Web Bluetooth

Draft Community Group Report,

More details about this document
This version:
https://webbluetoothcg.github.io/web-bluetooth/
Issue Tracking:
GitHub
Inline In Spec
Editors:
(Google LLC)
(Google LLC)
See contributors on GitHub
Translations (non-normative):
日本語
Participate:
Join the W3C Community Group
Fix the text through GitHub
[email protected] (archives)
IRC: #web-bluetooth on W3C’s IRC

Abstract

This document describes an API to discover and communicate with devices over the Bluetooth 4 wireless standard using the Generic Attribute Profile (GATT).

Status of this document

This specification was published by the Web Bluetooth Community Group. It is not a W3C Standard nor is it on the W3C Standards Track. Please note that under the W3C Community Contributor License Agreement (CLA) there is a limited opt-out and other conditions apply. Learn more about W3C Community and Business Groups.

Changes to this document may be tracked at https://github.com/WebBluetoothCG/web-bluetooth/commits/gh-pages.

If you wish to make comments regarding this document, please send them to [email protected] (subscribe, archives).

1. Introduction

This section is non-normative.

Bluetooth is a standard for short-range wireless communication between devices. Bluetooth "Classic" (BR/EDR) defines a set of binary protocols and supports speeds up to about 24Mbps. Bluetooth 4.0 introduced a new "Low Energy" mode known as "Bluetooth Smart", BLE, or just LE which is limited to about 1Mbps but allows devices to leave their transmitters off most of the time. BLE provides most of its functionality through key/value pairs provided by the Generic Attribute Profile (GATT).

BLE defines multiple roles that devices can play. The Broadcaster and Observer roles are for transmitter- and receiver-only applications, respectively. Devices acting in the Peripheral role can receive connections, and devices acting in the Central role can connect to Peripheral devices.

A device acting in either the Peripheral or Central role can host a GATT Server, which exposes a hierarchy of Services, Characteristics, and Descriptors. See § 6.1 GATT Information Model for more details about this hierarchy. Despite being designed to support BLE transport, the GATT protocol can also run over BR/EDR transport.

The first version of this specification allows web pages, running on a UA in the Central role, to connect to GATT Servers over either a BR/EDR or LE connection. While this specification cites the [BLUETOOTH42] specification, it intends to also support communication among devices that only implement Bluetooth 4.0 or 4.1.

1.1. Examples

To discover and retrieve data from a standard heart rate monitor, a website would use code like the following:
let chosenHeartRateService = null;

navigator.bluetooth.requestDevice({
  filters: [{
    services: ['heart_rate'],
  }]
}).then(device => device.gatt.connect())
.then(server => server.getPrimaryService('heart_rate'))
.then(service => {
  chosenHeartRateService = service;
  return Promise.all([
    service.getCharacteristic('body_sensor_location')
      .then(handleBodySensorLocationCharacteristic),
    service.getCharacteristic('heart_rate_measurement')
      .then(handleHeartRateMeasurementCharacteristic),
  ]);
});

function handleBodySensorLocationCharacteristic(characteristic) {
  if (characteristic === null) {
    console.log("Unknown sensor location.");
    return Promise.resolve();
  }
  return characteristic.readValue()
  .then(sensorLocationData => {
    const sensorLocation = sensorLocationData.getUint8(0);
    switch (sensorLocation) {
      case 0: return 'Other';
      case 1: return 'Chest';
      case 2: return 'Wrist';
      case 3: return 'Finger';
      case 4: return 'Hand';
      case 5: return 'Ear Lobe';
      case 6: return 'Foot';
      default: return 'Unknown';
    }
  }).then(location => console.log(location));
}

function handleHeartRateMeasurementCharacteristic(characteristic) {
  return characteristic.startNotifications()
  .then(char => {
    characteristic.addEventListener('characteristicvaluechanged',
                                    onHeartRateChanged);
  });
}

function onHeartRateChanged(event) {
  const characteristic = event.target;
  console.log(parseHeartRate(characteristic.value));
}

parseHeartRate() would be defined using the heart_rate_measurement documentation to read the DataView stored in a BluetoothRemoteGATTCharacteristic's value field.

function parseHeartRate(data) {
  const flags = data.getUint8(0);
  const rate16Bits = flags & 0x1;
  const result = {};
  let index = 1;
  if (rate16Bits) {
    result.heartRate = data.getUint16(index, /*littleEndian=*/true);
    index += 2;
  } else {
    result.heartRate = data.getUint8(index);
    index += 1;
  }
  const contactDetected = flags & 0x2;
  const contactSensorPresent = flags & 0x4;
  if (contactSensorPresent) {
    result.contactDetected = !!contactDetected;
  }
  const energyPresent = flags & 0x8;
  if (energyPresent) {
    result.energyExpended = data.getUint16(index, /*littleEndian=*/true);
    index += 2;
  }
  const rrIntervalPresent = flags & 0x10;
  if (rrIntervalPresent) {
    const rrIntervals = [];
    for (; index + 1 < data.byteLength; index += 2) {
      rrIntervals.push(data.getUint16(index, /*littleEndian=*/true));
    }
    result.rrIntervals = rrIntervals;
  }
  return result;
}

onHeartRateChanged() might log an object like

{
  heartRate: 70,
  contactDetected: true,
  energyExpended: 750,     // Meaning 750kJ.
  rrIntervals: [890, 870]  // Meaning .87s and .85s.
}

If the heart rate sensor reports the energyExpended field, the web application can reset its value to 0 by writing to the heart_rate_control_point characteristic:

function resetEnergyExpended() {
  if (!chosenHeartRateService) {
    return Promise.reject(new Error('No heart rate sensor selected yet.'));
  }
  return chosenHeartRateService.getCharacteristic('heart_rate_control_point')
  .then(controlPoint => {
    const resetEnergyExpended = new Uint8Array([1]);
    return controlPoint.writeValue(resetEnergyExpended);
  });
}

2. Security considerations

See § 3 Privacy considerations section. [Issue #575]

3. Privacy considerations

3.1. Device access is powerful

When a website requests access to devices using requestDevice(), it gets the ability to access all GATT services mentioned in the call. The UA MUST inform the user what capabilities these services give the website before asking which devices to entrust to it. If any services in the list aren’t known to the UA, the UA MUST assume they give the site complete control over the device and inform the user of this risk. The UA MUST also allow the user to inspect what sites have access to what devices and revoke these pairings.

The UA MUST NOT allow the user to pair entire classes of devices with a website. It is possible to construct a class of devices for which each individual device sends the same Bluetooth-level identifying information. UAs are not required to attempt to detect this sort of forgery and MAY let a user pair this pseudo-device with a website.

To help ensure that only the entity the user approved for access actually has access, this specification requires that only secure contexts can access Bluetooth devices.

3.2. Trusted servers can serve malicious code

This section is non-normative.

Even if the user trusts an origin, that origin’s servers or developers could be compromised, or the origin’s site could be vulnerable to XSS attacks. Either could lead to users granting malicious code access to valuable devices. Origins should define a Content Security Policy ([CSP3]) to reduce the risk of XSS attacks, but this doesn’t help with compromised servers or developers.

The ability to retrieve granted devices after a page reload, provided by § 4.1 Permission API Integration, makes this risk worse. Instead of having to get the user to grant access while the site is compromised, the attacker can take advantage of previously-granted devices if the user simply visits while the site is compromised. On the other hand, when sites can keep access to devices across page reloads, they don’t have to show as many permission prompts overall, making it more likely that users will pay attention to the prompts they do see.

3.3. Attacks on devices

This section is non-normative.

Communication from websites can break the security model of some devices, which assume they only receive messages from the trusted operating system of a remote device. Human Interface Devices are a prominent example, where allowing a website to communicate would allow that site to log keystrokes. This specification includes a GATT blocklist of such vulnerable services, characteristics, and descriptors to prevent websites from taking advantage of them.

We expect that many devices are vulnerable to unexpected data delivered to their radio. In the past, these devices had to be exploited one-by-one, but this API makes it plausible to conduct large-scale attacks. This specification takes several approaches to make such attacks more difficult:

UAs can also take further steps to protect their users:

3.4. Bluetooth device identifiers

This section is non-normative.

Each Bluetooth BR/EDR device has a unique 48-bit MAC address known as the BD_ADDR. Each Bluetooth LE device has at least one of a Public Device Address and a Static Device Address. The Public Device Address is a MAC address. The Static Device Address may be regenerated on each restart. A BR/EDR/LE device will use the same value for the BD_ADDR and the Public Device Address (specified in the Read BD_ADDR Command).

An LE device may also have a unique, 128-bit Identity Resolving Key, which is sent to trusted devices during the bonding process. To avoid leaking a persistent identifier, an LE device may scan and advertise using a random Resolvable or Non-Resolvable Private Address instead of its Static or Public Address. These are regenerated periodically (approximately every 15 minutes), but a bonded device can check whether one of its stored IRKs matches any given Resolvable Private Address using the Resolvable Private Address Resolution Procedure.

Each Bluetooth device also has a human-readable Bluetooth Device Name. These aren’t guaranteed to be unique, but may well be, depending on the device type.

3.4.1. Identifiers for remote Bluetooth devices

This section is non-normative.

If a website can retrieve any of the persistent device IDs, these can be used, in combination with a large effort to catalog ambient devices, to discover a user’s location. A device ID can also be used to identify that a user who pairs two different websites with the same Bluetooth device is a single user. On the other hand, many GATT services are available that could be used to fingerprint a device, and a device can easily expose a custom GATT service to make this easier.

This specification suggests that the UA use different device IDs for a single device when its user doesn’t intend scripts to learn that it’s a single device, which makes it difficult for websites to abuse the device address like this. Device makers can still design their devices to help track users, but it takes work.

3.4.2. The UA’s Bluetooth address

This section is non-normative.

In BR/EDR mode, or in LE mode during active scanning without the Privacy Feature, the UA broadcasts its persistent ID to any nearby Bluetooth radio. This makes it easy to scatter hostile devices in an area and track the UA. As of 2014-08, few or no platforms document that they implement the Privacy Feature, so despite this spec recommending it, few UAs are likely to use it. This spec does require a user gesture for a website to trigger a scan, which reduces the frequency of scans some, but it would still be better for more platforms to expose the Privacy Feature.

3.5. Exposing Bluetooth availability

This section is non-normative.

navigator.bluetooth.getAvailability() exposes whether a Bluetooth radio is available on the user’s system, regardless of whether it is powered on or not. The availability is also affected if the user has configured the UA to block Web Bluetooth. Some users might consider this private, although it’s hard to imagine the damage that would result from revealing it. This information also increases the UA’s fingerprinting surface by a bit. This function returns a Promise, so UAs have the option of asking the user what value they want to return, but we expect the increased risk to be small enough that UAs will choose not to prompt.

4. Device Discovery

dictionary BluetoothDataFilterInit {
  BufferSource dataPrefix;
  BufferSource mask;
};

dictionary BluetoothManufacturerDataFilterInit : BluetoothDataFilterInit {
  required [EnforceRange] unsigned short companyIdentifier;
};

dictionary BluetoothServiceDataFilterInit : BluetoothDataFilterInit {
  required BluetoothServiceUUID service;
};

dictionary BluetoothLEScanFilterInit {
  sequence<BluetoothServiceUUID> services;
  DOMString name;
  DOMString namePrefix;
  sequence<BluetoothManufacturerDataFilterInit> manufacturerData;
  sequence<BluetoothServiceDataFilterInit> serviceData;
};

dictionary RequestDeviceOptions {
  sequence<BluetoothLEScanFilterInit> filters;
  sequence<BluetoothLEScanFilterInit> exclusionFilters;
  sequence<BluetoothServiceUUID> optionalServices = [];
  sequence<unsigned short> optionalManufacturerData = [];
  boolean acceptAllDevices = false;
};

[Exposed=Window, SecureContext]
interface Bluetooth : EventTarget {
  Promise<boolean> getAvailability();
  attribute EventHandler onavailabilitychanged;
  [SameObject]
  readonly attribute BluetoothDevice? referringDevice;
  Promise<sequence<BluetoothDevice>> getDevices();
  Promise<BluetoothDevice> requestDevice(optional RequestDeviceOptions options = {});
};

Bluetooth includes BluetoothDeviceEventHandlers;
Bluetooth includes CharacteristicEventHandlers;
Bluetooth includes ServiceEventHandlers;
NOTE: Bluetooth members
Note: getAvailability() informs the page whether Bluetooth is available at all. An adapter that’s disabled through software should count as available. Changes in availability, for example when the user physically attaches or detaches an adapter, are reported through the availabilitychanged event.

referringDevice gives access to the device from which the user opened this page, if any. For example, an Eddystone beacon might advertise a URL, which the UA allows the user to open. A BluetoothDevice representing the beacon would be available through navigator.bluetooth.referringDevice.

getDevices() enables the page to retrieve Bluetooth devices that the user has granted access to.

requestDevice(options) asks the user to grant this origin access to a device that matches any filter in options.filters but does not match any filter in options.exclusionFilters. To match a filter, the device has to:

Both Manufacturer Specific Data and Service Data map a key to an array of bytes. BluetoothDataFilterInit filters these arrays. An array matches if it has a prefix such that prefix & mask is equal to dataPrefix & mask.

Note that if a device changes its behavior significantly when it connects, for example by not advertising its identifying manufacturer data anymore and instead having the client discover some identifying GATT services, the website may need to include filters for both behaviors.

In rare cases, a device may not advertise enough distinguishing information to let a site filter out uninteresting devices. In those cases, a site can set acceptAllDevices to true and omit all filters and exclusionFilters. This puts the burden of selecting the right device entirely on the site’s users. If a site uses acceptAllDevices, it will only be able to use services listed in optionalServices.

After the user selects a device to pair with this origin, the origin is allowed to access any service whose UUID was listed in the services list in any element of options.filters or in options.optionalServices. The origin is also allowed to access any manufacturer data from manufacturer codes defined in options.optionalManufacturerData from the device’s advertisement data.

This implies that if developers filter just by name, they must use optionalServices to get access to any services.

Say the UA is close to the following devices:
Device Advertised Services
D1 A, B, C, D
D2 A, B, E
D3 C, D
D4 E
D5 <none>

If the website calls

navigator.bluetooth.requestDevice({
  filters: [ {services: [A, B]} ]
});

the user will be shown a dialog containing devices D1 and D2. If the user selects D1, the website will not be able to access services C or D. If the user selects D2, the website will not be able to access service E.

On the other hand, if the website calls

navigator.bluetooth.requestDevice({
  filters: [
    {services: [A, B]},
    {services: [C, D]}
  ]
});

the dialog will contain devices D1, D2, and D3, and if the user selects D1, the website will be able to access services A, B, C, and D.

If the website then calls

navigator.bluetooth.getDevices();

the resulting Promise will resolve into an array containing device D1, and the website will be able to access services A, B, C, and D.

The optionalServices list doesn’t add any devices to the dialog the user sees, but it does affect which services the website can use from the device the user picks.

navigator.bluetooth.requestDevice({
  filters: [ {services: [A, B]} ],
  optionalServices: [E]
});

Shows a dialog containing D1 and D2, but not D4, since D4 doesn’t contain the required services. If the user selects D2, unlike in the first example, the website will be able to access services A, B, and E.

If the website calls

navigator.bluetooth.getDevices();

again, then the resulting Promise will resolve into an array containing the devices D1 and D2. The A, B, C, and D services will be accessible on device D1, while A, B, and E services will be accessible on device D2.

The allowed services also apply if the device changes after the user grants access. For example, if the user selects D1 in the previous requestDevice() call, and D1 later adds a new E service, that will fire the serviceadded event, and the web page will be able to access service E.

Say the devices in the previous example also advertise names as follows:
Device Advertised Device Name
D1 First De…
D2 <none>
D3 Device Third
D4 Device Fourth
D5 Unique Name

The following table shows which devices the user can select between for several values of filters passed to navigator.bluetooth.requestDevice({filters: filters}).

filters Devices Notes
[{name: "Unique Name"}]
D5
[{namePrefix: "Device"}]
D3, D4
[{name: "First De"},
  {name: "First Device"}]
<none> D1 only advertises a prefix of its name, so trying to match its whole name fails.
[{namePrefix: "First"},
  {name: "Unique Name"}]
D1, D5
[{services: [C],
  namePrefix: "Device"},
  {name: "Unique Name"}]
D3, D5

The following table shows which devices the user can select between for several values of filters and exclusionFilters passed to navigator.bluetooth.requestDevice({filters: filters, exclusionFilters: exclusionFilters}).

filters exclusionFilters Devices
[{namePrefix: "Device"}]  // D3, D4
[{name: "Device Third"}]   // D3
D4
[{namePrefix: "Device"}]  // D3, D4
[{namePrefix: "Device F"}] // D4
D3
[{services: [C]},         // D1, D3
  {namePrefix: "Device"}] // D3, D4
[{services: [A]},          // D1
  {name: "Device Fourth"}] // D4
D3
Say the devices in the previous example also advertise manufacturer or service data as follows:
Device Manufacturer Data Service Data
D1 17: 01 02 03
D2 A: 01 02 03

The following table shows which devices the user can select between for several values of filters passed to navigator.bluetooth.requestDevice({filters: filters}).

filters Devices
[{ manufacturerData: [{ companyIdentifier: 17 }] }]
D1
[{ serviceData: [{ service: "A" }] }]
D2
[
  { manufacturerData: [{ companyIdentifier: 17 }] },
  { serviceData: [{ service: "A" }] },
]
D1, D2
[
  {
    manufacturerData: [{ companyIdentifier: 17 }],
    serviceData: [{ service: "A" }],
  },
]
<none>
[
  {
    manufacturerData: [
      {
        companyIdentifier: 17,
        dataPrefix: new Uint8Array([1, 2, 3])
      },
    ],
  },
]
D1
[
  {
    manufacturerData: [
      {
        companyIdentifier: 17,
        dataPrefix: new Uint8Array([1, 2, 3, 4])
      },
    ],
  },
]
<none>
[
  {
    manufacturerData: [
      {
        companyIdentifier: 17,
        dataPrefix: new Uint8Array([1])
      },
    ],
  },
]
D1
[
  {
    manufacturerData: [
      {
        companyIdentifier: 17,
        dataPrefix: new Uint8Array([0x91, 0xAA]),
        mask: new Uint8Array([0x0f, 0x57]),
      },
    ],
  },
]
D1
[
  {
    manufacturerData: [
      { companyIdentifier: 17 },
      { companyIdentifier: 18 },
    ]
  }
]
<none>
Filters that either accept or reject all possible devices cause TypeErrors. To accept all devices, use acceptAllDevices instead.
Call Notes
requestDevice({})
Invalid: An absent list of filters doesn’t accept any devices.
requestDevice({filters:[]})
Invalid: An empty list of filters doesn’t accept any devices.
requestDevice({filters:[{}]})
Invalid: An empty filter accepts all devices, and so isn’t allowed either.
requestDevice({
  acceptAllDevices:true
})
Valid: Explicitly accept all devices with acceptAllDevices.
requestDevice({
  filters: [...],
  acceptAllDevices:true
})
Invalid: acceptAllDevices would override any filters.
requestDevice({
  exclusionFilters: [...],
  acceptAllDevices:true
})
Invalid: acceptAllDevices would override any exclusionFilters.
requestDevice({
  exclusionFilters: [...]
})
Invalid: exclusionFilters require filters.
requestDevice({
  filters: [...],
  exclusionFilters: []
})
Invalid: exclusionFilters must be non-empty to exclude devices.
requestDevice({
  filters: [{namePrefix: ""}]
})
Invalid: namePrefix, if present, must be non-empty to filter devices.
requestDevice({
  filters: [{manufacturerData: []}]
})
Invalid: manufacturerData, if present, must be non-empty to filter devices.
requestDevice({
  filters: [{serviceData: []}]
})
Invalid: serviceData, if present, must be non-empty to filter devices.

Instances of Bluetooth are created with the internal slots described in the following table:

Internal Slot Initial Value Description (non-normative)
[[deviceInstanceMap]] An empty map from Bluetooth devices to BluetoothDevice instances. Ensures only one BluetoothDevice instance represents each Bluetooth device inside a single global object.
[[attributeInstanceMap]] An empty map from Bluetooth cache entries to Promises. The Promises resolve to either BluetoothRemoteGATTService, BluetoothRemoteGATTCharacteristic, or BluetoothRemoteGATTDescriptor instances.
[[referringDevice]] null Set to a BluetoothDevice while initializing the Document object if the Document was opened from the device.
Getting navigator.bluetooth.referringDevice must return [[referringDevice]].
Some UAs may allow the user to cause a browsing context to navigate in response to a Bluetooth device.
Note: For example, if an Eddystone beacon advertises a URL, the UA may allow the user to navigate to this URL.

If this happens, then as part of initializing the Document object, the UA MUST run the following steps:

  1. Let referringDevice be the device that caused the navigation.

  2. Get the BluetoothDevice representing referringDevice inside navigator.bluetooth, and let referringDeviceObj be the result.

  3. If the previous step threw an exception, abort these steps.

    Note: This means the UA didn’t infer that the user intended to grant the current realm access to referringDevice. For example, the user might have denied GATT access globally.
  4. Set navigator.bluetooth.[[referringDevice]] to referringDeviceObj.

A Bluetooth device device matches a filter filter if the following steps return match:
  1. If filter.name is present then, if device’s Bluetooth Device Name isn’t complete and equal to filter.name, return mismatch.

  2. If filter.namePrefix is present then if device’s Bluetooth Device Name isn’t present or doesn’t start with filter.namePrefix, return mismatch.

  3. For each uuid in filter.services, if the UA has not received advertising data, an extended inquiry response, or a service discovery response indicating that the device supports a primary (vs included) service with UUID uuid, return mismatch.

  4. For each manufacturerData in filter["manufacturerData"], if device hasn’t advertised manufacturer specific data with a company identifier code equal to manufacturerData["companyIdentifier"] and with data that matches manufacturerData return mismatch.

  5. For each serviceData in filter["serviceData"], if device hasn’t advertised service data with a UUID whose 128-bit form is serviceData["service"] and with data that matches serviceData return mismatch.

  6. Return match.

An array of bytes data matches a BluetoothDataFilterInit filter if the following steps return match.
Note: This algorithm assumes that filter has already been canonicalized.
  1. Let expectedPrefix be a copy of the bytes held by filter.dataPrefix.

  2. Let mask be a copy of the bytes held by filter.mask.

  3. If data has fewer bytes than expectedPrefix, return mismatch.

  4. For each 1 bit in mask, if the corresponding bit in data is not equal to the corresponding bit in expectedPrefix, return mismatch.

  5. Return match.

A BluetoothDataFilterInit filter1 is a strict subset of a BluetoothDataFilterInit filter2 if the following steps return true:
  1. If the length of filter1 is less than the length of filter2, return false.

  2. Let byteIndex be 0.

  3. While byteIndex is less than the length of filter2, do the following sub-steps:

    1. If filter1.mask[byteIndex] & filter2.mask[byteIndex] is not equal to filter2.mask[byteIndex], return false.

    2. If filter1.dataPrefix[byteIndex] & filter2.mask[byteIndex] it not equal to filter2.dataPrefix[byteIndex] & filter2.mask[byteIndex], return false.

    3. Set byteIndex to byteIndex + 1.

  4. Return true.

The list of Service UUIDs that a device advertises might not include all the UUIDs the device supports. The advertising data does specify whether this list is complete. If a website filters for a UUID that a nearby device supports but doesn’t advertise, that device might not be included in the list of devices presented to the user. The UA would need to connect to the device to discover the full list of supported services, which can impair radio performance and cause delays, so this spec doesn’t require it.
To getDevices() method, when invoked and given a BluetoothPermissionStorage storage, MUST return a new promise promise and run the following steps in parallel:
  1. If this's relevant global object's associated Document is not allowed to use the policy-controlled feature named "bluetooth", reject promise with a SecurityError and abort these steps.

  2. Let devices be a new empty Array.

  3. For each allowedDevice in storage.allowedDevices, add the BluetoothDevice object representing allowedDevice@[[device]] to devices.

  4. Resolve promise with devices.

    Note: The BluetoothDevices in devices may not be in range of the Bluetooth radio. For a given device in devices, the watchAdvertisements() method can be used to observe when device is in range and broadcasting advertisement packets. When an advertisementreceived event event is fired on a device, it may indicate that it is close enough for a connection to be established by calling event.device.gatt.connect().
The requestDevice(options) method, when invoked, MUST return a new promise promise and run the following steps in parallel:
  1. If options.exclusionFilters is present and options.filters is not present, reject promise with a TypeError and abort these steps.

  2. If options.filters is present and options.acceptAllDevices is true, or if options.filters is not present and options.acceptAllDevices is false, reject promise with a TypeError and abort these steps.

    Note: This enforces that exactly one of filters or acceptAllDevices:true is present.
  3. Request Bluetooth devices, passing options.filters if options.acceptAllDevices is false or null otherwise, passing options.exclusionFilters if it exists or null otherwise, passing options.optionalServices, and passing options.optionalManufacturerData, and let devices be the result.

  4. If the previous step threw an exception, reject promise with that exception and abort these steps.

  5. If devices is an empty sequence, reject promise with a NotFoundError and abort these steps.

  6. Resolve promise with devices[0].

To request Bluetooth devices, given a BluetoothPermissionStorage storage and a sequence of BluetoothLEScanFilterInits filters, which can be null to represent that all devices can match, a sequence of BluetoothLEScanFilterInits exclusionFilters, which can be null if no exclusion filters have been set, a sequence of BluetoothServiceUUIDs optionalServices, and a sequence of unsigned shorts optionalManufacturerData, the UA MUST run the following steps:
Note: These steps can block, so uses of this algorithm must be in parallel.
Note: Calls to this algorithm will eventually be able to request multiple devices, but for now it only ever returns a single one.
  1. Let global be the relevant global object for storage.

  2. Let document be global’s associated Document.

  3. If document is not allowed to use the policy-controlled feature named "bluetooth", throw a SecurityError and abort these steps.

  4. Check that the algorithm is triggered while its relevant global object has a transient activation, otherwise throw a SecurityError and abort these steps.

  5. In order to convert the arguments from service names and aliases to just UUIDs, do the following sub-steps:

    1. If filters !== null && filters.length === 0, throw a TypeError and abort these steps.

    2. If exclusionFilters !== null && exclusionFilters.length === 0, throw a TypeError and abort these steps.

    3. Let uuidFilters be a new Array, uuidExclusionFilters be a new Array, and requiredServiceUUIDs be a new Set.

    4. If filters is null, then set requiredServiceUUIDs to the set of all UUIDs.

    5. If filters isn’t null, then for each filter in filters, do the following steps:

      1. Let canonicalFilter be the result of canonicalizing filter.

      2. Append canonicalFilter to uuidFilters.

      3. Add the contents of canonicalFilter.services to requiredServiceUUIDs.

    6. If exclusionFilters isn’t null, then for each exclusionFilter in exclusionFilters, do the following steps:

      1. Let canonicalExclusionFilter be the result of canonicalizing exclusionFilter.

      2. Append canonicalExclusionFilter to uuidExclusionFilters.

    7. Let optionalServiceUUIDs be Array.prototype.map.call(optionalServices, BluetoothUUID.getService).

    8. If any of the BluetoothUUID.getService() calls threw an exception, throw that exception and abort these steps.

    9. Remove from optionalServiceUUIDs any UUIDs that are blocklisted.

  6. Let descriptor be

    {
      name: "bluetooth",
      filters: uuidFilters
      optionalServices: optionalServiceUUIDs,
      optionalManufacturerData: optionalManufacturerData
      acceptAllDevices: filters !== null,
    }
    
  7. Let state be descriptor’s permission state.

    Note: state will be "denied" in non-secure contexts because powerful features can’t be used in non-secure contexts.
  8. If state is "denied", return [] and abort these steps.

  9. If the UA can prove that no devices could possibly be found in the next step, for example because there is no Bluetooth adapter with which to scan, or because the filters can’t be matched by any possible advertising packet, the UA MAY return [] and abort these steps.

  10. Let scanResult be the result of invoking scan for devices with global and requiredServiceUUIDs.

  11. If filters isn’t null, do the following sub-steps:

    1. Remove devices from scanResult if they do not match a filter in uuidFilters.

    2. If exclusionFilters isn’t null, remove devices from scanResult if they match a filter in uuidExclusionFilters.

  12. Let navigable be document’s navigable.

  13. Let promptId be a new unique opaque string.

In practice, the device list is dynamically updated while a prompt is open. The spec text currently does not reflect that but this event might be emitted multiple times with the same promptId and the fresh device list. See https://github.com/WebBluetoothCG/web-bluetooth/issues/621.

  1. Trigger a prompt updated event given navigable, promptId, and scanResult.

  2. Even if scanResult is empty, prompt the user to choose one of the devices in scanResult, associated with descriptor, and let device be the result.

    The UA MAY allow the user to select a nearby device that does not match uuidFilters.

    Note: The UA should show the user the human-readable name of each device. If this name is not available because, for example, the UA’s Bluetooth system doesn’t support privacy-enabled scans, the UA should allow the user to indicate interest and then perform a privacy-disabled scan to retrieve the name.
  3. Remove map of navigables to device prompts[navigable’s navigable id].

  4. The UA MAY add device to storage.

    Note: Choosing a device probably indicates that the user intends that device to appear in the allowedDevices list of "bluetooth"’s extra permission data for at least the current settings object, for its mayUseGATT field to be true, for all the services in the union of requiredServiceUUIDs and optionalServiceUUIDs to appear in its allowedServices list, in addition to any services that were already there, and for the manufacturer codes in optionalManufacturerData to appear in its allowedManufacturerData list.
  5. If device is "denied", return [] and abort these steps.

  6. The UA MAY populate the Bluetooth cache with all Services inside device. Ignore any errors from this step.

  7. Get the BluetoothDevice representing device inside this, propagating any exception, and let deviceObj be the result.

  8. Return [deviceObj].

The result of canonicalizing the BluetoothLEScanFilterInit filter, is the BluetoothLEScanFilterInit returned from the following steps:
  1. If none of filter’s members is present, throw a TypeError and abort these steps.

  2. Let canonicalizedFilter be {}.

  3. If filter.services is present, do the following sub-steps:

    1. If filter.services.length === 0, throw a TypeError and abort these steps.

    2. Let services be Array.prototype.map.call(filter.services, BluetoothUUID.getService).

    3. If any of the BluetoothUUID.getService() calls threw an exception, throw that exception and abort these steps.

    4. If any service in services is blocklisted, throw a SecurityError and abort these steps.

    5. Set canonicalizedFilter.services to services.

  4. If filter.name is present, do the following sub-steps.

    1. If the UTF-8 encoding of filter.name is more than 248 bytes long, throw a TypeError and abort these steps.

      Note: 248 is the maximum number of UTF-8 code units in a Bluetooth Device Name.
    2. Set canonicalizedFilter.name to filter.name.

  5. If filter.namePrefix is present, do the following sub-steps.

    1. If filter.namePrefix.length === 0 or if the UTF-8 encoding of filter.namePrefix is more than 248 bytes long, throw a TypeError and abort these steps.

      Note: 248 is the maximum number of UTF-8 code units in a Bluetooth Device Name.
    2. Set canonicalizedFilter.namePrefix to filter.namePrefix.

  6. Set canonicalizedFilter["manufacturerData"] to [].

  7. If filter["manufacturerData"] is present and filter["manufacturerData"].length === 0, throw a TypeError and abort these steps.

  8. For each manufacturerData in filter["manufacturerData"], do the following sub-steps:

    1. If manufacturerData is a blocklisted manufacturer data filter, throw a SecurityError and abort these steps.

    2. If there exists an object existing in canonicalizedFilter["manufacturerData"] where existing["companyIdentifier"] === manufacturerData["companyIdentifier"], throw a TypeError and abort these steps.

    3. Let canonicalizedManufacturerDataFilter be the result of canonicalizing manufacturerData, converted to an ECMAScript value. If this throws an exception, propagate that exception and abort these steps.

    4. Set canonicalizedManufacturerDataFilter["companyIdentifier"] to manufacturerData["companyIdentifier"].

    5. Append canonicalizedManufacturerDataFilter to canonicalizedFilter["manufacturerData"].

  9. Set canonicalizedFilter.serviceData to [].

  10. If filter["serviceData"] is present and filter["serviceData"].length === 0, throw a TypeError and abort these steps.

  11. For each serviceData in filter["serviceData"], do the following sub-steps:

    1. Let service be BluetoothUUID.getService(serviceData["service"]). If this throws an exception, propagate that exception and abort these steps.

    2. If service is blocklisted, throw a SecurityError and abort these steps.

    3. Let canonicalizedServiceDataFilter be the result of canonicalizing serviceData, converted to an ECMAScript value. If this throws an exception, propagate that exception and abort these steps.

    4. Set canonicalizedServiceDataFilter["service"] to service.

    5. Append canonicalizedServiceDataFilter to canonicalizedFilter["serviceData"].

  12. Return canonicalizedFilter.

The result of canonicalizing the BluetoothDataFilterInit filter, is the BluetoothDataFilterInit returned from the following steps:
  1. If filter.dataPrefix is not present, let dataPrefix be an empty sequence of bytes. Otherwise, do the following sub-steps:

    1. Let dataPrefix be a copy of the bytes held by filter.dataPrefix.

    2. If the length of dataPrefix is zero, throw a TypeError and abort these steps.

  2. If filter.mask is present, let mask be a copy of the bytes held by filter.mask. Otherwise, let mask be a sequence of 0xFF bytes the same length as dataPrefix.

  3. If mask is not the same length as dataPrefix, throw a TypeError and abort these steps.

  4. Return {dataPrefix: new Uint8Array(|dataPrefix|), mask: new Uint8Array(|mask|)}.

To scan for devices with parameters global and an optional set of Service UUIDs, defaulting to the set of all UUIDs, the UA MUST perform the following steps:
  1. If the UA has scanned for devices recently with a set of UUIDs that was a superset of the UUIDs for the current scan, then the UA MAY return the result of that scan and abort these steps.

    TODO: Nail down the amount of time.

  2. Let nearbyDevices be a set of Bluetooth devices, initially equal to the set of devices that are connected (have an ATT Bearer) to the UA.

  3. Let topLevelTraversable be the global’s navigable's top-level traversable.

  4. Let simulatedBluetoothDevices be an empty list.

  5. If topLevelTraversable has a simulated Bluetooth adapter, let simulatedBluetoothDevices be the result of getting the values of its simulated Bluetooth device mapping.

    Support asynchronous device discovery.

  6. If the UA supports the LE transport, perform the General Discovery Procedure, except that the UA may include devices that have no Discoverable Mode flag set, and add the discovered Bluetooth devices to nearbyDevices. The UA SHOULD enable the Privacy Feature.

    Both passive scanning and the Privacy Feature avoid leaking the unique, immutable device ID. We ought to require UAs to use either one, but none of the OS APIs appear to expose either. Bluetooth also makes it hard to use passive scanning since it doesn’t require Central devices to support the Observation Procedure.

  7. If the UA supports the BR/EDR transport, perform the Device Discovery Procedure and add the discovered Bluetooth devices to nearbyDevices.

    All forms of BR/EDR inquiry/discovery appear to leak the unique, immutable device address.

  8. Let result be a set of Bluetooth devices, initially empty.

  9. For each Bluetooth device device in nearbyDevices and simulatedBluetoothDevices, do the following sub-steps:

    1. If device’s supported physical transports include LE and its Bluetooth Device Name is partial or absent, the UA SHOULD perform the Name Discovery Procedure to acquire a complete name.

    2. If device’s advertised Service UUIDs have a non-empty intersection with the set of Service UUIDs, add device to result and abort these sub-steps.

      Note: For BR/EDR devices, there is no way to distinguish GATT from non-GATT services in the Extended Inquiry Response. If a site filters to the UUID of a non-GATT service, the user may be able to select a device for the result of requestDevice that this API provides no way to interact with.
    3. The UA MAY connect to device and populate the Bluetooth cache with all Services whose UUIDs are in the set of Service UUIDs. If device’s supported physical transports include BR/EDR, then in addition to the standard GATT procedures, the UA MAY use the Service Discovery Protocol (Searching for Services) when populating the cache.

      Note: Connecting to every nearby device to discover services costs power and can slow down other use of the Bluetooth radio. UAs should only discover extra services on a device if they have some reason to expect that device to be interesting.

      UAs should also help developers avoid relying on this extra discovery behavior. For example, say a developer has previously connected to a device, so the UA knows the device’s full set of supported services. If this developer then filters using a non-advertised UUID, the dialog they see may include this device, even if the filter would likely exclude the device on users' machines. The UA could provide a developer option to warn when this happens or to include only advertised services in matching filters.

    4. If the Bluetooth cache contains known-present Services inside device with UUIDs in the set of Service UUIDs, the UA MAY add device to result.

  10. Return result from the scan.

We need a way for a site to register to receive an event when an interesting device comes within range.

To add an allowed Bluetooth device device to BluetoothPermissionStorage storage given a set of requiredServiceUUIDs and a set of optionalServiceUUIDs, the UA MUST run the following steps:
  1. Let grantedServiceUUIDs be a new Set.

  2. Add the contents of requiredServiceUUIDs to grantedServiceUUIDs.

  3. Add the contents of optionalServiceUUIDs to grantedServiceUUIDs.

  4. Search for an element allowedDevice in storage.allowedDevices where device is equal to allowedDevice@[[device]]. If one is found, perform the following sub-steps:

    1. Add the contents of allowedDevice.allowedServices to grantedServiceUUIDs.

    If one is not found, perform the following sub-steps:

    1. Let allowedDevice.deviceId be a unique ID to the extent that the UA can determine that two Bluetooth connections are the same device and to the extent that the user wants to expose that fact to script.

  5. Set allowedDevice.allowedServices to grantedServiceUUIDs.

  6. Set allowedDevice.mayUseGATT to true.

To remove an allowed Bluetooth device device, given a BluetoothPermissionStorage storage, the UA MUST run the following steps:

  1. Search for an element allowedDevice in storage.allowedDevices where device is equal to allowedDevice@[[device]]. If no such element exists, abort these steps.

  2. Remove allowedDevice from storage.allowedDevices.

4.1. Permission API Integration

The [permissions] API provides a uniform way for websites to query which permissions they have.

Once a site has been granted access to a set of devices, it can use navigator.permissions.query({name: "bluetooth", ...}) to retrieve those devices after a reload.
navigator.permissions.query({
  name: "bluetooth",
  deviceId: sessionStorage.lastDevice,
}).then(result => {
  if (result.devices.length == 1) {
    return result.devices[0];
  } else {
    throw new DOMException("Lost permission", "NotFoundError");
  }
}).then(...);

The Web Bluetooth API is a powerful feature that is identified by the name "bluetooth". Its permission-related algorithms and types are defined as follows:

permission descriptor type
dictionary BluetoothPermissionDescriptor : PermissionDescriptor {
  DOMString deviceId;
  // These match RequestDeviceOptions.
  sequence<BluetoothLEScanFilterInit> filters;
  sequence<BluetoothServiceUUID> optionalServices = [];
  sequence<unsigned short> optionalManufacturerData = [];
  boolean acceptAllDevices = false;
};
extra permission data type
BluetoothPermissionStorage, defined as:
dictionary AllowedBluetoothDevice {
  required DOMString deviceId;
  required boolean mayUseGATT;
  // An allowedServices of "all" means all services are allowed.
  required (DOMString or sequence<UUID>) allowedServices;
  required sequence<unsigned short> allowedManufacturerData;
};
dictionary BluetoothPermissionStorage {
  required sequence<AllowedBluetoothDevice> allowedDevices;
};

AllowedBluetoothDevice instances have an internal slot [[device]] that holds a Bluetooth device.

extra permission data constraints
Distinct elements of allowedDevices must have different [[device]]s and different deviceIds.

If mayUseGATT is false, allowedServices and allowedManufacturerData must both be [].

Note: A deviceId allows a site to track that a BluetoothDevice instance seen at one time represents the same device as another BluetoothDevice instance seen at another time, possibly in a different realm. UAs should consider whether their user intends that tracking to happen or not-happen when returning "bluetooth"’s extra permission data.

For example, users generally don’t intend two different origins to know that they’re interacting with the same device, and they generally don’t intend unique identifiers to persist after they’ve cleared an origin’s cookies.

permission result type
[Exposed=Window]
interface BluetoothPermissionResult : PermissionStatus {
  attribute FrozenArray<BluetoothDevice> devices;
};
permission query algorithm
To query the "bluetooth" permission with a BluetoothPermissionDescriptor desc and a BluetoothPermissionResult status, the UA must:
  1. Let global be the relevant global object for status.

  2. Set status.state to desc’s permission state.

  3. If status.state is "denied", set status.devices to an empty FrozenArray and abort these steps.

  4. Let matchingDevices be a new Array.

  5. Let storage, a BluetoothPermissionStorage, be "bluetooth"’s extra permission data for the current settings object.

  6. For each allowedDevice in storage.allowedDevices, run the following sub-steps:

    1. If desc.deviceId is set and allowedDevice.deviceId != desc.deviceId, continue to the next allowedDevice.

    2. If desc.filters is set, do the following sub-steps:

      1. Replace each filter in desc.filters with the result of canonicalizing it. If any of these canonicalizations throws an error, return that error and abort these steps.

      2. If allowedDevice.[[device]] does not match a filter in desc.filters, continue to the next allowedDevice.

    3. Get the BluetoothDevice representing allowedDevice.[[device]] within global.navigator.bluetooth, and add the result to matchingDevices.

    Note: The desc.optionalServices and desc.optionalManufacturerData fields do not affect the result.
  7. Set status.devices to a new FrozenArray whose contents are matchingDevices.

permission revocation algorithm
To revoke Bluetooth access to devices the user no longer intends to expose, the UA MUST run the following steps:
  1. Let storage, a BluetoothPermissionStorage, be "bluetooth"’s extra permission data for the current settings object.

  2. For each BluetoothDevice instance deviceObj in the current realm, run the following sub-steps:

    1. If there is an AllowedBluetoothDevice allowedDevice in storage.allowedDevices such that:

      then update deviceObj.[[allowedServices]] to be allowedDevice.allowedServices, and continue to the next deviceObj.

    2. Otherwise, detach deviceObj from its device by running the remaining steps.

    3. Call deviceObj.gatt.disconnect().

      Note: This fires a gattserverdisconnected event at deviceObj.
    4. Set deviceObj.[[representedDevice]] to null.

4.2. Overall Bluetooth availability

The UA may be running on a computer that has no Bluetooth radio. requestDevice() handles this by failing to discover any devices, which results in a NotFoundError, but websites may be able to handle it more gracefully.

To show Bluetooth UI only to users who have a Bluetooth adapter:
const bluetoothUI = document.querySelector('#bluetoothUI');
navigator.bluetooth.getAvailability().then(isAvailable => {
  bluetoothUI.hidden = !isAvailable;
});
navigator.bluetooth.addEventListener('availabilitychanged', e => {
  bluetoothUI.hidden = !e.value;
});
The getAvailability() method, when invoked, MUST return a new promise promise and run the following steps in parallel:
  1. If this's relevant global object's associated Document is not allowed to use the policy-controlled feature named "bluetooth", queue a task to resolve promise with false, and abort these steps.

  2. If the user has configured the UA to return a particular answer from this function for the current origin, queue a task to resolve promise with the configured answer, and abort these steps.

    Note: If the Web Bluetooth permission has been blocked by the user, the UA may resolve promise with false.
  3. Let simulatedBluetoothAdapter be this's navigable's top-level traversable's simulated Bluetooth adapter.

  4. If simulatedBluetoothAdapter is not empty,

    1. If simulatedBluetoothAdapter’s adapter state is "absent", queue a task to resolve promise with false.

    2. Otherwise, queue a task to resolve promise with true.

    3. Abort these steps.

  5. If the UA is running on a system that has a Bluetooth radio queue a task to resolve promise with true regardless of the powered state of the Bluetooth radio.

  6. Otherwise, queue a task to resolve promise with false.

    Note: The promise is resolved in parallel to let the UA call out to other systems to determine whether Bluetooth is available.
If the user has blocked the permission and the UA resolves the getAvailability promise with false, the following can be used to detect when Bluetooth is available again to show Bluetooth UI:
function checkAvailability() {
  const bluetoothUI = document.querySelector('#bluetoothUI');
  navigator.bluetooth.getAvailability().then(isAvailable => {
    bluetoothUI.hidden = !isAvailable;
  });
}

navigator.permissions.query({name: "bluetooth"}).then(status => {
  if (status.state !== 'denied') checkAvailability();

  // Bluetooth is blocked, listen for change in PermissionStatus.
  status.onchange = () => {
    if (this.state !== 'denied') checkAvailability();
  };
});
If the UA becomes able or unable to use Bluetooth, for example because a radio was physically attached or detached, or the user has changed their configuration for the answer returned from getAvailability(), the UA must queue a task on each global object global’s responsible event loop to run the following steps:
  1. Let oldAvailability be the value getAvailability() would have returned before the change.

  2. Let newAvailability be the value getAvailability() would return after the change.

  3. If oldAvailability is not the same as newAvailability, fire an event named availabilitychanged using the ValueEvent interface at global.navigator.bluetooth with its value attribute initialized to newAvailability.

[
  Exposed=Window,
  SecureContext
]
interface ValueEvent : Event {
  constructor(DOMString type, optional ValueEventInit initDict = {});
  readonly attribute any value;
};

dictionary ValueEventInit : EventInit {
  any value = null;
};

ValueEvent instances are constructed as specified in DOM § 2.5 Constructing events.

The value attribute must return the value it was initialized to.

Such a generic event type belongs in [HTML] or [DOM], not here.

5. Device Representation

The UA needs to track Bluetooth device properties at several levels: globally, per origin, and per global object.

5.1. Global Bluetooth device properties

The physical Bluetooth device may be guaranteed to have some properties that the UA may not have received. Those properties are described as optional here.

A Bluetooth device has the following properties. Optional properties are not present, and sequence and map properties are empty, unless/until described otherwise. Other properties have a default specified or are specified when a device is introduced.

The UA SHOULD determine that two Bluetooth devices are the same Bluetooth device if and only if they have the same Public Bluetooth Address, Static Address, Private Address, or Identity Resolving Key, or if the Resolvable Private Address Resolution Procedure succeeds using one device’s IRK and the other’s Resolvable Private Address. However, because platform APIs don’t document how they determine device identity, the UA MAY use another procedure.

5.2. BluetoothDevice

A BluetoothDevice instance represents a Bluetooth device for a particular global object (or, equivalently, for a particular Realm or Bluetooth instance).

[Exposed=Window, SecureContext]
interface BluetoothDevice : EventTarget {
  readonly attribute DOMString id;
  readonly attribute DOMString? name;
  readonly attribute BluetoothRemoteGATTServer? gatt;

  Promise<undefined> forget();
  Promise<undefined> watchAdvertisements(
      optional WatchAdvertisementsOptions options = {});
  readonly attribute boolean watchingAdvertisements;
};
BluetoothDevice includes BluetoothDeviceEventHandlers;
BluetoothDevice includes CharacteristicEventHandlers;
BluetoothDevice includes ServiceEventHandlers;

dictionary WatchAdvertisementsOptions {
  AbortSignal signal;
};
NOTE: BluetoothDevice attributes
id uniquely identifies a device to the extent that the UA can determine that two Bluetooth connections are to the same device and to the extent that the user wants to expose that fact to script.

name is the human-readable name of the device.

gatt provides a way to interact with this device’s GATT server if the site has permission to do so.

forget() enables the page to revoke access to the device that the user has granted access to.

watchingAdvertisements is true if the UA is currently scanning for advertisements from this device and firing events for them.

Instances of BluetoothDevice are created with the internal slots described in the following table:

Internal Slot Initial Value Description (non-normative)
[[context]] <always set in prose> The Bluetooth object that returned this BluetoothDevice.
[[representedDevice]] <always set in prose> The Bluetooth device this object represents, or null if access has been revoked.
[[gatt]] a new BluetoothRemoteGATTServer instance with its device attribute initialized to this and its connected attribute initialized to false. Does not change.
[[allowedServices]] <always set in prose> This device’s allowedServices list for this origin or "all" if all services are allowed. For example, a UA may grant an origin access to all services on a referringDevice that advertised a URL on that origin.
[[allowedManufacturerData]] <always set in prose> This device’s allowedManufacturerData list for this origin.
[[watchAdvertisementsState]] 'not-watching' An string enumeration describing the current state of a watchAdvertisements() operation. The possible enumeration values are:
  • 'not-watching'

  • 'pending-watch'

  • 'watching'

To get the BluetoothDevice representing a Bluetooth device device inside a Bluetooth instance context, the UA MUST run the following steps:
  1. Let storage, a BluetoothPermissionStorage, be "bluetooth"’s extra permission data for the current settings object.

  2. Find the allowedDevice in storage.allowedDevices with allowedDevice.[[device]] the same device as device. If there is no such object, throw a SecurityError and abort these steps.

  3. If there is no key in context.[[deviceInstanceMap]] that is the same device as device, run the following sub-steps:

    1. Let result be a new instance of BluetoothDevice.

    2. Initialize all of result’s optional fields to null.

    3. Initialize result.[[context]] to context.

    4. Initialize result.[[representedDevice]] to device.

    5. Initialize result.id to allowedDevice.deviceId, and initialize result.[[allowedServices]] to allowedDevice.allowedServices.

    6. If device has a partial or complete Bluetooth Device Name, set result.name to that string.

    7. Initialize result.watchingAdvertisements to false.

    8. Add a mapping from device to result in context.[[deviceInstanceMap]].

  4. Return the value in context.[[deviceInstanceMap]] whose key is the same device as device.

Getting the gatt attribute MUST perform the following steps:
  1. If "bluetooth"’s extra permission data for this’s relevant settings object has an AllowedBluetoothDevice allowedDevice in its allowedDevices list with allowedDevice.[[device]] the same device as this.[[representedDevice]] and allowedDevice.mayUseGATT equal to true, return this.[[gatt]].

  2. Otherwise, return null.

The forget() method, when invoked, MUST return a new promise promise and run the following steps:
  1. Let device be the target BluetoothDevice object.

  2. Let storage be the BluetoothPermissionStorage object in the current script execution environment.

  3. Remove device from storage with storage.

  4. Resolve promise.

A user agent has an associated watch advertisements manager which is the result of starting a new parallel queue.

The watchAdvertisements(options) method, when invoked, MUST return a new promise promise and run the following steps:
  1. If options.signal is present, then perform the following sub-steps:

    1. If options.signal is aborted, then abort watchAdvertisements with this and abort these steps.

    2. Add the following abort steps to options.signal:

      1. Abort watchAdvertisements with this.

      2. Reject promise with AbortError

  2. If this.[[watchAdvertisementsState]] is:

    'not-watching'
    1. Set this.[[watchAdvertisementsState]] to 'pending-watch'.

    2. Enqueue the following steps to the watch advertisements manager, but abort when this.[[watchAdvertisementsState]] becomes not-watching:

      1. Ensure that the UA is scanning for this device’s advertisements. The UA SHOULD NOT filter out "duplicate" advertisements for the same device.

      2. If the UA fails to enable scanning, queue a task to perform the following steps, and abort these steps:

        1. Set this.[[watchAdvertisementsState]] to 'not-watching'.

        2. Reject promise with one of the following errors:

          The UA doesn’t support scanning for advertisements

          NotSupportedError

          Bluetooth is turned off

          InvalidStateError

          Other reasons

          UnknownError

      3. Queue a task to perform the following steps, but abort when this.[[watchAdvertisementsState]] becomes not-watching:

        1. Set this.[[watchAdvertisementsState]] to watching.

        2. Set this.watchingAdvertisements to true.

        3. Resolve promise with undefined.

    'pending-watch'
    1. Reject promise with InvalidStateError.

    'watching'
    1. Resolve promise with undefined.

  3. If aborted, reject promise with AbortError.

Note: Scanning costs power, so websites should avoid watching for advertisements unnecessarily, and should use their AbortController to stop using power as soon as possible.

To abort watchAdvertisements for a BluetoothDevice device, run these steps:
  1. Set this.[[watchAdvertisementsState]] to 'not-watching'.

  2. Set device.watchingAdvertisements to false.

  3. Enqueue the following steps to watch advertisements manager:

    1. If no more BluetoothDevices in the whole UA have watchingAdvertisements set to true, the UA SHOULD stop scanning for advertisements. Otherwise, if no more BluetoothDevices representing the same device as this have watchingAdvertisements set to true, the UA SHOULD reconfigure the scan to avoid receiving reports for this device.

To abort all active watchAdvertisements operations, run these steps:
  1. For each device in Bluetooth.[[deviceInstanceMap]], perform the following steps:

    1. If device.[[watchAdvertisementsState]] is pending-watch or watching, run abort watchAdvertisements with device.

5.2.1. Handling Visibility Change

Operations that initiate a scan for Bluetooth devices may only run in a visible document. When visibility state is no longer "visible", scanning operations for that document need to be aborted.

When the user agent determines that the visibility state of the associated Document of the current settings object's relevant global object changes, it must run these steps:
  1. Let document be the associated Document of the current settings object's relevant global object.

  2. If document’s visibility state is not "visible", then abort all active watchAdvertisements operations.

5.2.2. Handling Document Loss of Full Activity

Operations that initiate a scan for Bluetooth devices may only run in a fully active document. When full activity is lost, scanning operations for that document need to be aborted.

When the user agent determines that a associated Document of the current settings object's relevant global object is no longer fully active, it must run these steps:
  1. Run abort all active watchAdvertisements operations.

5.2.3. Responding to Advertising Events

When an advertising event arrives for a BluetoothDevice with watchingAdvertisements set, the UA delivers an "advertisementreceived" event.

[Exposed=Window, SecureContext]
interface BluetoothManufacturerDataMap {
  readonly maplike<unsigned short, DataView>;
};
[Exposed=Window, SecureContext]
interface BluetoothServiceDataMap {
  readonly maplike<UUID, DataView>;
};
[
  Exposed=Window,
  SecureContext
]
interface BluetoothAdvertisingEvent : Event {
  constructor(DOMString type, BluetoothAdvertisingEventInit init);
  [SameObject]
  readonly attribute BluetoothDevice device;
  readonly attribute FrozenArray<UUID> uuids;
  readonly attribute DOMString? name;
  readonly attribute unsigned short? appearance;
  readonly attribute byte? txPower;
  readonly attribute byte? rssi;
  [SameObject]
  readonly attribute BluetoothManufacturerDataMap manufacturerData;
  [SameObject]
  readonly attribute BluetoothServiceDataMap serviceData;
};
dictionary BluetoothAdvertisingEventInit : EventInit {
  required BluetoothDevice device;
  sequence<(DOMString or unsigned long)> uuids;
  DOMString name;
  unsigned short appearance;
  byte txPower;
  byte rssi;
  BluetoothManufacturerDataMap manufacturerData;
  BluetoothServiceDataMap serviceData;
};
NOTE: BluetoothAdvertisingEvent attributes
device is the BluetoothDevice that sent this advertisement.

uuids lists the Service UUIDs that this advertisement says device's GATT server supports.

name is device's local name, or a prefix of it.

appearance is an Appearance, one of the values defined by the gap.appearance characteristic.

txPower is the transmission power at which the device is broadcasting, measured in dBm. This is used to compute the path loss as this.txPower - this.rssi.

rssi is the power at which the advertisement was received, measured in dBm. This is used to compute the path loss as this.txPower - this.rssi.

manufacturerData maps unsigned short Company Identifier Codes to DataViews.

serviceData maps UUIDs to DataViews.

To retrieve a device and read the iBeacon data out of it, a developer could use the following code. Note that this API currently doesn’t provide a way to request devices with certain manufacturer data, so the iBeacon will need to rotate its advertisements to include a known service in order for users to select this device in the requestDevice dialog.
var known_service = "A service in the iBeacon’s GATT server";
return navigator.bluetooth.requestDevice({
  filters: [{services: [known_service]}]
}).then(device => {
  device.watchAdvertisements();
  device.addEventListener('advertisementreceived', interpretIBeacon);
});

function interpretIBeacon(event) {
  var rssi = event.rssi;
  var appleData = event.manufacturerData.get(0x004C);
  if (appleData.byteLength != 23 ||
    appleData.getUint16(0, false) !== 0x0215) {
    console.log({isBeacon: false});
  }
  var uuidArray = new Uint8Array(appleData.buffer, 2, 16);
  var major = appleData.getUint16(18, false);
  var minor = appleData.getUint16(20, false);
  var txPowerAt1m = -appleData.getInt8(22);
  console.log({
      isBeacon: true,
      uuidArray,
      major,
      minor,
      pathLossVs1m: txPowerAt1m - rssi});
});

The format of iBeacon advertisements was derived from How do iBeacons work? by Adam Warski.

When the UA receives an advertising event (consisting of an advertising packet and an optional scan response), it MUST run the following steps:
  1. Let device be the Bluetooth device that sent the advertising event.

  2. For each BluetoothDevice deviceObj in the UA such that device is the same device as deviceObj.[[representedDevice]], queue a task on deviceObj’s relevant settings object’s responsible event loop to do the following sub-steps:

    1. If deviceObj.watchingAdvertisements is false, abort these sub-steps.

    2. Fire an advertisementreceived event for the advertising event at deviceObj.

To fire an advertisementreceived event for an advertising event adv at a BluetoothDevice deviceObj, the UA MUST perform the following steps:
  1. Let event be

    {
      bubbles: true,
      device: deviceObj,
      uuids: [],
      manufacturerData: new Map(),
      serviceData: new Map()
    }
    
  2. If the received signal strength is available for any packet in adv, set event.rssi to this signal strength in dBm.

  3. For each AD structure in adv’s advertising packet and scan response, select from the following steps depending on the AD type:

    Incomplete List of 16-bit Service UUIDs
    Complete List of 16-bit Service UUIDs
    Incomplete List of 32-bit Service UUIDs
    Complete List of 32-bit Service UUIDs
    Incomplete List of 128-bit Service UUIDs
    Complete List of 128-bit Service UUIDs
    For each uuid in the listed UUIDs, if it is in this.device.[[allowedServices]], then append uuid to event.uuids.
    Shortened Local Name
    Complete Local Name
    UTF-8 decode without BOM the AD data and set event.name to the result.
    Note: We don’t expose whether the name is complete because existing APIs require reading the raw advertisement to get this information, and we want more evidence that it’s useful before adding a field to the API.
    Manufacturer Specific Data
    For each 16-bit Company Identifier Code manufacturerCode, if it is in this.device.[[allowedManufacturerData]], and the manufacturer data is not a blocklisted manufacturer data then add a mapping of manufacturerCode to an ArrayBuffer containing the manufacturer-specific data to event.manufacturerData.
    TX Power Level
    Set event.txPower to the AD data.
    Service Data - 16 bit UUID
    Service Data - 32 bit UUID
    Service Data - 128 bit UUID
    For each UUID uuid in the service data, if it is in this.device.[[allowedServices]], then add a mapping of uuid to an ArrayBuffer containing the service data to event.serviceData.
    Appearance
    Set event.appearance to the AD data.
    Otherwise
    Skip to the next AD structure.
  4. Fire an event named "advertisementreceived" using BluetoothAdvertisingEvent initialized with event), with its isTrusted attribute initialized to true, at deviceObj.

All fields in BluetoothAdvertisingEvent return the last value they were initialized or set to.

The BluetoothAdvertisingEvent(type, init) constructor MUST perform the following steps:
  1. Let event be the result of running the steps from DOM § 2.5 Constructing events except for the uuids, manufacturerData, and serviceData members.

  2. If init.uuids is set, initialize event.uuids to a new FrozenArray containing the elements of init.uuids.map( BluetoothUUID.getService). Otherwise initialize event.uuids to an empty FrozenArray.

  3. For each mapping in init.manufacturerData:

    1. Let code be the key converted to an unsigned short.

    2. Let value be the value.

    3. If value is not a BufferSource, throw a TypeError.

    4. Let bytes be a new read only ArrayBuffer containing a copy of the bytes held by value.

    5. Add a mapping from code to new DataView(bytes) in event.manufacturerData.[[BackingMap]].

  4. For each mapping in init.serviceData:

    1. Let key be the key.

    2. Let service be the result of calling BluetoothUUID.getService(key).

    3. Let value be the value.

    4. If value is not a BufferSource, throw a TypeError.

    5. Let bytes be a new read only ArrayBuffer containing a copy of the bytes held by value.

    6. Add a mapping from service to new DataView(bytes) in event.serviceData.[[BackingMap]].

  5. Return event.

5.2.3.1. BluetoothManufacturerDataMap

Instances of BluetoothManufacturerDataMap have a [[BackingMap]] slot because they are maplike, which maps manufacturer codes to the manufacturer’s data, converted to DataViews.

5.2.3.2. BluetoothServiceDataMap

Instances of BluetoothServiceDataMap have a [[BackingMap]] slot because they are maplike, which maps service UUIDs to the service’s data, converted to DataViews.

6. GATT Interaction

6.1. GATT Information Model

The GATT Profile Hierarchy describes how a GATT Server contains a hierarchy of Profiles, Primary Services, Included Services, Characteristics, and Descriptors.

Profiles are purely logical: the specification of a Profile describes the expected interactions between the other GATT entities the Profile contains, but it’s impossible to query which Profiles a device supports.

GATT Clients can discover and interact with the Services, Characteristics, and Descriptors on a device using a set of GATT procedures. This spec refers to Services, Characteristics, and Descriptors collectively as Attributes. All Attributes have a type that’s identified by a UUID. Each Attribute also has a 16-bit Attribute Handle that distinguishes it from other Attributes of the same type on the same GATT Server. Attributes are notionally ordered within their GATT Server by their Attribute Handle, but while platform interfaces provide attributes in some order, they do not guarantee that it’s consistent with the Attribute Handle order.

A Service contains a collection of Included Services and Characteristics. The Included Services are references to other Services, and a single Service can be included by more than one other Service. Services are known as Primary Services if they appear directly under the GATT Server, and Secondary Services if they’re only included by other Services, but Primary Services can also be included.

A Characteristic contains a value, which is an array of bytes, and a collection of Descriptors. Depending on the properties of the Characteristic, a GATT Client can read or write its value, or register to be notified when the value changes.

Finally, a Descriptor contains a value (again an array of bytes) that describes or configures its Characteristic.

6.1.1. Persistence across connections

The Bluetooth Attribute Caching system allows bonded clients to save references to attributes from one connection to the next. Web Bluetooth treats websites as not bonded to devices they have permission to access: BluetoothRemoteGATTService, BluetoothRemoteGATTCharacteristic, and BluetoothRemoteGATTDescriptor objects become invalid on disconnection, and the site must retrieved them again when it re-connects.

6.1.2. The Bluetooth cache

The UA MUST maintain a Bluetooth cache of the hierarchy of Services, Characteristics, and Descriptors it has discovered on a device. The UA MAY share this cache between multiple origins accessing the same device. Each potential entry in the cache is either known-present, known-absent, or unknown. The cache MUST NOT contain two entries that are for the same attribute. Each known-present entry in the cache is associated with an optional Promise<BluetoothRemoteGATTService>, Promise<BluetoothRemoteGATTCharacteristic>, or Promise<BluetoothRemoteGATTDescriptor> instance for each Bluetooth instance.

Note: For example, if a user calls the serviceA.getCharacteristic(uuid1) function with an initially empty Bluetooth cache, the UA uses the Discover Characteristics by UUID procedure to fill the needed cache entries, and the UA ends the procedure early because it only needs one Characteristic to fulfil the returned Promise, then the first Characteristic with UUID uuid1 inside serviceA is known-present, and any subsequent Characteristics with that UUID remain unknown. If the user later calls serviceA.getCharacteristics(uuid1), the UA needs to resume or restart the Discover Characteristics by UUID procedure. If it turns out that serviceA only has one Characteristic with UUID uuid1, then the subsequent Characteristics become known-absent.

The known-present entries in the Bluetooth cache are ordered: Primary Services appear in a particular order within a device, Included Services and Characteristics appear in a particular order within Services, and Descriptors appear in a particular order within Characteristics. The order SHOULD match the order of Attribute Handles on the device, but UAs MAY use another order if the device’s order isn’t available.

To populate the Bluetooth cache with entries matching some description, the UA MUST run the following steps.
Note: These steps can block, so uses of this algorithm must be in parallel.
  1. Attempt to make all matching entries in the cache either known-present or known-absent, using any sequence of GATT procedures that [BLUETOOTH42] specifies will return enough information. Handle errors as described in § 6.7 Error handling.

  2. If the previous step returns an error, return that error from this algorithm.

To query the Bluetooth cache in a BluetoothDevice instance deviceObj for entries matching some description, the UA MUST return a deviceObj.gatt-connection-checking wrapper around a new promise promise and run the following steps in parallel:
  1. Populate the Bluetooth cache with entries matching the description.

  2. If the previous step returns an error, reject promise with that error and abort these steps.

  3. Let entries be the sequence of known-present cache entries matching the description.

  4. Let context be deviceObj.[[context]].

  5. Let result be a new sequence.

  6. For each entry in entries:

    1. If entry has no associated Promise<BluetoothGATT*> instance in context.[[attributeInstanceMap]], create a BluetoothRemoteGATTService representing entry, create a BluetoothRemoteGATTCharacteristic representing entry, or create a BluetoothRemoteGATTDescriptor representing entry, depending on whether entry is a Service, Characteristic, or Descriptor, and add a mapping from entry to the resulting Promise in context.[[attributeInstanceMap]].

    2. Append to result the Promise<BluetoothGATT*> instance associated with entry in context.[[attributeInstanceMap]].

  7. Resolve promise with the result of waiting for all elements of result.

Represented(obj: Device or GATT Attribute) returns, depending on the type of obj:
BluetoothDevice
obj.[[representedDevice]]
BluetoothRemoteGATTService
obj.[[representedService]]
BluetoothRemoteGATTCharacteristic
obj.[[representedCharacteristic]]
BluetoothRemoteGATTDescriptor
obj.[[representedDescriptor]]
To GetGATTChildren( attribute: GATT Attribute,
single: boolean,
uuidCanonicalizer: function,
uuid: optional (DOMString or unsigned int),
allowedUuids: optional ("all" or Array<DOMString>),
child type: GATT declaration type),

the UA MUST perform the following steps:
  1. If uuid is present, set it to uuidCanonicalizer(uuid). If uuidCanonicalizer threw an exception, return a promise rejected with that exception and abort these steps.

  2. If uuid is present and is blocklisted, return a promise rejected with a SecurityError and abort these steps.

  3. Let deviceObj be, depending on the type of attribute:

    BluetoothDevice
    attribute
    BluetoothRemoteGATTService
    attribute.device
    BluetoothRemoteGATTCharacteristic
    attribute.service.device
  4. If deviceObj.gatt.connected is false, return a promise rejected with with a NetworkError and abort these steps.

  5. If Represented(attribute) is null, return a promise rejected with an InvalidStateError and abort these steps.

    Note: This happens when a Service or Characteristic is removed from the device or invalidated by a disconnection, and then its object is used again.

  6. Query the Bluetooth cache in deviceObj for entries that:

    • are within Represented(attribute),

    • have a type described by child type,

    • have a UUID that is not blocklisted,

    • if uuid is present, have a UUID of uuid,

    • if allowedUuids is present and not "all", have a UUID in allowedUuids, and

    • if the single flag is set, are the first of these.

    Let promise be the result.

  7. Upon fulfillment of promise with result, run the following steps:

    • If result is empty, throw a NotFoundError,

    • Otherwise, if the single flag is set, returns the first (only) element of result.

    • Otherwise, return result.

6.1.4. Identifying Services, Characteristics, and Descriptors

When checking whether two Services, Characteristics, or Descriptors a and b are the same attribute, the UA SHOULD determine that they are the same if a and b are inside the same device and have the same Attribute Handle, but MAY use any algorithm it wants with the constraint that a and b MUST NOT be considered the same attribute if they fit any of the following conditions:

Note: This definition is loose because platform APIs expose their own notion of identity without documenting whether it’s based on Attribute Handle equality.
Note: For two Javascript objects x and y representing Services, Characteristics, or Descriptors, x === y returns whether the objects represent the same attribute, because of how the query the Bluetooth cache algorithm creates and caches new objects.

6.2. BluetoothRemoteGATTServer

BluetoothRemoteGATTServer represents a GATT Server on a remote device.

[Exposed=Window, SecureContext]
interface BluetoothRemoteGATTServer {
  [SameObject]
  readonly attribute BluetoothDevice device;
  readonly attribute boolean connected;
  Promise<BluetoothRemoteGATTServer> connect();
  undefined disconnect();
  Promise<BluetoothRemoteGATTService> getPrimaryService(BluetoothServiceUUID service);
  Promise<sequence<BluetoothRemoteGATTService>>
    getPrimaryServices(optional BluetoothServiceUUID service);
};
NOTE: BluetoothRemoteGATTServer attributes
device is the device running this server.

connected is true while this instance is connected to this.device. It can be false while the UA is physically connected, for example when there are other connected BluetoothRemoteGATTServer instances for other global objects.

When no ECMAScript code can observe an instance of BluetoothRemoteGATTServer server anymore, the UA SHOULD run server.disconnect().

Note: Because BluetoothDevice instances are stored in navigator.bluetooth.[[deviceInstanceMap]], this can’t happen at least until navigation releases the global object or closing the tab or window destroys the browsing context.
Note: Disconnecting on garbage collection ensures that the UA doesn’t keep consuming resources on the remote device unnecessarily.

Instances of BluetoothRemoteGATTServer are created with the internal slots described in the following table:

Internal Slot Initial Value Description (non-normative)
[[activeAlgorithms]] new Set() Contains a Promise corresponding to each algorithm using this server’s connection. disconnect() empties this set so that the algorithm can tell whether its realm was ever disconnected while it was running.
The connect() method, when invoked, MUST perform the following steps:
  1. Let promise be a new promise.

  2. If this.device.[[representedDevice]] is null, queue a task to reject promise with a NetworkError, return promise, and abort these steps.

  3. If the UA is currently using the Bluetooth system, it MAY queue a task to reject promise with a NetworkError, return promise, and abort these steps.

    Implementations may be able to avoid this NetworkError, but for now sites need to serialize their use of this API and/or give the user a way to retry failed operations. [Issue #188]

  4. Add promise to this.[[activeAlgorithms]].

  5. Return promise and run the following steps in parallel:

    1. If this.device.[[representedDevice]] has no ATT Bearer, do the following sub-steps:

      1. Attempt to create an ATT Bearer using the procedures described in "Connection Establishment" under GAP Interoperability Requirements. Abort this attempt if promise is removed from this.[[activeAlgorithms]].

        Note: These procedures can wait forever if a connectable advertisement isn’t received. The website should call disconnect() if it no longer wants to connect.
      2. If this attempt was aborted because promise was removed from this.[[activeAlgorithms]], reject promise with an AbortError and abort these steps.

      3. If this attempt failed for another reason, reject promise with a NetworkError and abort these steps.

      4. Use the Exchange MTU procedure to negotiate the largest supported MTU. Ignore any errors from this step.

      5. The UA MAY attempt to bond with the remote device using the BR/EDR Bonding Procedure or the LE Bonding Procedure.

        Note: We would normally prefer to give the website control over whether and when bonding happens, but the Core Bluetooth platform API doesn’t provide a way for UAs to implement such a knob. Having a bond is more secure than not having one, so this specification allows the UA to opportunistically create one on platforms where that’s possible. This may cause a user-visible pairing dialog to appear when a connection is created, instead of when a restricted characteristic is accessed.

    2. Queue a task to perform the following sub-steps:

      1. If promise is not in this.[[activeAlgorithms]], reject promise with an AbortError, garbage-collect the connection of this.[[representedDevice]], and abort these steps.

      2. Remove promise from this.[[activeAlgorithms]].

      3. If this.device.[[representedDevice]] is null, reject promise with a NetworkError, garbage-collect the connection of this.[[representedDevice]], and abort these steps.

      4. Set this.connected to true.

      5. Resolve promise with this.

The disconnect() method, when invoked, MUST perform the following steps:
  1. Clear this.[[activeAlgorithms]] to abort any active connect() calls.

  2. If this.connected is false, abort these steps.

  3. Clean up the disconnected device this.device.

  4. Let device be this.device.[[representedDevice]].

  5. Garbage-collect the connection of device.

To garbage-collect the connection of a device, the UA must, do the following steps in parallel:
  1. If systems that aren’t using this API, either inside or outside of the UA, are using the device’s ATT Bearer, abort this algorithm.

  2. For all BluetoothDevices deviceObj in the whole UA:

    1. If deviceObj.[[representedDevice]] is not the same device as device, continue to the next deviceObj.

    2. If deviceObj.gatt.connected is true, abort this algorithm.

    3. If deviceObj.gatt.[[activeAlgorithms]] contains the Promise of a call to connect(), abort this algorithm.

  3. Destroy device’s ATT Bearer.

Note: Algorithms need to fail if their BluetoothRemoteGATTServer was disconnected while they were running, even if the UA stays connected the whole time and the BluetoothRemoteGATTServer is subsequently re-connected before they finish. We wrap the returned Promise to accomplish this.

To create a gattServer-connection-checking wrapper around a Promise promise, the UA MUST:

  1. If gattServer.connected is true, add promise to gattServer.[[activeAlgorithms]].

  2. React to promise:

    • If promise was fulfilled with value result, then:

      1. If promise is in gattServer.[[activeAlgorithms]], remove it and return result.

      2. Otherwise, throw a NetworkError.

        Note: This error is thrown because gattServer was disconnected during the execution of the main algorithm.
    • If promise was rejected with reason error, then:

      1. If promise is in gattServer.[[activeAlgorithms]], remove it and throw error.

      2. Otherwise, throw a NetworkError.

        Note: This error is thrown because gattServer was disconnected during the execution of the main algorithm.
The getPrimaryService(service) method, when invoked, MUST perform the following steps:
  1. If this.device.[[allowedServices]] is not "all" and service is not in this.device.[[allowedServices]], return a promise rejected with a SecurityError and abort these steps.

  2. Return GetGATTChildren(attribute=this.device,
    single=true,
    uuidCanonicalizer=BluetoothUUID.getService,
    uuid=service,
    allowedUuids=this.device.[[allowedServices]],
    child type="GATT Primary Service")

The getPrimaryServices(service) method, when invoked, MUST perform the following steps:
  1. If this.device.[[allowedServices]] is not "all", and service is present and not in this.device.[[allowedServices]], return a promise rejected with a SecurityError and abort these steps.

  2. Return GetGATTChildren(attribute=this.device,
    single=false,
    uuidCanonicalizer=BluetoothUUID.getService,
    uuid=service,
    allowedUuids=this.device.[[allowedServices]],
    child type="GATT Primary Service")

6.3. BluetoothRemoteGATTService

BluetoothRemoteGATTService represents a GATT Service, a collection of characteristics and relationships to other services that encapsulate the behavior of part of a device.

[Exposed=Window, SecureContext]
interface BluetoothRemoteGATTService : EventTarget {
  [SameObject]
  readonly attribute BluetoothDevice device;
  readonly attribute UUID uuid;
  readonly attribute boolean isPrimary;
  Promise<BluetoothRemoteGATTCharacteristic>
    getCharacteristic(BluetoothCharacteristicUUID characteristic);
  Promise<sequence<BluetoothRemoteGATTCharacteristic>>
    getCharacteristics(optional BluetoothCharacteristicUUID characteristic);
  Promise<BluetoothRemoteGATTService>
    getIncludedService(BluetoothServiceUUID service);
  Promise<sequence<BluetoothRemoteGATTService>>
    getIncludedServices(optional BluetoothServiceUUID service);
};
BluetoothRemoteGATTService includes CharacteristicEventHandlers;
BluetoothRemoteGATTService includes ServiceEventHandlers;
device is the BluetoothDevice representing the remote peripheral that the GATT service belongs to.

uuid is the UUID of the service, e.g. '0000180d-0000-1000-8000-00805f9b34fb' for the Heart Rate service.

isPrimary indicates whether the type of this service is primary or secondary.

Instances of BluetoothRemoteGATTService are created with the internal slots described in the following table:

Internal Slot Initial Value Description (non-normative)
[[representedService]] <always set in prose> The Service this object represents, or null if the Service has been removed or otherwise invalidated.
To create a BluetoothRemoteGATTService representing a Service service, the UA must return a new promise promise and run the following steps in parallel.
  1. Let result be a new instance of BluetoothRemoteGATTService with its [[representedService]] slot initialized to service.

  2. Get the BluetoothDevice representing the device in which service appears, and let device be the result.

  3. If the previous step threw an error, reject promise with that error and abort these steps.

  4. Initialize result.device from device.

  5. Initialize result.uuid from the UUID of service.

  6. If service is a Primary Service, initialize result.isPrimary to true. Otherwise initialize result.isPrimary to false.

  7. Resolve promise with result.

The getCharacteristic(characteristic) method retrieves a Characteristic inside this Service. When invoked, it MUST return

GetGATTChildren(attribute=this,
single=true,
uuidCanonicalizer=BluetoothUUID.getCharacteristic,
uuid=characteristic,
allowedUuids=undefined,
child type="GATT Characteristic")

The getCharacteristics(characteristic) method retrieves a list of Characteristics inside this Service. When invoked, it MUST return

GetGATTChildren(attribute=this,
single=false,
uuidCanonicalizer=BluetoothUUID.getCharacteristic,
uuid=characteristic,
allowedUuids=undefined,
child type="GATT Characteristic")

The getIncludedService(service) method retrieves an Included Service inside this Service. When invoked, it MUST return

GetGATTChildren(attribute=this,
single=true,
uuidCanonicalizer=BluetoothUUID.getService,
uuid=service,
allowedUuids=undefined,
child type="GATT Included Service")

The getIncludedServices(service) method retrieves a list of Included Services inside this Service. When invoked, it MUST return

GetGATTChildren(attribute=this,
single=false,
uuidCanonicalizer=BluetoothUUID.getService,
uuid=service,
allowedUuids=undefined,
child type="GATT Included Service")

6.4. BluetoothRemoteGATTCharacteristic

BluetoothRemoteGATTCharacteristic represents a GATT Characteristic, which is a basic data element that provides further information about a peripheral’s service.

[Exposed=Window, SecureContext]
interface BluetoothRemoteGATTCharacteristic : EventTarget {
  [SameObject]
  readonly attribute BluetoothRemoteGATTService service;
  readonly attribute UUID uuid;
  readonly attribute BluetoothCharacteristicProperties properties;
  readonly attribute DataView? value;
  Promise<BluetoothRemoteGATTDescriptor> getDescriptor(BluetoothDescriptorUUID descriptor);
  Promise<sequence<BluetoothRemoteGATTDescriptor>>
    getDescriptors(optional BluetoothDescriptorUUID descriptor);
  Promise<DataView> readValue();
  Promise<undefined> writeValue(BufferSource value);
  Promise<undefined> writeValueWithResponse(BufferSource value);
  Promise<undefined> writeValueWithoutResponse(BufferSource value);
  Promise<BluetoothRemoteGATTCharacteristic> startNotifications();
  Promise<BluetoothRemoteGATTCharacteristic> stopNotifications();
};
BluetoothRemoteGATTCharacteristic includes CharacteristicEventHandlers;
service is the GATT service this characteristic belongs to.

uuid is the UUID of the characteristic, e.g. '00002a37-0000-1000-8000-00805f9b34fb' for the Heart Rate Measurement characteristic.

properties holds the properties of this characteristic.

value is the currently cached characteristic value. This value gets updated when the value of the characteristic is read or updated via a notification or indication.

Instances of BluetoothRemoteGATTCharacteristic are created with the internal slots described in the following table:

Internal Slot Initial Value Description (non-normative)
[[representedCharacteristic]] <always set in prose> The Characteristic this object represents, or null if the Characteristic has been removed or otherwise invalidated.
To create a BluetoothRemoteGATTCharacteristic representing a Characteristic characteristic, the UA must return a new promise promise and run the following steps in parallel.
  1. Let result be a new instance of BluetoothRemoteGATTCharacteristic with its [[representedCharacteristic]] slot initialized to characteristic.

  2. Initialize result.service from the BluetoothRemoteGATTService instance representing the Service in which characteristic appears.

  3. Initialize result.uuid from the UUID of characteristic.

  4. Create a BluetoothCharacteristicProperties instance from the Characteristic characteristic, and let propertiesPromise be the result.

  5. Wait for propertiesPromise to settle.

  6. If propertiesPromise was rejected, resolve promise with propertiesPromise and abort these steps.

  7. Initialize result.properties from the value propertiesPromise was fulfilled with.

  8. Initialize result.value to null. The UA MAY initialize result.value to a new DataView wrapping a new ArrayBuffer containing the most recently read value from characteristic if this value is available.

  9. Resolve promise with result.

The getDescriptor(descriptor) method retrieves a Descriptor inside this Characteristic. When invoked, it MUST return

GetGATTChildren(attribute=this,
single=true,
uuidCanonicalizer=BluetoothUUID.getDescriptor,
uuid=descriptor,
allowedUuids=undefined,
child type="GATT Descriptor")

The getDescriptors(descriptor) method retrieves a list of Descriptors inside this Characteristic. When invoked, it MUST return

GetGATTChildren(attribute=this,
single=false,
uuidCanonicalizer=BluetoothUUID.getDescriptor,
uuid=descriptor,
allowedUuids=undefined,
child type="GATT Descriptor")

The readValue() method, when invoked, MUST run the following steps:
  1. If this.uuid is blocklisted for reads, return a promise rejected with a SecurityError and abort these steps.

  2. If this.service.device.gatt.connected is false, return a promise rejected with a NetworkError and abort these steps.

  3. Let characteristic be this.[[representedCharacteristic]].

  4. If characteristic is null, return a promise rejected with an InvalidStateError and abort these steps.

  5. Return a this.service.device.gatt-connection-checking wrapper around a new promise promise and run the following steps in parallel:

    1. If the Read bit is not set in characteristic’s properties, reject promise with a NotSupportedError and abort these steps.

    2. If the UA is currently using the Bluetooth system, it MAY reject promise with a NetworkError and abort these steps.

      Implementations may be able to avoid this NetworkError, but for now sites need to serialize their use of this API and/or give the user a way to retry failed operations. [Issue #188]

    3. Use any combination of the sub-procedures in the Characteristic Value Read procedure to retrieve the value of characteristic. Handle errors as described in § 6.7 Error handling.

    4. If the previous step returned an error, reject promise with that error and abort these steps.

    5. Queue a task to perform the following steps:

      1. If promise is not in this.service.device.gatt.[[activeAlgorithms]], reject promise with a NetworkError and abort these steps.

      2. Let buffer be an ArrayBuffer holding the retrieved value, and assign new DataView(buffer) to this.value.

      3. Fire an event named characteristicvaluechanged with its bubbles attribute initialized to true at this.

      4. Resolve promise with this.value.

To WriteCharacteristicValue( this: BluetoothRemoteGATTCharacteristic,
value: BufferSource,
response: string),

the UA MUST perform the following steps:
  1. If this.uuid is blocklisted for writes, return a promise rejected with a SecurityError and abort these steps.

  2. Let bytes be a copy of the bytes held by value.

  3. If bytes is more than 512 bytes long (the maximum length of an attribute value, per Long Attribute Values) return a promise rejected with an InvalidModificationError and abort these steps.

  4. If this.service.device.gatt.connected is false, return a promise rejected with a NetworkError and abort these steps.

  5. Let characteristic be this.[[representedCharacteristic]].

  6. If characteristic is null, return a promise rejected with an InvalidStateError and abort these steps.

  7. Return a this.service.device.gatt- connection-checking wrapper around a new promise promise and run the following steps in parallel.

    1. Assert: response is one of "required", "never", or "optional".

    2. If the UA is currently using the Bluetooth system, it MAY reject promise with a NetworkError and abort these steps.

      Implementations may be able to avoid this NetworkError, but for now sites need to serialize their use of this API and/or give the user a way to retry failed operations. [Issue #188]

    3. Write bytes to characteristic by performing the following steps:

      If response is "required"
      Use the Write Characteristic Value procedure.
      If response is "never"
      Use the Write Without Response procedure.
      Otherwise
      Use any combination of the sub-procedures in the Characteristic Value Write procedure.
      Handle errors as described in § 6.7 Error handling.
    4. If the previous step returned an error, reject promise with that error and abort these steps.

    5. Queue a task to perform the following steps:

      1. If promise is not in this.service.device.gatt.[[activeAlgorithms]], reject promise with a NetworkError and abort these steps.

      2. Set this.value to a new DataView wrapping a new ArrayBuffer containing bytes.

      3. Resolve promise with undefined.

Deprecated. Use writeValueWithResponse() and writeValueWithoutResponse() instead.

The writeValue(value) method, when invoked, MUST return

WriteCharacteristicValue( this=this,
value=value,
response="optional")

This method is for backwards compatibility only. New implementations should not implement this method. [Issue #238]

The writeValueWithResponse(value) method, when invoked, MUST return

WriteCharacteristicValue( this=this,
value=value,
response="required")

The writeValueWithoutResponse(value) method, when invoked, MUST return

WriteCharacteristicValue( this=this,
value=value,
response="never")

The UA MUST maintain a map from each known GATT Characteristic to a set of Bluetooth objects known as the characteristic’s active notification context set.

Note: The set for a given characteristic holds the navigator.bluetooth objects for each Realm that has registered for notifications. All notifications become inactive when a device is disconnected. A site that wants to keep getting notifications after reconnecting needs to call startNotifications() again, and there is an unavoidable risk that some notifications will be missed in the gap before startNotifications() takes effect.
The startNotifications() method, when invoked, MUST return a new promise promise and run the following steps in parallel. See § 6.6.4 Responding to Notifications and Indications for details of receiving notifications.
  1. If this.uuid is blocklisted for reads, reject promise with a SecurityError and abort these steps.

  2. If this.service.device.gatt.connected is false, reject promise with a NetworkError and abort these steps.

  3. Let characteristic be this.[[representedCharacteristic]].

  4. If characteristic is null, return a promise rejected with an InvalidStateError and abort these steps.

  5. If neither of the Notify or Indicate bits are set in characteristic’s properties, reject promise with a NotSupportedError and abort these steps.

  6. If characteristic’s active notification context set contains navigator.bluetooth, resolve promise with this and abort these steps.

  7. If the UA is currently using the Bluetooth system, it MAY reject promise with a NetworkError and abort these steps.

    Implementations may be able to avoid this NetworkError, but for now sites need to serialize their use of this API and/or give the user a way to retry failed operations. [Issue #188]

  8. If the characteristic has a Client Characteristic Configuration descriptor, use any of the Characteristic Descriptors procedures to ensure that one of the Notification or Indication bits in characteristic’s Client Characteristic Configuration descriptor is set, matching the constraints in characteristic’s properties. The UA SHOULD avoid setting both bits, and MUST deduplicate value-change events if both bits are set. Handle errors as described in § 6.7 Error handling.

    Note: Some devices have characteristics whose properties include the Notify or Indicate bit but that don’t have a Client Characteristic Configuration descriptor. These non-standard-compliant characteristics tend to send notifications or indications unconditionally, so this specification allows applications to simply subscribe to their messages.
  9. If the previous step returned an error, reject promise with that error and abort these steps.

  10. Add navigator.bluetooth to characteristic’s active notification context set.

  11. Resolve promise with this.

Note: After notifications are enabled, the resulting value-change events won’t be delivered until after the current microtask checkpoint. This allows a developer to set up handlers in the .then handler of the result promise.
The stopNotifications() method, when invoked, MUST return a new promise promise and run the following steps in parallel:
  1. Let characteristic be this.[[representedCharacteristic]].

  2. If characteristic is null, return a promise rejected with an InvalidStateError and abort these steps.

  3. If characteristic’s active notification context set contains navigator.bluetooth, remove it.

  4. If characteristic’s active notification context set became empty and the characteristic has a Client Characteristic Configuration descriptor, the UA SHOULD use any of the Characteristic Descriptors procedures to clear the Notification and Indication bits in characteristic’s Client Characteristic Configuration descriptor.

  5. Queue a task to resolve promise with this.

Note: Queuing a task to resolve the promise ensures that no value change events due to notifications arrive after the promise resolves.

6.4.1. BluetoothCharacteristicProperties

Each BluetoothRemoteGATTCharacteristic exposes its characteristic properties through a BluetoothCharacteristicProperties object. These properties express what operations are valid on the characteristic.

[Exposed=Window, SecureContext]
interface BluetoothCharacteristicProperties {
  readonly attribute boolean broadcast;
  readonly attribute boolean read;
  readonly attribute boolean writeWithoutResponse;
  readonly attribute boolean write;
  readonly attribute boolean notify;
  readonly attribute boolean indicate;
  readonly attribute boolean authenticatedSignedWrites;
  readonly attribute boolean reliableWrite;
  readonly attribute boolean writableAuxiliaries;
};
To create a BluetoothCharacteristicProperties instance from the Characteristic characteristic, the UA MUST return a new promise promise and run the following steps in parallel:
  1. Let propertiesObj be a new instance of BluetoothCharacteristicProperties.

  2. Let properties be the characteristic properties of characteristic.

  3. Initialize the attributes of propertiesObj from the corresponding bits in properties:

    Attribute Bit
    broadcast Broadcast
    read Read
    writeWithoutResponse Write Without Response
    write Write
    notify Notify
    indicate Indicate
    authenticatedSignedWrites Authenticated Signed Writes
  4. If the Extended Properties bit of the characteristic properties is not set, initialize propertiesObj.reliableWrite and propertiesObj.writableAuxiliaries to false. Otherwise, run the following steps:

    1. Discover the Characteristic Extended Properties descriptor for characteristic and read its value into extendedProperties. Handle errors as described in § 6.7 Error handling.

      Characteristic Extended Properties isn’t clear whether the extended properties are immutable for a given Characteristic. If they are, the UA should be allowed to cache them.

    2. If the previous step returned an error, reject promise with that error and abort these steps.

    3. Initialize propertiesObj.reliableWrite from the Reliable Write bit of extendedProperties.

    4. Initialize propertiesObj.writableAuxiliaries from the Writable Auxiliaries bit of extendedProperties.

  5. Resolve promise with propertiesObj.

6.5. BluetoothRemoteGATTDescriptor

BluetoothRemoteGATTDescriptor represents a GATT Descriptor, which provides further information about a Characteristic’s value.

[Exposed=Window, SecureContext]
interface BluetoothRemoteGATTDescriptor {
  [SameObject]
  readonly attribute BluetoothRemoteGATTCharacteristic characteristic;
  readonly attribute UUID uuid;
  readonly attribute DataView? value;
  Promise<DataView> readValue();
  Promise<undefined> writeValue(BufferSource value);
};
characteristic is the GATT characteristic this descriptor belongs to.

uuid is the UUID of the characteristic descriptor, e.g. '00002902-0000-1000-8000-00805f9b34fb' for the Client Characteristic Configuration descriptor.

value is the currently cached descriptor value. This value gets updated when the value of the descriptor is read.

Instances of BluetoothRemoteGATTDescriptor are created with the internal slots described in the following table:

Internal Slot Initial Value Description (non-normative)
[[representedDescriptor]] <always set in prose> The Descriptor this object represents, or null if the Descriptor has been removed or otherwise invalidated.
To create a BluetoothRemoteGATTDescriptor representing a Descriptor descriptor, the UA must return a new promise promise and run the following steps in parallel.
  1. Let result be a new instance of BluetoothRemoteGATTDescriptor with its [[representedDescriptor]] slot initialized to descriptor.

  2. Initialize result.characteristic from the BluetoothRemoteGATTCharacteristic instance representing the Characteristic in which descriptor appears.

  3. Initialize result.uuid from the UUID of descriptor.

  4. Initialize result.value to null. The UA MAY initialize result.value to a new DataView wrapping a new ArrayBuffer containing the most recently read value from descriptor if this value is available.

  5. Resolve promise with result.

The readValue() method, when invoked, MUST run the following steps:
  1. If this.uuid is blocklisted for reads, return a promise rejected with a SecurityError and abort these steps.

  2. If this.characteristic.service.device.gatt.connected is false, return a promise rejected with a NetworkError and abort these steps.

  3. Let descriptor be this.[[representedDescriptor]].

  4. If descriptor is null, return a promise rejected with an InvalidStateError and abort these steps.

  5. Return a this.characteristic.service.device.gatt- connection-checking wrapper around a new promise promise and run the following steps in parallel:

    1. If the UA is currently using the Bluetooth system, it MAY reject promise with a NetworkError and abort these steps.

      Implementations may be able to avoid this NetworkError, but for now sites need to serialize their use of this API and/or give the user a way to retry failed operations. [Issue #188]

    2. Use either the Read Characteristic Descriptors or the Read Long Characteristic Descriptors sub-procedure to retrieve the value of descriptor. Handle errors as described in § 6.7 Error handling.

    3. If the previous step returned an error, reject promise with that error and abort these steps.

    4. Queue a task to perform the following steps:

      1. If promise is not in this.characteristic.service.device.gatt.[[activeAlgorithms]], reject promise with a NetworkError and abort these steps.

      2. Let buffer be an ArrayBuffer holding the retrieved value, and assign new DataView(buffer) to this.value.

      3. Resolve promise with this.value.

The writeValue(value) method, when invoked, MUST run the following steps:
  1. If this.uuid is blocklisted for writes, return a promise rejected with a SecurityError and abort these steps.

  2. Let bytes be a copy of the bytes held by value.

  3. If bytes is more than 512 bytes long (the maximum length of an attribute value, per Long Attribute Values) return a promise rejected with an InvalidModificationError and abort these steps.

  4. If this.characteristic.service.device.gatt.connected is false, return a promise rejected with a NetworkError and abort these steps.

  5. Let descriptor be this.[[representedDescriptor]].

  6. If descriptor is null, return a promise rejected with an InvalidStateError and abort these steps.

  7. Return a this.characteristic.service.device.gatt- connection-checking wrapper around a new promise promise and run the following steps in parallel.

    1. If the UA is currently using the Bluetooth system, it MAY reject promise with a NetworkError and abort these steps.

      Implementations may be able to avoid this NetworkError, but for now sites need to serialize their use of this API and/or give the user a way to retry failed operations. [Issue #188]

    2. Use either the Write Characteristic Descriptors or the Write Long Characteristic Descriptors sub-procedure to write bytes to descriptor. Handle errors as described in § 6.7 Error handling.

    3. If the previous step returned an error, reject promise with that error and abort these steps.

    4. Queue a task to perform the following steps:

      1. If promise is not in this.characteristic.service.device.gatt.[[activeAlgorithms]], reject promise with a NetworkError and abort these steps.

      2. Set this.value to a new DataView wrapping a new ArrayBuffer containing bytes.

      3. Resolve promise with undefined.

6.6. Events

6.6.1. Bluetooth Tree

The Bluetooth tree is the name given to navigator.bluetooth and objects implementing the BluetoothDevice, BluetoothRemoteGATTService, BluetoothRemoteGATTCharacteristic, or BluetoothRemoteGATTDescriptor interface participate in a tree.

6.6.2. Event types

advertisementreceived
Fired on a BluetoothDevice when an advertising event is received from that device.
availabilitychanged
Fired on navigator.bluetooth when the Bluetooth system as a whole becomes available or unavailable to the UA.
characteristicvaluechanged
Fired on a BluetoothRemoteGATTCharacteristic when its value changes, either as a result of a read request , or a value change notification/indication.
gattserverdisconnected
Fired on a BluetoothDevice when an active GATT connection is lost.
serviceadded
Fired on a new BluetoothRemoteGATTService when it has been discovered on a remote device, just after it is added to the Bluetooth tree.
servicechanged
Fired on a BluetoothRemoteGATTService when its state changes. This involves any characteristics and/or descriptors that get added or removed from the service, as well as Service Changed indications from the remote device.
serviceremoved
Fired on a BluetoothRemoteGATTService when it has been removed from its device, just before it is removed from the Bluetooth tree.

6.6.3. Responding to Disconnection

When a Bluetooth device device’s ATT Bearer is lost (e.g. because the remote device moved out of range or the user used a platform feature to disconnect it), for each BluetoothDevice deviceObj the UA MUST queue a task on deviceObj’s relevant settings object’s responsible event loop to perform the following steps:
  1. If deviceObj.[[representedDevice]] is not the same device as device, abort these steps.

  2. If !deviceObj.gatt.connected, abort these steps.

  3. Clean up the disconnected device deviceObj.

To clean up the disconnected device deviceObj, the UA must:
  1. Set deviceObj.gatt.connected to false.

  2. Clear deviceObj.gatt.[[activeAlgorithms]].

  3. Let context be deviceObj.[[context]].

  4. Remove all entries from context.[[attributeInstanceMap]] whose keys are inside deviceObj.[[representedDevice]].

  5. For each BluetoothRemoteGATTService service in deviceObj’s realm, set service.[[representedService]] to null.

  6. For each BluetoothRemoteGATTCharacteristic characteristic in deviceObj’s realm, do the following sub-steps:

    1. Let notificationContexts be characteristic.[[representedCharacteristic]]’s active notification context set.

    2. Remove context from notificationContexts.

    3. If notificationContexts became empty and there is still an ATT Bearer to deviceObj.[[representedDevice]] and characteristic has a Client Characteristic Configuration descriptor, the UA SHOULD use any of the Characteristic Descriptors procedures to clear the Notification and Indication bits in characteristic’s Client Characteristic Configuration descriptor.

    4. Set characteristic.[[representedCharacteristic]] to null.

  7. For each BluetoothRemoteGATTDescriptor descriptor in deviceObj’s realm, set descriptor.[[representedDescriptor]] to null.

  8. Fire an event named gattserverdisconnected with its bubbles attribute initialized to true at deviceObj.

    Note: This event is not fired at the BluetoothRemoteGATTServer.

6.6.4. Responding to Notifications and Indications

When the UA receives a Bluetooth Characteristic Value Notification or Indication, it must perform the following steps:
  1. For each bluetoothGlobal in the Characteristic’s active notification context set, queue a task on the event loop of the script settings object of bluetoothGlobal to do the following sub-steps:

    1. Let characteristicObject be the BluetoothRemoteGATTCharacteristic in the Bluetooth tree rooted at bluetoothGlobal that represents the Characteristic.

    2. If characteristicObject .service.device.gatt.connected is false, abort these sub-steps.

    3. Set characteristicObject.value to a new DataView wrapping a new ArrayBuffer holding the new value of the Characteristic.

    4. Fire an event named characteristicvaluechanged with its bubbles attribute initialized to true at characteristicObject.

6.6.5. Responding to Service Changes

The Bluetooth Attribute Caching system allows clients to track changes to Services, Characteristics, and Descriptors. Before discovering any of these attributes for the purpose of exposing them to a web page the UA MUST subscribe to Indications from the Service Changed characteristic, if it exists. When the UA receives an Indication on the Service Changed characteristic, it MUST perform the following steps.
  1. Let removedAttributes be the list of attributes in the range indicated by the Service Changed characteristic that the UA had discovered before the Indication.

  2. Use the Primary Service Discovery, Relationship Discovery, Characteristic Discovery, and Characteristic Descriptor Discovery procedures to re-discover attributes in the range indicated by the Service Changed characteristic. The UA MAY skip discovering all or part of the indicated range if it can prove that the results of that discovery could not affect the events fired below.

  3. Let addedAttributes be the list of attributes discovered in the previous step.

  4. If an attribute with the same definition (see the Service Interoperability Requirements), ignoring Characteristic and Descriptor values, appears in both removedAttributes and addedAttributes, remove it from both.

    Given the following device states:
    State 1
    • Service A
      • Characteristic C: value [1, 2, 3]
    • Service B
    State 2
    • Service A
      • Characteristic C: value [3, 2, 1]
    • Service B
    State 3
    • Service A
      • Characteristic D: value [3, 2, 1]
    • Service B
    State 4
    • Service A
      • Characteristic C: value [1, 2, 3]
    • Service B
      • Include Service A

    A transition from state 1 to 2 leaves service A with "the same definition, ignoring Characteristic and Descriptor values", which means it’s removed from both removedAttributes and addedAttributes, and it wouldn’t appear in any servicechanged events.

    A transition from state 1 to 3 leaves service A with a different definition, because a service definition includes its characteristic definitions, so it’s left in both removedAttributes and addedAttributes. Then in step 8, the service is moved to changedServices, which makes it cause a servicechanged event instead of both a serviceadded and serviceremoved. Step 9 also adds service A to changedServices because characteristic C was removed and characteristic D was added.

    A transition from state 1 to 4 is similar to the 1->3 transition. Service B is moved to changedServices in step 8, but no characteristics or descriptors have changed, so it’s not redundantly added in step 9.

  5. Let invalidatedAttributes be the attributes in removedAttributes but not addedAttributes.

  6. For each environment settings object settings in the UA, queue a task on its responsible event loop to do the following sub-steps:

    1. For each BluetoothRemoteGATTService service whose relevant settings object is settings, if service.[[representedService]] is in invalidatedAttributes, set service.[[representedService]] to null.

    2. For each BluetoothRemoteGATTCharacteristic characteristic whose relevant settings object is settings, if characteristic.[[representedCharacteristic]] is in invalidatedAttributes, set characteristic.[[representedCharacteristic]] to null.

    3. For each BluetoothRemoteGATTDescriptor descriptor whose relevant settings object is settings, if descriptor.[[representedDescriptor]] is in invalidatedAttributes, set descriptor.[[representedDescriptor]] to null.

    4. Let global be settingsglobal object.

    5. Remove every entry from global.navigator.bluetooth.[[attributeInstanceMap]] that represents an attribute that is in invalidatedAttributes.

  7. Let changedServices be a set of Services, initially empty.

  8. If the same Service appears in both removedAttributes and addedAttributes, remove it from both, and add it to changedServices.

  9. For each Characteristic and Descriptor in removedAttributes or addedAttributes, remove it from its original list, and add its parent Service to changedServices.

    Note: After this point, removedAttributes and addedAttributes contain only Services.
  10. If a Service in addedAttributes would not have been returned from any previous call to getPrimaryService, getPrimaryServices, getIncludedService, or getIncludedServices if it had existed at the time of the call, the UA MAY remove the Service from addedAttributes.

  11. Let changedDevices be the set of Bluetooth devices that contain any Service in removedAttributes, addedAttributes, and changedServices.

  12. For each BluetoothDevice deviceObj that is connected to a device in changedDevices, queue a task on its relevant global object’s responsible event loop to do the following steps:

    1. For each Service service in removedAttributes:

      1. If deviceObj.[[allowedServices]] is "all" or contains the Service’s UUID, fire an event named serviceremoved with its bubbles attribute initialized to true at the BluetoothRemoteGATTService representing the Service.

      2. Remove this BluetoothRemoteGATTService from the Bluetooth tree.

    2. For each Service in addedAttributes, if deviceObj.[[allowedServices]] is "all" or contains the Service’s UUID, add the BluetoothRemoteGATTService representing this Service to the Bluetooth tree and then fire an event named serviceadded with its bubbles attribute initialized to true at the BluetoothRemoteGATTService.

    3. For each Service in changedServices, if deviceObj.[[allowedServices]] is "all" or contains the Service’s UUID, fire an event named servicechanged with its bubbles attribute initialized to true at the BluetoothRemoteGATTService representing the Service.

6.6.6. IDL event handlers

[SecureContext]
interface mixin CharacteristicEventHandlers {
  attribute EventHandler oncharacteristicvaluechanged;
};

oncharacteristicvaluechanged is an Event handler IDL attribute for the characteristicvaluechanged event type.

[SecureContext]
interface mixin BluetoothDeviceEventHandlers {
  attribute EventHandler onadvertisementreceived;
  attribute EventHandler ongattserverdisconnected;
};

onadvertisementreceived is an Event handler IDL attribute for the advertisementreceived event type.

ongattserverdisconnected is an Event handler IDL attribute for the gattserverdisconnected event type.

[SecureContext]
interface mixin ServiceEventHandlers {
  attribute EventHandler onserviceadded;
  attribute EventHandler onservicechanged;
  attribute EventHandler onserviceremoved;
};

onserviceadded is an Event handler IDL attribute for the serviceadded event type.

onservicechanged is an Event handler IDL attribute for the servicechanged event type.

onserviceremoved is an Event handler IDL attribute for the serviceremoved event type.

6.7. Error handling

Note: This section primarily defines the mapping from system errors to Javascript error names and allows UAs to retry certain operations. The retry logic and possible error distinctions are highly constrained by the operating system, so places these requirements don’t reflect reality are likely spec bugs instead of browser bugs.
When the UA is using a GATT procedure to execute a step in an algorithm or to handle a query to the Bluetooth cache (both referred to as a "step", here), and the GATT procedure returns an Error Response, the UA MUST perform the following steps:
  1. If the procedure times out or the ATT Bearer (described in Profile Fundamentals) is absent or terminated for any reason, return a NetworkError from the step and abort these steps.

  2. Take the following actions depending on the Error Code:

    Invalid PDU
    Invalid Offset
    Attribute Not Found
    Unsupported Group Type
    These error codes indicate that something unexpected happened at the protocol layer, likely either due to a UA or device bug. Return a NotSupportedError from the step.
    Invalid Handle
    Return an InvalidStateError from the step.
    Invalid Attribute Value Length
    Return an InvalidModificationError from the step.
    Attribute Not Long

    If this error code is received without having used a "Long" sub-procedure, this may indicate a device bug. Return a NotSupportedError from the step.

    Otherwise, retry the step without using a "Long" sub-procedure. If this is impossible due to the length of the value being written, return an InvalidModificationError from the step.

    Insufficient Authentication
    Insufficient Encryption
    Insufficient Encryption Key Size
    The UA SHOULD attempt to increase the security level of the connection. If this attempt fails or the UA doesn’t support any higher security, Return a SecurityError from the step. Otherwise, retry the step at the new higher security level.
    Insufficient Authorization
    Return a SecurityError from the step.
    Application Error
    If the GATT procedure was a Write, return an InvalidModificationError from the step. Otherwise, return a NotSupportedError from the step.
    Read Not Permitted
    Write Not Permitted
    Request Not Supported
    Prepare Queue Full
    Insufficient Resources
    Unlikely Error
    Anything else
    Return a NotSupportedError from the step.

7. UUIDs

typedef DOMString UUID;

A UUID string represents a 128-bit [RFC4122] UUID. A valid UUID is a string that matches the [ECMAScript] regexp /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/. That is, a valid UUID is lower-case and does not use the 16- or 32-bit abbreviations defined by the Bluetooth standard. All UUIDs returned from functions and attributes in this specification MUST be valid UUIDs. If a function in this specification takes a parameter whose type is UUID or a dictionary including a UUID attribute, and the argument passed in any UUID slot is not a valid UUID, the function MUST return a promise rejected with a TypeError and abort its other steps.

Note: This standard provides the BluetoothUUID.canonicalUUID(alias) function to map a 16- or 32-bit Bluetooth UUID alias to its 128-bit form.
Note: Bluetooth devices are required to convert 16- and 32-bit UUIDs to 128-bit UUIDs before comparing them (as described in Attribute Type), but not all devices do so. To interoperate with these devices, if the UA has received a UUID from the device in one form (16-, 32-, or 128-bit), it should send other aliases of that UUID back to the device in the same form.

7.1. Standardized UUIDs

The Bluetooth SIG maintains a registry at [BLUETOOTH-ASSIGNED] of UUIDs that identify services, characteristics, descriptors, and other entities. This section provides a way for script to look up those UUIDs by name so they don’t need to be replicated in each application.

A valid name is a string that matches the [ECMAScript] regexp /^[a-z0-9_-.]+$/.

[Exposed=Window]
interface BluetoothUUID {
  static UUID getService((DOMString or unsigned long) name);
  static UUID getCharacteristic((DOMString or unsigned long) name);
  static UUID getDescriptor((DOMString or unsigned long) name);

  static UUID canonicalUUID([EnforceRange] unsigned long alias);
};

typedef (DOMString or unsigned long) BluetoothServiceUUID;
typedef (DOMString or unsigned long) BluetoothCharacteristicUUID;
typedef (DOMString or unsigned long) BluetoothDescriptorUUID;

The static BluetoothUUID. canonicalUUID(alias) method, when invoked, MUST return the 128-bit UUID represented by the 16- or 32-bit UUID alias alias.

Note: This algorithm consists of replacing the top 32 bits of "00000000-0000-1000-8000-00805f9b34fb" with the bits of the alias. For example, canonicalUUID(0xDEADBEEF) returns "deadbeef-0000-1000-8000-00805f9b34fb".
BluetoothServiceUUID represents 16- and 32-bit UUID aliases, valid UUIDs, and valid names from GATT assigned services keys, or, equivalently, the values for which BluetoothUUID.getService() does not throw an exception.

BluetoothCharacteristicUUID represents 16- and 32-bit UUID aliases, valid UUIDs, and valid names from GATT assigned characteristics keys, or, equivalently, the values for which BluetoothUUID.getCharacteristic() does not throw an exception.

BluetoothDescriptorUUID represents 16- and 32-bit UUID aliases, valid UUIDs, and valid names from GATT assigned descriptors keys, or, equivalently, the values for which BluetoothUUID.getDescriptor() does not throw an exception.

To ResolveUUIDName(name, GATT assigned numbers), the UA MUST perform the following steps:
  1. If name is an unsigned long, return BluetoothUUID.canonicalUUID(name) and abort these steps.

  2. If name is a valid UUID, return name and abort these steps.

  3. If name is a valid name and maps to a valid UUID in GATT assigned numbers, let alias be its assigned number, and return BluetoothUUID.canonicalUUID(alias).

  4. Otherwise, throw a TypeError.

The static BluetoothUUID. getService(name) method, when invoked, MUST return ResolveUUIDName(name, GATT assigned services).

The static BluetoothUUID. getCharacteristic(name) method, when invoked, MUST return ResolveUUIDName(name, GATT assigned characteristics).

The static BluetoothUUID. getDescriptor(name) method, when invoked, MUST return ResolveUUIDName(name, GATT assigned descriptors).

BluetoothUUID.getService(" cycling_power") returns "00001818-0000-1000-8000-00805f9b34fb".

BluetoothUUID.getService("00001801-0000-1000-8000-00805f9b34fb") returns "00001801-0000-1000-8000-00805f9b34fb".

BluetoothUUID.getService("unknown-service") throws a TypeError.

BluetoothUUID.getCharacteristic("ieee_11073-20601_regulatory_certification_data_list") returns "00002a2a-0000-1000-8000-00805f9b34fb".

BluetoothUUID.getDescriptor("gatt.characteristic_presentation_format") returns "00002904-0000-1000-8000-00805f9b34fb".

7.2. GATT assigned numbers

This specification provides human-readable names for GATT assigned numbers to increase readability for developers using standardized GATT services, characteristics, and descriptors. The GATT assigned numbers files live in the https://github.com/WebBluetoothCG/registries repository.

This specification previously used a mapping table, provided by the Bluetooth SIG, for defining these human-readable names. When discovered it was no longer maintained, a mapping table was specified directly in the specification.
The result of parsing the GATT assigned numbers at a URL url is a map from valid names to valid UUIDs, or an error, produced by the following algorithm:
  1. Fetch url, and let contents be its body, decoded as UTF-8.

  2. Let lines be contents split on '\n'.

  3. Let result be an empty map.

  4. For each line in lines, do the following sub-steps:

    1. If line is empty or its first character is '#', continue to the next line.

    2. If line consists of a valid name, a space (U+0020), and a valid UUID, let name be that name and let uuid be that UUID.

    3. Otherwise, return an error and abort these steps.

    4. If name is already in result, return an error and abort these steps.

    5. Add a mapping in result from name to uuid.

  5. Return result.

The GATT assigned services are the result of parsing the GATT assigned numbers at https://github.com/WebBluetoothCG/registries/blob/master/gatt_assigned_services.txt. The UA should re-fetch this file periodically, but it’s unspecified how often.

The GATT assigned characteristics are the result of parsing the GATT assigned numbers at https://github.com/WebBluetoothCG/registries/blob/master/gatt_assigned_characteristics.txt. The UA should re-fetch this file periodically, but it’s unspecified how often.

The GATT assigned descriptors are the result of parsing the GATT assigned numbers at https://github.com/WebBluetoothCG/registries/blob/master/gatt_assigned_descriptors.txt. The UA should re-fetch this file periodically, but it’s unspecified how often.

8. Advertising Data Filter

An advertising data filter represents a way to match against manufacturer or service data.

To parse an advertising data filter from a string input, perform the following steps:
  1. Let words be input strictly split on /.

  2. If the length of words is not equal to 2, return an error and abort these steps.

  3. If the length of words[0] is not equal to the length of words[1], return an error and abort these steps.

  4. Let prefixData be words[0].

  5. Let prefixMask be words[1].

  6. If prefixData or prefixMask is not a sequence of ascii lower hex digit, return an error.

  7. Let prefixIndex be 0.

  8. let dataList be an empty list.

  9. let maskList be an empty list.

  10. While prefixIndex is less than the length of prefixData, do the following sub-steps:

    1. Let data be the result of interpreting the characters at index prefixIndex and prefixIndex + 1 of prefixData as a hexadecimal number.

    2. Let mask be the result of interpreting the characters at index prefixIndex and prefixIndex + 1 of prefixMask as a hexadecimal number.

    3. Append data to dataList.

    4. Append mask to maskList.

    5. Set prefixIndex to |prefixIndex| + 2.

  11. Let result be a new BluetoothDataFilterInit dictionary.

  12. Set result[dataPrefix] to an Uint8Array constructed with dataList.

  13. Set result[mask] to an Uint8Array constructed with maskList.

  14. Return result.

9. The Blocklist

This specification relies on blocklist files in the https://github.com/WebBluetoothCG/registries repository to restrict the set of GATT attributes and manufacturer data a website can access.

A valid company identifier string is a seqeunce of ascii lower hex digit that its length is bigger than 0 and less than 5. The official list of company identifies can be found on Bluetooth Assigned Numbers website.

The result of parsing the manufacturer data blocklist at a URL url is a map from Company Identifier Code to a list of BluetoothDataFilterInit, or an error, produced by the following algorithm:
  1. Fetch url, and let contents be its body, decoded as UTF-8.

  2. Let lines be the result of invoking split(separator, limit) on contents with separator '\n'.

  3. Let result be an empty map.

  4. For each line in lines, do the following sub-steps:

    1. If line is empty or its first character is '#', continue to the next line.

    2. Let regExp be a RegExp constructed with 'manufacturer\ ([0-9a-f]+)\ ([0-9a-f]+\/[0-9a-f]+)'.

    3. Let matchResult be the result of invoking regExp.exec(string) on line, or return an error if matchResult is null or the length of matchResult is not equal to 3.

    4. Let companyIdentifierStr be matchResult[1] if matchResult[1] is a valid company identifier string, otherwise return an error.

    5. Let companyIdentifier be the result of interpreting companyIdentifierStr as a hexadecimal number.

    6. Let dataPrefixStr be matchResult[2].

    7. If companyIdentifier is not in result, set result[companyIdentifier] to be an empty list.

    8. Let dataFilter be the result of parsing an advertising data filter at dataPrefixStr if the result is not an error, otherwise return an error.

    9. Append dataFilter to result[companyIdentifier].

  5. Return result.

The result of parsing the gatt blocklist at a URL url is a map from valid UUIDs to tokens, or an error, produced by the following algorithm:
  1. Fetch url, and let contents be its body, decoded as UTF-8.

  2. Let lines be contents split on '\n'.

  3. Let result be an empty map.

  4. For each line in lines, do the following sub-steps:

    1. If line is empty or its first character is '#', continue to the next line.

    2. If line consists of just a valid UUID, let uuid be that UUID and let token be "exclude".

    3. If line consists of a valid UUID, a space (U+0020), and one of the tokens "exclude-reads" or "exclude-writes", let uuid be that UUID and let token be that token.

    4. Otherwise, return an error and abort these steps.

    5. If uuid is already in result, return an error and abort these steps.

    6. Add a mapping in result from uuid to token.

  5. Return result.

The GATT blocklist is the result of parsing the gatt blocklist at https://github.com/WebBluetoothCG/registries/blob/master/gatt_blocklist.txt. The Manufacturer Data blocklist is the result of parsing the manufacturer data blocklist at https://github.com/WebBluetoothCG/registries/blob/master/manufacturer_data_blocklist.txt. The UA should re-fetch the blocklist periodically, but it’s unspecified how often.

A UUID is blocklisted if either the GATT blocklist’s value is an error, or the UUID maps to "exclude" in the GATT blocklist.

A UUID is blocklisted for reads if either the GATT blocklist’s value is an error, or the UUID maps to either "exclude" or "exclude-reads" in the GATT blocklist.

A UUID is blocklisted for writes if either the GATT blocklist’s value is an error, or the UUID maps to either "exclude" or "exclude-writes" in the GATT blocklist.

A manufacturer data manufacturerData is a blocklisted manufacturer data if the following steps return blocked:
  1. If the Manufacturer Data blocklist’s value is an error, return blocked.

  2. Let manufacturerBlocklist be the Manufacturer Data blocklist’s value.

  3. Let companyIdentifier be the company identifier of manufacturerData.

  4. If companyIdentifier is not in manufacturerBlocklist, return unblocked.

  5. For each dataFilter in manufacturerBlocklist[companyIdentifier], do the following sub-steps:

    1. If the advertising data of manufacturerData matches dataFilter, return blocked.

  6. Return unblocked.

A manufacturer data filter manufacturerDataFilter is a blocklisted manufacturer data filter if the following steps return blocked:
  1. If the Manufacturer Data blocklist’s value is an error, return blocked.

  2. Let manufacturerBlocklist be the Manufacturer Data blocklist’s value.

  3. Let companyIdentifier be manufacturerDataFilter["companyIdentifier"].

  4. If companyIdentifier is not in manufacturerBlocklist, return unblocked.

  5. For each dataFilter in manufacturerBlocklist[companyIdentifier], do the following sub-steps:

    1. If manufacturerDataFilter is a strict subset of dataFilter, return blocked.

  6. Return unblocked.

[SecureContext]
partial interface Navigator {
  [SameObject]
  readonly attribute Bluetooth bluetooth;
};

Each Navigator has an associated Bluetooth, which is a Bluetooth object. Upon creation of the Navigator object, its associated Bluetooth must be set to a new Bluetooth object created in the Navigator object’s relevant realm.

Navigator's bluetooth getter steps are to return this's associated Bluetooth.

11. Integrations

11.1. Permissions Policy

This specification defines a policy-controlled feature, identified by the token "bluetooth", that controls whether the methods exposed by the bluetooth attribute on the Navigator object may be used.

The default allowlist for this feature is ["self"].

12. Automated testing

For the purposes of user-agent automation and application testing, this document defines extensions to the [WebDriver-BiDi] specification.

The Web Bluetooth API and its extension specifications pose a challenge to test authors, as fully exercising those interfaces requires physical hardware devices that respond in predictable ways. To address this challenge this document defines a number of WebDriver-BiDi extension commands that allow defining and controlling simulated peripherals and advertisements that behave like physical device peripherals and their advertisements. These simulated peripherals and advertisements represent devices with particular properties and whose readings can be entirely defined by users.

Each top-level traversable may have a simulated Bluetooth adapter, that is a software defined Bluetooth adapter that has a set of discovered simulated Bluetooth devices and can assume roles like Central.

Each simulated Bluetooth adapter has a simulated Bluetooth device mapping, which is an ordered map of Bluetooth address strings to simulated Bluetooth devices.

Each simulated Bluetooth adapter has an adapter state that is a string enumeration describing the current state of the adapter. The possible enumeration values are:

A simulated Bluetooth device is a software defined Bluetooth device that behaves like a physical device, and may be attached to a simulated Bluetooth adapter, and may have associated properties like Manufacturer Specific Data and Service UUIDs.

CDDL snippetes use the "text" type instead of "browsingContext.BrowsingContext" to allow indepedent programmatic processing of CDDL snippets. Currently, other modules cannot be referenced.

12.1. Definitions

bluetooth.BluetoothServiceUuid = text;
bluetooth.BluetoothManufacturerData = { key: uint, data: tstr };
key
is the Company Identifier Code.
data
is the manufacturer data byte sequence, base64 encoded.

12.2. The bluetooth module

The bluetooth module contains commands for managing the remote end Bluetooth behavior.

12.2.1. Types

12.2.1.1. The bluetooth.RequestDevice Type
bluetooth.RequestDevice = text

A bluetooth.RequestDevice is an identifier for a single device in a request device prompt.

A device prompt is a tuple consisting of a device prompt id (a string) and a set of devices which is a set of BluetoothDevice objects. It represents a prompt which allows a user to choose a Bluetooth device.

12.2.1.2. The bluetooth.RequestDeviceInfo Type
bluetooth.RequestDeviceInfo = {
   id: bluetooth.RequestDevice,
   name: text / null,
}

A bluetooth.RequestDeviceInfo represents a single device in a request device prompt.

To serialize a device given a BluetoothDevice device:
  1. Let id be device.id.

  2. Let name be device.name.

  3. Return a map matching the bluetooth.RequestDeviceInfo production, with "id" set to id and "name" set to name.

12.2.1.3. The bluetooth.RequestDevicePrompt Type
bluetooth.RequestDevicePrompt = text

A bluetooth.RequestDevicePrompt is an identifier for a single prompt.

A remote end has a map of navigables to device prompts which is a map whose keys are navigable ids and values are device prompts.

To get a prompt given navigableId and promptId:
  1. Let promptMap be the map of navigables to device prompts.

  2. If promptMap[navigableId] does not exist:

    1. Return error with error code no such prompt.

  3. Let prompt be map of navigables to device prompts[navigableId].

  4. If prompt’s device prompt id is not promptId:

    1. Return error with error code no such prompt.

  5. Return success with data prompt.

To match a device in prompt given device prompt prompt and deviceId:
  1. For each device in prompt’s set of devices:

    1. If device.id is deviceId, return success with data device.

  2. Otherwise:

    1. Return error with error code no such device.

To serialize prompt devices given device prompt prompt:
  1. Let devices be an empty list.

  2. For each device in prompt’s set of devices.

    1. Append the result of serializing device to devices.

  3. Return devices.

12.2.1.4. The bluetooth.ScanRecord Type
bluetooth.ScanRecord = {
  ? name: text,
  ? uuids: [ * bluetooth.BluetoothServiceUuid ],
  ? appearance: number,
  ? manufacturerData: [ * bluetooth.BluetoothManufacturerData ],
}

A bluetooth.ScanRecord represents data of the advertisement packet sent by a Bluetooth device.

name
is the Bluetooth device's local name, or a prefix of it.
uuids
lists the Service UUIDs that this scan record says the Bluetooth device's GATT server supports.
appearance
is an Appearance, one of the values defined by the gap.appearance characteristic.
manufacturerData
list of BluetoothManufacturerData that maps unsigned short Company Identifier Codes to base64 encoded manufacturer data byte sequences.

12.2.2. Errors

This specification extends the set of error codes from WebDriver BiDi with the following additional codes:

no such device
Tried to reference an unknown BluetoothDevice.
no such prompt
Tried to reference an unknown device prompt.

12.2.3. Commands

12.2.3.1. The bluetooth.handleRequestDevicePrompt Command
bluetooth.HandleRequestDevicePrompt = (
   method: "bluetooth.handleRequestDevicePrompt",
   params: bluetooth.HandleRequestDevicePromptParameters,
)

bluetooth.HandleRequestDevicePromptParameters = {
   context: text,
   prompt: bluetooth.RequestDevicePrompt,
   (
       bluetooth.HandleRequestDevicePromptAcceptParameters //
       bluetooth.HandleRequestDevicePromptCancelParameters
   )
}

bluetooth.HandleRequestDevicePromptAcceptParameters = (
   accept: true,
   device: bluetooth.RequestDevice,
)

bluetooth.HandleRequestDevicePromptCancelParameters = (
   accept: false,
)
The remote end steps with command parameters are:
  1. Let contextId be params["context"].

  2. Let promptId be params["prompt"].

  3. Let prompt be the result of trying to get a prompt with contextId and promptId.

  4. Let accept be the value of the accept field of command parameters.

  5. If accept is true:

    1. Let deviceId be the value of the device field of command parameters.

    2. Let device be the result of trying to match a device in prompt given prompt and deviceId.

    3. Acknowledge prompt with device.

  6. Otherwise:

    1. Dismiss prompt.

  7. Return success with data null.

A local end could dismiss a prompt by sending the following message:
{
  "method": "bluetooth.handleRequestDevicePrompt",
  "params": {
    "context": "cxt-d03fdd81",
    "prompt": "pmt-e0a234b",
    "accept": true,
    "device": "dvc-9b3b872"
  }
}
12.2.3.2. The bluetooth.simulateAdapter Command
bluetooth.simulateAdapter = (
   method: "bluetooth.simulateAdapter",
   params: bluetooth.SimulateAdapterParameters,
)

bluetooth.SimulateAdapterParameters = {
   context: text,
   state: "absent" / "powered-off" / "powered-on"
}
The remote end steps with command parameters params are:
  1. Let contextId be params["context"].

  2. Let navigable be the result of trying to get a navigable with contextId.

  3. If navigable is not a top-level traversable, return error with error code invalid argument.

  4. Let simulatedBluetoothAdapter be a new simulated Bluetooth adapter.

  5. Set simulatedBluetoothAdapter’s adapter state to params["state"].

  6. Set navigable’s simulated Bluetooth adapter to simulatedBluetoothAdapter.

  7. Return success with data null.

A local end could simulate an adapter by sending the following message:
{
  "method": "bluetooth.simulateAdapter",
  "params": {
    "context": "cxt-d03fdd81",
    "state": "powered-on",
  }
}
12.2.3.3. The bluetooth.simulatePreconnectedPeripheral Command
bluetooth.SimulatePreconnectedPeripheral = (
   method: "bluetooth.simulatePreconnectedPeripheral",
   params: bluetooth.SimulatePreconnectedPeripheralParameters,
)

bluetooth.SimulatePreconnectedPeripheralParameters = {
   context: text,
   address: text,
   name: text,
   manufacturerData: [ * bluetooth.BluetoothManufacturerData ],
   knownServiceUuids: [ * bluetooth.BluetoothServiceUuid ]
}
The remote end steps with command parameters params are:
  1. Let contextId be params["context"].

  2. Let navigable be the result of trying to get a navigable with contextId.

  3. If navigable is not a top-level traversable, return error with error code invalid argument.

  4. Let simulatedBluetoothAdapter be navigable’s simulated Bluetooth adapter.

  5. If simulatedBluetoothAdapter is empty, return error with error code invalid argument.

  6. Let deviceAddress be params["address"].

  7. Let deviceMapping be simulatedBluetoothAdapter’s simulated Bluetooth device mapping.

  8. If deviceMapping[deviceAddress] exists, return error with error code invalid argument.

  9. Let simulatedBluetoothDevice be a new simulated Bluetooth device.

  10. Set simulatedBluetoothDevice’s name to params["name"].

  11. Set simulatedBluetoothDevice’s address to params["address"].

  12. Set simulatedBluetoothDevice’s manufacturer specific data to the output of forgiving-base64 decode performed on params["manufacturerData"].

  13. Set simulatedBluetoothDevice’s service UUIDs to params["knownServiceUuids"].

  14. Set deviceMapping[deviceAddress] to simulatedBluetoothDevice.

  15. Return success with data null.

A local end could simulate a preconnected peripheral by sending the following message:
{
  "method": "bluetooth.simulatePreconnectedPeripheral",
  "params": {
    "context": "cxt-d03fdd81",
    "address": "09:09:09:09:09:09",
    "name": "Some Device",
    "manufacturerData": [ { key: 17, data: "AP8BAX8=" } ],
    "knownServiceUuids": [
      "12345678-1234-5678-9abc-def123456789",
    ],
  }
}
12.2.3.4. The bluetooth.simulateAdvertisement Command
bluetooth.SimulateAdvertisement = (
   method: "bluetooth.simulateAdvertisement",
   params: bluetooth.SimulateAdvertisementParameters,
)

bluetooth.SimulateAdvertisementParameters = {
   context: text,
   scanEntry: bluetooth.SimulateAdvertisementScanEntryParameters
}

bluetooth.SimulateAdvertisementScanEntryParameters = {
   deviceAddress: text,
   rssi: number,
   scanRecord: bluetooth.ScanRecord
}
The remote end steps with command parameters params are:
  1. Let contextId be params["context"].

  2. Let topLevelNavigable be the result of trying to get a navigable with contextId.

  3. If topLevelNavigable is not a top-level traversable, return error with error code invalid argument.

  4. Let scanEntry be params["scanEntry"].

  5. Let deviceAddress be scanEntry["deviceAddress"].

  6. Let simulatedBluetoothAdapter be topLevelNavigable’s simulated Bluetooth adapter.

  7. If simulatedBluetoothAdapter is empty, return error with error code invalid argument.

  8. Let deviceMapping be simulatedBluetoothAdapter’s simulated Bluetooth device mapping.

  9. If deviceMapping[deviceAddress] exists, let simulatedDevice be deviceMapping[deviceAddress]. Otherwise, let simulatedDevice be a new simulated Bluetooth device with deviceAddress and set deviceMapping[deviceAddress] to simulatedDevice.

  10. If topLevelNavigable is currently executing the scan for devices algorithm, insert simulatedDevice into the simulatedBluetoothDevices variable within that algorithm.

    Inserting data into variables from another algorithm is not well defined. The scan for devices algorithm needs to define asynchronous device discovery in order to match implementations.

  11. Let navigables be the inclusive descendant navigables of topLevelNavigable’s active document.

  12. For each navigable of navigables:

    1. Let document be navigable’s active document.

    2. Queue a task on document’s relevant settings object’s responsible event loop to do the following sub-steps:

      1. Let simulatedDeviceInstance be the result of get the BluetoothDevice representing simulatedDevice inside navigable’s active window’s associated Navigator’s associated Bluetooth.

      2. If simulatedDeviceInstance.[[watchAdvertisementsState]] is not-watching, abort these sub-steps.

      3. Fire an advertisementreceived event for the advertising event represented by scanEntry["scanRecord"], at simulatedDeviceInstance.

  13. Return success with data null.

A local end could simulate a device advertisement by sending the following message:
{
  "method": "bluetooth.simulateAdvertisement",
  "params": {
    "context": "cxt-d03fdd81",
    "scanEntry": {
      "deviceAddress": "08:08:08:08:08:08",
      "rssi": -10,
      "scanRecord": {
        "name": "Heart Rate",
        "uuids": ["0000180d-0000-1000-8000-00805f9b34fb"],
        "manufacturerData": [ { key: 17, data: "AP8BAX8=" } ],
        "appearance": 1,
        "txPower": 1
      }
    }
  }
}

12.2.4. Events

12.2.4.1. The bluetooth.requestDevicePromptUpdated Event
bluetooth.RequestDevicePromptUpdated = (
   method: "bluetooth.requestDevicePromptUpdated",
   params: bluetooth.RequestDevicePromptUpdatedParameters
)

bluetooth.RequestDevicePromptUpdatedParameters = {
   context: text,
   prompt: bluetooth.RequestDevicePrompt,
   devices: [* bluetooth.RequestDeviceInfo],
}
To trigger a prompt updated event given a navigable navigable, a string promptId, and a set of Bluetooth devices devices:
  1. Let navigableId be navigable’s navigable id.

  2. Let prompt be the device prompt (promptId, devices).

  3. Let serialized devices be the result of serialize prompt devices with prompt.

  4. Set map of navigables to device prompts[navigableId] to prompt.

  5. Let params be a map matching the bluetooth.RequestDevicePromptUpdatedParameters production with the context field set to navigableId, the prompt field set to promptId, and the devices field set to serialized devices.

  6. Let body be a map matching the bluetooth.RequestDevicePromptUpdated production, with the params field set to params.

  7. Let related navigables be a set containing navigable.

  8. For each session in the set of sessions for which an event is enabled given "bluetooth.requestDevicePromptUpdated" and related navigables:

    1. Emit an event with session and body.

13. Terminology and Conventions

This specification uses a few conventions and several terms from other specifications. This section lists those and links to their primary definitions.

When an algorithm in this specification uses a name defined in this or another specification, the name MUST resolve to its initial value, ignoring any changes that have been made to the name in the current execution environment. For example, when the requestDevice() algorithm says to call Array.prototype.map.call(filter.services, BluetoothUUID.getService), this MUST apply the Array.prototype.map algorithm defined in [ECMAScript] with filter.services as its this parameter and the algorithm defined in § 7.1 Standardized UUIDs for BluetoothUUID.getService as its callbackfn parameter, regardless of any modifications that have been made to window, Array, Array.prototype, Array.prototype.map, Function, Function.prototype, BluetoothUUID, BluetoothUUID.getService, or other objects.

This specification uses a read-only type that is similar to WebIDL’s FrozenArray.

[BLUETOOTH42]
  1. Architecture & Terminology Overview
    1. General Description
      1. Overview of Bluetooth Low Energy Operation (defines advertising events)
    2. Communication Topology and Operation
      1. Operational Procedures and Modes
        1. BR/EDR Procedures
          1. Inquiry (Discovering) Procedure
            1. Extended Inquiry Response
  2. Core System Package [BR/EDR Controller volume]
    1. Host Controller Interface Functional Specification
      1. HCI Commands and Events
        1. Informational Parameters
          1. Read BD_ADDR Command
        2. Status Parameters
          1. Read RSSI Command
  3. Core System Package [Host volume]
    1. Service Discovery Protocol (SDP) Specification
      1. Overview
        1. Searching for Services
          1. UUID (defines UUID aliases and the algorithm to compute the 128-bit UUID represented by a UUID alias)
    2. Generic Access Profile
      1. Profile Overview
        1. Profile Roles
          1. Roles when Operating over an LE Physical Transport
            1. Broadcaster Role
            2. Observer Role
            3. Peripheral Role
            4. Central Role
      2. User Interface Aspects
        1. Representation of Bluetooth Parameters
          1. Bluetooth Device Name (the user-friendly name)
      3. Idle Mode Procedures — BR/EDR Physical Transport
        1. Device Discovery Procedure
        2. BR/EDR Bonding Procedure
      4. Operational Modes and Procedures — LE Physical Transport
        1. Broadcast Mode and Observation Procedure
          1. Observation Procedure
        2. Discovery Modes and Procedures
          1. General Discovery Procedure
          2. Name Discovery Procedure
        3. Connection Modes and Procedures
        4. Bonding Modes and Procedures
          1. LE Bonding Procedure
      5. Security Aspects — LE Physical Transport
        1. Privacy Feature
        2. Random Device Address
          1. Static Address
          2. Private address
            1. Resolvable Private Address Resolution Procedure
      6. Advertising Data and Scan Response Data Format (defines AD structure)
      7. Bluetooth Device Requirements
        1. Bluetooth Device Address (defines BD_ADDR)
          1. Bluetooth Device Address Types
            1. Public Bluetooth Address
      8. Definitions (defines bond)
    3. Attribute Protocol (ATT)
      1. Protocol Requirements
        1. Basic Concepts
          1. Attribute Type
          2. Attribute Handle
          3. Long Attribute Values
        2. Attribute Protocol Pdus
          1. Error Handling
            1. Error Response
    4. Generic Attribute Profile (GATT)
      1. Profile Overview
        1. Configurations and Roles (defines GATT Client and GATT Server)
        2. Profile Fundamentals, defines the ATT Bearer
        3. Attribute Protocol
          1. Attribute Caching
        4. GATT Profile Hierarchy
          1. Service
          2. Included Services
          3. Characteristic
      2. Service Interoperability Requirements
        1. Service Definition
        2. Characteristic Definition
          1. Characteristic Declaration
            1. Characteristic Properties
          2. Characteristic Descriptor Declarations
            1. Characteristic Extended Properties
            2. Client Characteristic Configuration
      3. GATT Feature Requirements — defines the GATT procedures.
        1. Server Configuration
          1. Exchange MTU
        2. Primary Service Discovery
          1. Discover All Primary Services
          2. Discover Primary Service by Service UUID
        3. Relationship Discovery
          1. Find Included Services
        4. Characteristic Discovery
          1. Discover All Characteristics of a Service
          2. Discover Characteristics by UUID
        5. Characteristic Descriptor Discovery
          1. Discover All Characteristic Descriptors
        6. Characteristic Value Read
        7. Characteristic Value Write
          1. Write Without Response
          2. Write Characteristic Value
        8. Characteristic Value Notification
        9. Characteristic Value Indications
        10. Characteristic Descriptors
          1. Read Characteristic Descriptors
          2. Read Long Characteristic Descriptors
          3. Write Characteristic Descriptors
          4. Write Long Characteristic Descriptors
        11. Procedure Timeouts
      4. GAP Interoperability Requirements
        1. BR/EDR GAP Interoperability Requirements
          1. Connection Establishment
        2. LE GAP Interoperability Requirements
          1. Connection Establishment
      5. Defined Generic Attribute Profile Service
        1. Service Changed
    5. Security Manager Specification
      1. Security Manager
        1. Security in Bluetooth Low Energy
          1. Definition of Keys and Values, defines the Identity Resolving Key (IRK)
  4. Core System Package [Low Energy Controller volume]
    1. Link Layer Specification
      1. General Description
        1. Device Address
          1. Public Device Address
          2. Random Device Address
            1. Static Device Address
      2. Air Interface Protocol
        1. Non-Connected States
          1. Scanning State
            1. Passive Scanning
[BLUETOOTH-SUPPLEMENT6]
  1. Data Types Specification
    1. Data Types Definitions and Formats
      1. Service UUID Data Type
      2. Local Name Data Type
      3. Flags Data Type (defines the Discoverable Mode flags)
      4. Manufacturer Specific Data
      5. TX Power Level
      6. Service Data
      7. Appearance

Conformance

Document conventions

Conformance requirements are expressed with a combination of descriptive assertions and RFC 2119 terminology. The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in the normative parts of this document are to be interpreted as described in RFC 2119. However, for readability, these words do not appear in all uppercase letters in this specification.

All of the text of this specification is normative except sections explicitly marked as non-normative, examples, and notes. [RFC2119]

Examples in this specification are introduced with the words “for example” or are set apart from the normative text with class="example", like this:

This is an example of an informative example.

Informative notes begin with the word “Note” and are set apart from the normative text with class="note", like this:

Note, this is an informative note.

Index

Terms defined by this specification

Terms defined by reference

References

Normative References

[BLUETOOTH-ASSIGNED]
Assigned Numbers. Living Standard. URL: https://www.bluetooth.com/specifications/assigned-numbers/
[BLUETOOTH-SUPPLEMENT6]
Supplement to the Bluetooth Core Specification Version 6. 14 July 2015. URL: https://www.bluetooth.org/DocMan/handlers/DownloadDoc.ashx?doc_id=302735
[BLUETOOTH42]
BLUETOOTH SPECIFICATION Version 4.2. 2 December 2014. URL: https://www.bluetooth.org/DocMan/handlers/DownloadDoc.ashx?doc_id=286439
[DOM]
Anne van Kesteren. DOM Standard. Living Standard. URL: https://dom.spec.whatwg.org/
[ECMAScript]
ECMAScript Language Specification. URL: https://tc39.es/ecma262/multipage/
[ENCODING]
Anne van Kesteren. Encoding Standard. Living Standard. URL: https://encoding.spec.whatwg.org/
[FINGERPRINTING-GUIDANCE]
Nick Doty. Mitigating Browser Fingerprinting in Web Specifications. URL: https://w3c.github.io/fingerprinting-guidance/
[HTML]
Anne van Kesteren; et al. HTML Standard. Living Standard. URL: https://html.spec.whatwg.org/multipage/
[INFRA]
Anne van Kesteren; Domenic Denicola. Infra Standard. Living Standard. URL: https://infra.spec.whatwg.org/
[PAGE-VISIBILITY]
Jatinder Mann; Arvind Jain. Page Visibility (Second Edition). 29 October 2013. REC. URL: https://www.w3.org/TR/page-visibility/
[PERMISSIONS]
Marcos Caceres; Mike Taylor. Permissions. URL: https://w3c.github.io/permissions/
[PERMISSIONS-POLICY-1]
Ian Clelland. Permissions Policy. URL: https://w3c.github.io/webappsec-permissions-policy/
[RFC2119]
S. Bradner. Key words for use in RFCs to Indicate Requirement Levels. March 1997. Best Current Practice. URL: https://datatracker.ietf.org/doc/html/rfc2119
[RFC4122]
P. Leach; M. Mealling; R. Salz. A Universally Unique IDentifier (UUID) URN Namespace. July 2005. Proposed Standard. URL: https://www.rfc-editor.org/rfc/rfc4122
[WEBDRIVER-BIDI]
WebDriver BiDi. Editor's Draft. URL: https://w3c.github.io/webdriver-bidi/
[WEBDRIVER1]
Simon Stewart; David Burns. WebDriver. URL: https://w3c.github.io/webdriver/
[WEBDRIVER2]
Simon Stewart; David Burns. WebDriver. URL: https://w3c.github.io/webdriver/
[WEBHID]
WebHID API. Draft Community Group Report. URL: https://wicg.github.io/webhid/
[WEBIDL]
Edgar Chen; Timothy Gu. Web IDL Standard. Living Standard. URL: https://webidl.spec.whatwg.org/

Informative References

[CSP3]
Mike West; Antonio Sartori. Content Security Policy Level 3. URL: https://w3c.github.io/webappsec-csp/

IDL Index

dictionary BluetoothDataFilterInit {
  BufferSource dataPrefix;
  BufferSource mask;
};

dictionary BluetoothManufacturerDataFilterInit : BluetoothDataFilterInit {
  required [EnforceRange] unsigned short companyIdentifier;
};

dictionary BluetoothServiceDataFilterInit : BluetoothDataFilterInit {
  required BluetoothServiceUUID service;
};

dictionary BluetoothLEScanFilterInit {
  sequence<BluetoothServiceUUID> services;
  DOMString name;
  DOMString namePrefix;
  sequence<BluetoothManufacturerDataFilterInit> manufacturerData;
  sequence<BluetoothServiceDataFilterInit> serviceData;
};

dictionary RequestDeviceOptions {
  sequence<BluetoothLEScanFilterInit> filters;
  sequence<BluetoothLEScanFilterInit> exclusionFilters;
  sequence<BluetoothServiceUUID> optionalServices = [];
  sequence<unsigned short> optionalManufacturerData = [];
  boolean acceptAllDevices = false;
};

[Exposed=Window, SecureContext]
interface Bluetooth : EventTarget {
  Promise<boolean> getAvailability();
  attribute EventHandler onavailabilitychanged;
  [SameObject]
  readonly attribute BluetoothDevice? referringDevice;
  Promise<sequence<BluetoothDevice>> getDevices();
  Promise<BluetoothDevice> requestDevice(optional RequestDeviceOptions options = {});
};

Bluetooth includes BluetoothDeviceEventHandlers;
Bluetooth includes CharacteristicEventHandlers;
Bluetooth includes ServiceEventHandlers;

dictionary BluetoothPermissionDescriptor : PermissionDescriptor {
  DOMString deviceId;
  // These match RequestDeviceOptions.
  sequence<BluetoothLEScanFilterInit> filters;
  sequence<BluetoothServiceUUID> optionalServices = [];
  sequence<unsigned short> optionalManufacturerData = [];
  boolean acceptAllDevices = false;
};

dictionary AllowedBluetoothDevice {
  required DOMString deviceId;
  required boolean mayUseGATT;
  // An allowedServices of "all" means all services are allowed.
  required (DOMString or sequence<UUID>) allowedServices;
  required sequence<unsigned short> allowedManufacturerData;
};
dictionary BluetoothPermissionStorage {
  required sequence<AllowedBluetoothDevice> allowedDevices;
};

[Exposed=Window]
interface BluetoothPermissionResult : PermissionStatus {
  attribute FrozenArray<BluetoothDevice> devices;
};

[
  Exposed=Window,
  SecureContext
]
interface ValueEvent : Event {
  constructor(DOMString type, optional ValueEventInit initDict = {});
  readonly attribute any value;
};

dictionary ValueEventInit : EventInit {
  any value = null;
};

[Exposed=Window, SecureContext]
interface BluetoothDevice : EventTarget {
  readonly attribute DOMString id;
  readonly attribute DOMString? name;
  readonly attribute BluetoothRemoteGATTServer? gatt;

  Promise<undefined> forget();
  Promise<undefined> watchAdvertisements(
      optional WatchAdvertisementsOptions options = {});
  readonly attribute boolean watchingAdvertisements;
};
BluetoothDevice includes BluetoothDeviceEventHandlers;
BluetoothDevice includes CharacteristicEventHandlers;
BluetoothDevice includes ServiceEventHandlers;

dictionary WatchAdvertisementsOptions {
  AbortSignal signal;
};

[Exposed=Window, SecureContext]
interface BluetoothManufacturerDataMap {
  readonly maplike<unsigned short, DataView>;
};
[Exposed=Window, SecureContext]
interface BluetoothServiceDataMap {
  readonly maplike<UUID, DataView>;
};
[
  Exposed=Window,
  SecureContext
]
interface BluetoothAdvertisingEvent : Event {
  constructor(DOMString type, BluetoothAdvertisingEventInit init);
  [SameObject]
  readonly attribute BluetoothDevice device;
  readonly attribute FrozenArray<UUID> uuids;
  readonly attribute DOMString? name;
  readonly attribute unsigned short? appearance;
  readonly attribute byte? txPower;
  readonly attribute byte? rssi;
  [SameObject]
  readonly attribute BluetoothManufacturerDataMap manufacturerData;
  [SameObject]
  readonly attribute BluetoothServiceDataMap serviceData;
};
dictionary BluetoothAdvertisingEventInit : EventInit {
  required BluetoothDevice device;
  sequence<(DOMString or unsigned long)> uuids;
  DOMString name;
  unsigned short appearance;
  byte txPower;
  byte rssi;
  BluetoothManufacturerDataMap manufacturerData;
  BluetoothServiceDataMap serviceData;
};

[Exposed=Window, SecureContext]
interface BluetoothRemoteGATTServer {
  [SameObject]
  readonly attribute BluetoothDevice device;
  readonly attribute boolean connected;
  Promise<BluetoothRemoteGATTServer> connect();
  undefined disconnect();
  Promise<BluetoothRemoteGATTService> getPrimaryService(BluetoothServiceUUID service);
  Promise<sequence<BluetoothRemoteGATTService>>
    getPrimaryServices(optional BluetoothServiceUUID service);
};

[Exposed=Window, SecureContext]
interface BluetoothRemoteGATTService : EventTarget {
  [SameObject]
  readonly attribute BluetoothDevice device;
  readonly attribute UUID uuid;
  readonly attribute boolean isPrimary;
  Promise<BluetoothRemoteGATTCharacteristic>
    getCharacteristic(BluetoothCharacteristicUUID characteristic);
  Promise<sequence<BluetoothRemoteGATTCharacteristic>>
    getCharacteristics(optional BluetoothCharacteristicUUID characteristic);
  Promise<BluetoothRemoteGATTService>
    getIncludedService(BluetoothServiceUUID service);
  Promise<sequence<BluetoothRemoteGATTService>>
    getIncludedServices(optional BluetoothServiceUUID service);
};
BluetoothRemoteGATTService includes CharacteristicEventHandlers;
BluetoothRemoteGATTService includes ServiceEventHandlers;

[Exposed=Window, SecureContext]
interface BluetoothRemoteGATTCharacteristic : EventTarget {
  [SameObject]
  readonly attribute BluetoothRemoteGATTService service;
  readonly attribute UUID uuid;
  readonly attribute BluetoothCharacteristicProperties properties;
  readonly attribute DataView? value;
  Promise<BluetoothRemoteGATTDescriptor> getDescriptor(BluetoothDescriptorUUID descriptor);
  Promise<sequence<BluetoothRemoteGATTDescriptor>>
    getDescriptors(optional BluetoothDescriptorUUID descriptor);
  Promise<DataView> readValue();
  Promise<undefined> writeValue(BufferSource value);
  Promise<undefined> writeValueWithResponse(BufferSource value);
  Promise<undefined> writeValueWithoutResponse(BufferSource value);
  Promise<BluetoothRemoteGATTCharacteristic> startNotifications();
  Promise<BluetoothRemoteGATTCharacteristic> stopNotifications();
};
BluetoothRemoteGATTCharacteristic includes CharacteristicEventHandlers;

[Exposed=Window, SecureContext]
interface BluetoothCharacteristicProperties {
  readonly attribute boolean broadcast;
  readonly attribute boolean read;
  readonly attribute boolean writeWithoutResponse;
  readonly attribute boolean write;
  readonly attribute boolean notify;
  readonly attribute boolean indicate;
  readonly attribute boolean authenticatedSignedWrites;
  readonly attribute boolean reliableWrite;
  readonly attribute boolean writableAuxiliaries;
};

[Exposed=Window, SecureContext]
interface BluetoothRemoteGATTDescriptor {
  [SameObject]
  readonly attribute BluetoothRemoteGATTCharacteristic characteristic;
  readonly attribute UUID uuid;
  readonly attribute DataView? value;
  Promise<DataView> readValue();
  Promise<undefined> writeValue(BufferSource value);
};

[SecureContext]
interface mixin CharacteristicEventHandlers {
  attribute EventHandler oncharacteristicvaluechanged;
};

[SecureContext]
interface mixin BluetoothDeviceEventHandlers {
  attribute EventHandler onadvertisementreceived;
  attribute EventHandler ongattserverdisconnected;
};

[SecureContext]
interface mixin ServiceEventHandlers {
  attribute EventHandler onserviceadded;
  attribute EventHandler onservicechanged;
  attribute EventHandler onserviceremoved;
};

typedef DOMString UUID;

[Exposed=Window]
interface BluetoothUUID {
  static UUID getService((DOMString or unsigned long) name);
  static UUID getCharacteristic((DOMString or unsigned long) name);
  static UUID getDescriptor((DOMString or unsigned long) name);

  static UUID canonicalUUID([EnforceRange] unsigned long alias);
};

typedef (DOMString or unsigned long) BluetoothServiceUUID;
typedef (DOMString or unsigned long) BluetoothCharacteristicUUID;
typedef (DOMString or unsigned long) BluetoothDescriptorUUID;

[SecureContext]
partial interface Navigator {
  [SameObject]
  readonly attribute Bluetooth bluetooth;
};

Issues Index

See § 3 Privacy considerations section. [Issue #575]
In practice, the device list is dynamically updated while a prompt is open. The spec text currently does not reflect that but this event might be emitted multiple times with the same promptId and the fresh device list. See https://github.com/WebBluetoothCG/web-bluetooth/issues/621.
TODO: Nail down the amount of time.
Support asynchronous device discovery.
Both passive scanning and the Privacy Feature avoid leaking the unique, immutable device ID. We ought to require UAs to use either one, but none of the OS APIs appear to expose either. Bluetooth also makes it hard to use passive scanning since it doesn’t require Central devices to support the Observation Procedure.
All forms of BR/EDR inquiry/discovery appear to leak the unique, immutable device address.
We need a way for a site to register to receive an event when an interesting device comes within range.
Such a generic event type belongs in [HTML] or [DOM], not here.
Implementations may be able to avoid this NetworkError, but for now sites need to serialize their use of this API and/or give the user a way to retry failed operations. [Issue #188]
Implementations may be able to avoid this NetworkError, but for now sites need to serialize their use of this API and/or give the user a way to retry failed operations. [Issue #188]
Implementations may be able to avoid this NetworkError, but for now sites need to serialize their use of this API and/or give the user a way to retry failed operations. [Issue #188]
This method is for backwards compatibility only. New implementations should not implement this method. [Issue #238]
Implementations may be able to avoid this NetworkError, but for now sites need to serialize their use of this API and/or give the user a way to retry failed operations. [Issue #188]
Characteristic Extended Properties isn’t clear whether the extended properties are immutable for a given Characteristic. If they are, the UA should be allowed to cache them.
Implementations may be able to avoid this NetworkError, but for now sites need to serialize their use of this API and/or give the user a way to retry failed operations. [Issue #188]
Implementations may be able to avoid this NetworkError, but for now sites need to serialize their use of this API and/or give the user a way to retry failed operations. [Issue #188]
CDDL snippetes use the "text" type instead of "browsingContext.BrowsingContext" to allow indepedent programmatic processing of CDDL snippets. Currently, other modules cannot be referenced.
Inserting data into variables from another algorithm is not well defined. The scan for devices algorithm needs to define asynchronous device discovery in order to match implementations.
MDN

Bluetooth/availabilitychanged_event

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for AndroidNoneAndroid WebView?Samsung Internet?Opera Mobile?
MDN

Bluetooth/availabilitychanged_event

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for AndroidNoneAndroid WebView?Samsung Internet?Opera Mobile?
MDN

Bluetooth/getAvailability

In only one current engine.

FirefoxNoneSafariNoneChrome78+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

Bluetooth/getDevices

In only one current engine.

FirefoxNoneSafariNoneChrome🔰 85+
Opera?Edge🔰 85+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebView?Samsung Internet?Opera Mobile?
MDN

Bluetooth/requestDevice

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

Bluetooth

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)NoneIENone
Firefox for Android?iOS Safari?Chrome for Android56+Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothCharacteristicProperties/authenticatedSignedWrites

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothCharacteristicProperties/broadcast

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothCharacteristicProperties/indicate

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothCharacteristicProperties/notify

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothCharacteristicProperties/read

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothCharacteristicProperties/reliableWrite

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothCharacteristicProperties/writableAuxiliaries

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothCharacteristicProperties/write

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothCharacteristicProperties/writeWithoutResponse

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothCharacteristicProperties

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)NoneIENone
Firefox for Android?iOS Safari?Chrome for Android56+Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothDevice/gatt

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothDevice/id

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothDevice/name

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothDevice

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)NoneIENone
Firefox for Android?iOS Safari?Chrome for Android56+Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothRemoteGATTCharacteristic/getDescriptor

In only one current engine.

FirefoxNoneSafariNoneChrome57+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothRemoteGATTCharacteristic/getDescriptors

In only one current engine.

FirefoxNoneSafariNoneChrome57+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothRemoteGATTCharacteristic/properties

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothRemoteGATTCharacteristic/readValue

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothRemoteGATTCharacteristic/service

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothRemoteGATTCharacteristic/startNotifications

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothRemoteGATTCharacteristic/stopNotifications

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothRemoteGATTCharacteristic/uuid

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothRemoteGATTCharacteristic/value

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothRemoteGATTCharacteristic/writeValueWithoutResponse

In only one current engine.

FirefoxNoneSafariNoneChrome85+
Opera?Edge85+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothRemoteGATTCharacteristic/writeValueWithResponse

In only one current engine.

FirefoxNoneSafariNoneChrome85+
Opera?Edge85+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothRemoteGATTCharacteristic

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)NoneIENone
Firefox for Android?iOS Safari?Chrome for Android56+Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothRemoteGATTDescriptor/characteristic

In only one current engine.

FirefoxNoneSafariNoneChrome57+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile44+
MDN

BluetoothRemoteGATTDescriptor/readValue

In only one current engine.

FirefoxNoneSafariNoneChrome57+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile44+
MDN

BluetoothRemoteGATTDescriptor/uuid

In only one current engine.

FirefoxNoneSafariNoneChrome57+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile44+
MDN

BluetoothRemoteGATTDescriptor/value

In only one current engine.

FirefoxNoneSafariNoneChrome57+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile44+
MDN

BluetoothRemoteGATTDescriptor/writeValue

In only one current engine.

FirefoxNoneSafariNoneChrome57+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile44+
MDN

BluetoothRemoteGATTDescriptor

In only one current engine.

FirefoxNoneSafariNoneChrome57+
Opera?Edge79+
Edge (Legacy)NoneIENone
Firefox for Android?iOS Safari?Chrome for Android57+Android WebViewNoneSamsung Internet?Opera Mobile44+
MDN

BluetoothRemoteGATTServer/connect

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothRemoteGATTServer/connected

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothRemoteGATTServer/device

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothRemoteGATTServer/disconnect

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothRemoteGATTServer/getPrimaryService

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothRemoteGATTServer/getPrimaryServices

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothRemoteGATTServer

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)NoneIENone
Firefox for Android?iOS Safari?Chrome for Android56+Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothRemoteGATTService/device

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothRemoteGATTService/getCharacteristic

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothRemoteGATTService/getCharacteristics

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothRemoteGATTService/isPrimary

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothRemoteGATTService/uuid

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothRemoteGATTService

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)NoneIENone
Firefox for Android?iOS Safari?Chrome for Android56+Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothUUID/canonicalUUID_static

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothUUID/getCharacteristic_static

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothUUID/getDescriptor_static

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothUUID/getService_static

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)?IENone
Firefox for Android?iOS Safari?Chrome for Android?Android WebViewNoneSamsung Internet?Opera Mobile?
MDN

BluetoothUUID

In only one current engine.

FirefoxNoneSafariNoneChrome56+
Opera?Edge79+
Edge (Legacy)NoneIENone
Firefox for Android?iOS Safari?Chrome for Android56+Android WebViewNoneSamsung Internet?Opera Mobile?