Matter Over Thread pairing

[Wuou]

Hello, may I ask if the Matter Over Thread device can be paired using the Thread border route of the third party without using Apple Hub?

[below]

This is precisely what this sample is for. If you are using Apple HomeKit, all of this is unnecessary.

[Wuou]

This is precisely what this sample is for. If you are using Apple HomeKit, all of this is unnecessary.

Thank you for your answer. It was very helpful. I am using the ESP32 Thread border route, but the first step when pairing Thread devices gives an error. I'm still using the process of pairing with over wifi devices. I do not know whether the Thread device process is not the same.
The device said that the Thread network information was wrong when pairing, but my APP didn't even go to the selectThreadNetwork step.
So, does the APP need to set up ThreadNetwork first?
It looks like this:

guard
        let extendedPANID = "DEAD00BEEF00CAFF".toHexData(),
              let mKey = "00112233445566778899aabbccddeeff".toHexData(),
        let pskc = "104810e2315100afd6bc9215a6bfac53".toHexData(),
        let panId = "1234".toHexData(),
        let bid = "b844475afeea169b7eed957464179127".toHexData() else { return }
        
        let tod = MTRThreadOperationalDataset(networkName: "OpenThread-ESP", extendedPANID: extendedPANID, masterKey: mKey, psKc: pskc, channelNumber: NSNumber(value: 25), panID: panId)
        guard let data = tod?.data() else { return }
        ThreadCredentialsManager.shared.saveThreadOperationalCredentials(activeOpsDataset: data, borderAgentId: bid) { flag in
            print("save  ->  \(flag) ")
        }

And then initiate matching:

Take the first step

var request = MatterAddDeviceRequest(topology: topology)
request.perform()

2, then get selectThreadNetwork callback information, set the thread network and Keychain new sharing code

Finally, match the Matter

guard let payload = try?  MTRSetupPayload(onboardingPayload: onboardingPayload) else {
completion(false)
return
}

try deviceController? .setupCommissioningSession(with: payload, newNodeID: commissioningDeviceID)

[Wuou]

This is precisely what this sample is for. If you are using Apple HomeKit, all of this is unnecessary.

On Android, enter the extendedPANID, masterKey, panID and other parameters before initiating the pairing

But iOS is different, there's no place to set these parameters initially, so I'm not sure if I'm doing it right

I did a lot of searching, but there was no detailed explanation, so I wonder if Apple has limited the use of the Home Hub to pair Thread devices. Can't the self-developed app use Matter and MatterSupport to complete the pairing of Thread devices
Could you help me see it? Thank you very much

[below]

I did a lot of searching, but there was no detailed explanation
There isn't much, as not many people are using this API

Can't the self-developed app use Matter and MatterSupport to complete the pairing of Thread devices

Of course it can. Step one: Do you have the com.apple.developer.networking.manage-thread-network-credentials entitlement?

[Wuou]

I did a lot of searching, but there was no detailed explanation
There isn't much, as not many people are using this API

Can't the self-developed app use Matter and MatterSupport to complete the pairing of Thread devices

Of course it can. Step one: Do you have the com.apple.developer.networking.manage-thread-network-credentials entitlement?

Yes, I've added com.apple.developer.networking.manage-thread-network-credentials permissions. ThreadNetwork profiles are installed on both phones and mac. When I call storeCredentials (forBorderAgent: activeOperationalDataSet:), tip error "Couldn 't communicate with a helper application."

[below]

One tip I can give you: Your THClient should not be allocated locally but should live long enough for the operation to finish.

I am pulling the borderAgent ID out of the xa key out of the TXTRecord for the router, and the active Operational Data Set from the TBR itself.

[Wuou]

One tip I can give you: Your THClient should not be allocated locally but should live long enough for the operation to finish.

I am pulling the borderAgent ID out of the xa key out of the TXTRecord for the router, and the active Operational Data Set from the TBR itself.

I'm a little confused about THClient should not be allocated locally but should live long enough for the operation to finish. What should I do specifically?

I have tried before, through the tool DNSServerBrowser can get TXTRecord, but I do not know how to use this information, how should it be used in the Thread pairing process?

[below]

A call like this: THClient().storeCredentials(forBorderAgent:activeOperationalDataSet:) will fail. You need to assign THClient() to a variable that lives long enough for the callback to be executed.

        const char * xaKey = "xa";
        NSData * xa = nil;
        if (TXTRecordContainsKey(txtLen, txtRecord, xaKey)) {
            uint8_t valueLen;
            const void * valueStore = TXTRecordGetValuePtr(txtLen, txtRecord, xaKey, &valueLen);
            if (valueStore != nil) {
                xa = [NSData dataWithBytes:valueStore length:valueLen];
            }
        }

[Wuou]

Ok thanks, so how do I get the Active Operation Dataset from the TBR? I'm getting a bit clearer, so the first step to thread pairing is to get the agentid and activeOperationalDataSet via dns services, and then call storeCredentials to store that information. Finally, you can initiate a pairing, and then the process will be the same as the wifi pairing process, right?

[below]

That sounds like the way to go. How you get the operational data set depends on your TBR, it is basically a secret and you should treat it as such. Therefore, it is not in the DNS record.

You need to consult the documentation of your TBR setup or C2 Controller to get it

[Wuou]

Okay, thanks. I understand. I'd like to test the process by writing dead parameters locally first. Thank you very much for your answer. I will try to pair thread devices again according to this process with actual devices next Monday

[Wuou]

Hi, I just tried to call storeCredentials by writing Thread credentials, and it gave me an error with "Invalid parameter sent to server..." Do you know why？

[below]

Weird. The "server" here is probably the keychain. Currently, I have no active setup to test this.

Is this a professional project? Apple is usually very supportive there. And please keep us updated on the progress

[Wuou]

Weird. The "server" here is probably the keychain. Currently, I have no active setup to test this.

Is this a professional project? Apple is usually very supportive there. And please keep us updated on the progress

I'm using your ThreadCredentialSample project and I'm getting an error when I try to set it. Are there special requirements for borderAgentID or activeOperationalDataSet?

I don't have a physical device at the moment, and I will have it next Monday

[below]

Is this a valid DataSet? What are you using as your controller and Thread Border Router? If you have no hardware, I doubt this works

[Wuou]

Is this a valid DataSet? What are you using as your controller and Thread Border Router? If you have no hardware, I doubt this works

No, I just press the test data on ThreadCredentialSample and run it on my phone, I don't have TBR at home.

So, in calling storeCredentials, do we have to make sure have a TBR on current WiFI LAN?? 🤔Maybe it is

[Wuou]

So, we really need a running TBR, right?🤔

[below]

Exactly. If iOS can't verify the dataset, it will not store it

[Wuou]

Hahaha, the Thread device is finally paired.😁

Thanks for your help, bro

[Wuou]

Apple's ThreadNetwork permissions seem to limit it to development mode，Do we need to apply for permission when we officially launch the APP? 😭

[below]

Yes, you need to officially apply for the Entitlement

[Wuou]

Yes, you need to officially apply for the Entitlement

Ok, thank you

[Wuou]

Hi, can the borderAgentID be obtained from the TBR device itself? My equipment personnel have been searching for a long time and don't know how to obtain it. What he got is ESP32 AgeneID: d2a04e422fd6cc1015a628f8c83ec0b6, which is different from the 66c63cfeaef054e0 I parsed from TXTRecord

[below]

Phew, in theory it should be, because it originates there. But that very much depends on the device you are using

[Wuou]

Phew, in theory it should be, because it originates there. But that very much depends on the device you are using

Yes, we also think the same way, but we haven't found the corresponding method yet. Let's continue to study it

[JoeyYang2010]

Apple's ThreadNetwork permissions seem to limit it to development mode，Do we need to apply for permission when we officially launch the APP? 😭

@Wuou Do you have same issue when push version to testflight?

[JoeyYang2010]

So, we really need a running TBR, right?🤔

@Wuou Do you mean we have to open border router, when app save the dataset?

[Wuou]

So, we really need a running TBR, right?🤔

@Wuou Do you mean we have to open border router, when app save the dataset?

Yes, development permissions cannot be packaged on TestFlight. When saving TBR credentials, you must ensure that there is an active TBR

[JoeyYang2010]

@below @Wuou When I submit a request to Apple to get Thread credentials, they give me a questionnaire and they say word as above, so I am wondering why we have to store thread credentials first and then response extended PANID in "MatterAddDeviceExtensionRequestHandler", maybe we can just return dataset in "MatterAddDeviceExtensionRequestHandler" so that we will not need Thread credentials from Apple.

[Wuou]

@below @Wuou When I submit a request to Apple to get Thread credentials, they give me a questionnaire and they say word as above, so I am wondering why we have to store thread credentials first and then response extended PANID in "MatterAddDeviceExtensionRequestHandler", maybe we can just return dataset in "MatterAddDeviceExtensionRequestHandler" so that we will not need Thread credentials from Apple.

You can have a try. I haven't applied yet. If there is any result, please inform me in time

[JoeyYang2010]

@below @Wuou I still have problems when saving thread credentials, I've added com.apple.developer.networking.manage-thread-network-credentials permissions. ThreadNetwork profiles are installed on both phones and mac. When I call storeCredentials (forBorderAgent: activeOperationalDataSet:).

The error is: Error Domain=ThreadCredentialsStore Code=4 "Invalid parameter sent to server..." UserInfo={NSLocalizedDescription=Invalid parameter sent to server...}.

When I invoke storeCredentials, it will return error immediately, I am thinking it should scan for a while and should not return error so fast, feel like I miss some configure.Did you do other steps to make this work?
Also did you know how to get borderagentID from TBR, like a cmd I can invoke in my TBR?

[JoeyYang2010]

@Wuou @below Suddenly find the error my border agent id format is wrong, but how to get the border agent id?

[below]

You do not need to manage thread credentials UNLESS you have your own Thread Border Router.

I am wondering what your use case and setup is? Is this for academia, or is there a product behind this?

Are you just trying to understand how this works, or do you have another objective?

[JoeyYang2010]

You do not need to manage thread credentials UNLESS you have your own Thread Border Router.

I am wondering what your use case and setup is? Is this for academia, or is there a product behind this?

Are you just trying to understand how this works, or do you have another objective?

We are developing mobile app, thread sensor and thread border router. We just figured out how to get border agent id from TBR, but we still fail pairing, we are still checking TBR's logs.

[JoeyYang2010]

@below I find in your code there is a "com.apple.developer.networking.multicast", does this necessary for thread commission?