID is working pretty well for me right now! (porting Evolv's ECigStats to the web)

Thank you!

James

[nondebug]

This is an interesting idea. Rather than adding permission revocation to WebHID API I think it would be better to allow WebHID permissions to be revoked through the Permissions API.

In Chrome it's already possible for users to revoke WebHID device permissions in the Site Information popup. Click the lock icon next to the address bar, then click the X icon next to devices that you want to revoke. You can do the same thing in Site Settings (chrome://settings/content/hidDevices). However there's no way to revoke permissions by script.

[beaufortfrancois]

Something like navigator.hid.revokeDevice(myDevice); or myDevice.forget() that would revoke a user-generated permission seems like a good idea. I'm happy to send a spec PR if that helps.

[nondebug]

Sure, if you'll put together a PR I'll take a look.

One complication is that WebHID may grant multiple permissions for a single call to requestDevice. This is because a single USB or Bluetooth device may expose multiple HID interfaces. It's unreasonable to expect users to differentiate between HID interfaces so we group them together for the purpose of permissions management.

I think in the future we will want to move to a model where all device permissions are tracked per-device instead of per-interface, so we should keep that in mind when designing a mechanism for revocation. i.e. we shouldn't assume permission to access one HIDDevice is tracked independently from other HIDDevices. We may also decide to combine permissions across APIs, for instance tracking WebHID + WebUSB device access under a unified low-level device access permission. Toward that end I think we should specify that revoking access to one HID interface also revokes access to all other HID interfaces exposed by the same device, and may revoke additional (unspecified) permissions.

[beaufortfrancois]

See https://github.com/WICG/webhid/pull/84

[beaufortfrancois]

FYI The new HIDDevice forget() is now available in Chrome Canary. Enable the "Experimental Web Platform Features" flag and check out a demo at https://hiddevice-forget.glitch.me

See https://twitter.com/quicksave2k/status/1480460243473772545

[reillyeon]

I think this issue can be closed.

[nondebug]

Thanks Francois!

[beaufortfrancois]

Developer documentation can be found at https://web.dev/hid/#revoke-access