Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why does GMS require a Google Account for Matter device comissioning? #168

Open
zimmyxyz opened this issue Sep 12, 2023 · 21 comments
Open

Why does GMS require a Google Account for Matter device comissioning? #168

zimmyxyz opened this issue Sep 12, 2023 · 21 comments
Labels
question Further information is requested

Comments

@zimmyxyz
Copy link

zimmyxyz commented Sep 12, 2023
edited

Curious if anyone can explain the rationale of requiring an Internet connection and a Google Account to commission Matter devices with GMS? Please see home-assistant/android#3859 (comment) for my problem

Is it trying to auth to Google to pull down a picture of the device to display at the end of the commissioning UI flow? I don't understand.
@pierredelisle
Copy link
Contributor

This is using the "Google Home Application" (GHA), right?
Have you tried with the sample app in this GitHub project?

@pierredelisle pierredelisle added the question Further information is requested label Sep 14, 2023
@zimmyxyz
Copy link
Author

zimmyxyz commented Sep 14, 2023
edited

This is using the "Google Home Application" (GHA), right?

@pierredelisle Home Assistant is using the same com.google.android.gms.home.matter.* Google Home SDK APIs for commissioning Matter (and Matter over Thread) devices just like this sample project is.

Have you tried with the sample app in this GitHub project?

I'm assuming this sample app only supports using a Google Nest? I ran through the sample app's Matter commissioning flow for the same Thread device that failed to commission in Home Assistant Companion (even though the sample app doesn't have a Matter controller or Thread border router to use). It failed to commission the device with the same exact error as Home Assistant, attempting to make an authenticated API request to Google's servers. I still don't understand why GMS/Google Home Mobile SDK is requiring you to have a Google account and Internet. This makes it impossible to use Matter on an offline network:

E  Vibration finished, cleaning up
E  E0000 00:00:1694735269.059198   23960 chip_logging.cc:15] CHIP: SPT: JavaVM is already set
E  E0000 00:00:1694735269.061944   23960 configuration_manager_impl.cc:232] Not implemented reached in virtual CHIP_ERROR chip::DeviceLayer::ConfigurationManagerImpl::GetFirmwareBuildChipEpochTime(System::Clock::Seconds32 &)
E  E0000 00:00:1694735269.061959   23960 chip_logging.cc:15] CHIP: TS: Failed to init Last Known Good Time: third_party/connectedhomeip/current/src/platform/google/configuration_manager_impl.cc:233: CHIP Error 0x000000A0: Value not found in the persisted storage
E  E0000 00:00:1694735269.065928   23960 chip_logging.cc:15] CHIP: FP: Failed to update pending Last Known Good Time: third_party/connectedhomeip/current/src/credentials/LastKnownGoodTime.cpp:173: CHIP Error 0x00000003: Incorrect state
E  E0000 00:00:1694735269.065957   23960 chip_logging.cc:15] CHIP: TS: Failed to commit Last Known Good Time: third_party/connectedhomeip/current/src/credentials/LastKnownGoodTime.cpp:192: CHIP Error 0x00000003: Incorrect state
E  E0000 00:00:1694735269.065964   23960 chip_logging.cc:15] CHIP: FP: Failed to commit Last Known Good Time: third_party/connectedhomeip/current/src/credentials/LastKnownGoodTime.cpp:192: CHIP Error 0x00000003: Incorrect state
E  E0000 00:00:1694735269.066863   24001 connectivity_manager_impl.cc:47] Not implemented reached in void chip::DeviceLayer::ConnectivityManagerImpl::_OnPlatformEvent(const chip::DeviceLayer::ChipDeviceEvent *)
E  [ERROR:l2c_ble.cc(326)] linkstate 0
E  BTM_SetBleDataLength failed, peer does not support request
E  bta_dm_acl_change new acl connetion:count = 1
E  [ERROR:bta_gattc_cache.cc(723)] bta_gattc_cache_load: can't open GATT cache file /data/misc/bluetooth/gatt_cache_XXX for reading, error: No such file or directory
E  Category is disabled or Not satisfied with Action value
E  triggerId is null
E  btif_gattc_upstreams_evt: Unhandled event (8)!
E  bta_gattc_process_indicate, ignore HID ind/notificiation
E  bta_gattc_process_indicate, ignore HID ind/notificiation
E  bta_gattc_process_indicate, ignore HID ind/notificiation
E  bta_gattc_process_indicate, ignore HID ind/notificiation
E  bta_gattc_process_indicate, ignore HID ind/notificiation
E  bta_gattc_process_indicate, ignore HID ind/notificiation
E  bta_gattc_process_indicate, ignore HID ind/notificiation
E  bta_gattc_process_indicate, ignore HID ind/notificiation
E  bta_gattc_process_indicate, ignore HID ind/notificiation
E  bta_gattc_process_indicate, ignore HID ind/notificiation
E  bta_gattc_process_indicate, ignore HID ind/notificiation
E  bta_gattc_process_indicate, ignore HID ind/notificiation
E  bta_gattc_process_indicate, ignore HID ind/notificiation
E  bta_gattc_process_indicate, ignore HID ind/notificiation
E  bta_gattc_process_indicate, ignore HID ind/notificiation
E  bta_gattc_process_indicate, ignore HID ind/notificiation
E  Failed to load device info. [CONTEXT service_id=336 ]
   m.fwx: RPC GetDeviceSetupData returned code UNAUTHENTICATED; Sherlog for GetDeviceSetupData is needed to diagnose.
   	at m.fyb.b(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):314)
   	at m.qiw.bJ(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):14)
   	at m.qqy.run(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):114)
   	at m.dud.c(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):50)
   	at m.dud.run(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):76)
   	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
   	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
   	at aifk.run(:com.google.android.gms@233414028@23.34.14 (100400-560151436):8)
   	at java.lang.Thread.run(Thread.java:919)
   Caused by: m.plu: UNAUTHENTICATED: Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
   	at m.dsn.m(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):17)
   	at m.dsn.l(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):170)
   	at m.fwb.a(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):162)
   	at m.fyb.b(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):166)
   	at m.qiw.bJ(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):14) 
   	at m.qqy.run(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):114) 
   	at m.dud.c(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):50) 
   	at m.dud.run(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):76) 
   	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167) 
   	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641) 
   	at aifk.run(:com.google.android.gms@233414028@23.34.14 (100400-560151436):8) 
   	at java.lang.Thread.run(Thread.java:919) 
E  bta_gattc_process_indicate, ignore HID ind/notificiation
E  bta_gattc_process_indicate, ignore HID ind/notificiation
E  Commissioning failed with state Failure obtaining credentials. [CONTEXT service_id=336 ]
   m.evt: Failed to retrieve nonces.
   	at m.ewx.h(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):101)
   	at m.ews.b(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):12)
   	at m.qiw.bJ(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):14)
   	at m.qqy.run(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):106)
   	at android.os.Handler.handleCallback(Handler.java:883)
   	at android.os.Handler.dispatchMessage(Handler.java:100)
   	at android.os.Looper.loop(Looper.java:214)
   	at android.app.ActivityThread.main(ActivityThread.java:7615)
   	at java.lang.reflect.Method.invoke(Native Method)
   	at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:492)
   	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:964)
   Caused by: m.fwx: RPC GetCommissioningNonce returned code UNAUTHENTICATED; Sherlog for GetCommissioningNonce is needed to diagnose.
   	at m.fyb.b(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):314)
   	at m.qiw.bJ(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):14)
   	at m.qqy.run(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):114)
   	at m.dud.c(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):50)
   	at m.dud.run(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):76)
   	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
   	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
   	at aifk.run(:com.google.android.gms@233414028@23.34.14 (100400-560151436):8)
   	at java.lang.Thread.run(Thread.java:919)
   Caused by: m.plu: UNAUTHENTICATED: Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
   	at m.dsn.m(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):17)
   	at m.dsn.l(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):170)
   	at m.fvn.a(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):37)
   	at m.fvz.a(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):49)
   	at m.fyb.b(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):166)
   	at m.qiw.bJ(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):14) 
   	at m.qqy.run(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):114) 
   	at m.dud.c(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):50) 
   	at m.dud.run(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):76) 
   	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167) 
   	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641) 
   	at aifk.run(:com.google.android.gms@233414028@23.34.14 (100400-560151436):8) 
   	at java.lang.Thread.run(Thread.java:919) 
E  [ERROR:bta_gattc_utils.cc(458)] bta_gattc_mark_bg_conn unable to find the bg connection mask for bd_addr=XXX
E  Showing error status. [CONTEXT service_id=336 ]
   m.gin: Failed to retrieve nonces.
   	at m.gpo.a(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):401)
   	at m.qxc.a(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):84)
   	at m.qzg.a(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):3)
   	at m.qzf.a(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):137)
   	at m.ele.b(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):362)
   	at m.qiw.bJ(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):14)
   	at m.qqy.run(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):106)
   	at android.os.Handler.handleCallback(Handler.java:883)
   	at android.os.Handler.dispatchMessage(Handler.java:100)
   	at android.os.Looper.loop(Looper.java:214)
   	at android.app.ActivityThread.main(ActivityThread.java:7615)
   	at java.lang.reflect.Method.invoke(Native Method)
   	at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:492)
   	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:964)
   Caused by: m.evt: Failed to retrieve nonces.
   	at m.ewx.h(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):101)
   	at m.ews.b(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):12)
   	at m.qiw.bJ(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):14) 
   	at m.qqy.run(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):106) 
   	at android.os.Handler.handleCallback(Handler.java:883) 
   	at android.os.Handler.dispatchMessage(Handler.java:100) 
   	at android.os.Looper.loop(Looper.java:214) 
   	at android.app.ActivityThread.main(ActivityThread.java:7615) 
   	at java.lang.reflect.Method.invoke(Native Method) 
   	at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:492) 
   	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:964) 
   Caused by: m.fwx: RPC GetCommissioningNonce returned code UNAUTHENTICATED; Sherlog for GetCommissioningNonce is needed to diagnose.
   	at m.fyb.b(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):314)
   	at m.qiw.bJ(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):14)
   	at m.qqy.run(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):114)
   	at m.dud.c(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):50)
   	at m.dud.run(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):76)
   	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
   	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
   	at aifk.run(:com.google.android.gms@233414028@23.34.14 (100400-560151436):8)
   	at java.lang.Thread.run(Thread.java:919)
   Caused by: m.plu: UNAUTHENTICATED: Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
   	at m.dsn.m(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):17)
   	at m.dsn.l(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):170)
   	at m.fvn.a(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):37)
   	at m.fvz.a(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):49)
   	at m.fyb.b(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):166)
   	at m.qiw.bJ(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):14) 
   	at m.qqy.run(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):114) 
   	at m.dud.c(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):50) 
   	at m.dud.run(:com.google.android.gms.optional_home@233414065@23.34.14 (100400-0):76) 
   	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167) 
   	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641) 
   	at aifk.run(:com.google.android.gms@233414028@23.34.14 (100400-560151436):8) 
   	at java.lang.Thread.run(Thread.java:919) 

Matter devices should be usable end-to-end without Internet, a Google account or "the cloud", this includes commissioning them.

@pierredelisle
Copy link
Contributor

Possible to know which device you are trying to commission? What's the VID/PID?

@zimmyxyz
Copy link
Author

@pierredelisle, this a Nanoleaf Matter over Thread BR30 lightbulb: https://nanoleaf.me/en-US/products/essentials/bulbs/?category=BR30-E26&standard=matter&size=3

From "Commissionable Devices" in the Sample App:
VID: 0x115A
PID: 0x0035

I have many other Matter over Thread devices from other vendors I can try too if needed.

@pierredelisle
Copy link
Contributor

Thanks. Do you have a Google Thread border router (e.g. Nest Hub)? Was it commissioned via GHA?

@zimmyxyz
Copy link
Author

zimmyxyz commented Sep 15, 2023
edited

Thanks. Do you have a Google Thread border router (e.g. Nest Hub)?

I don't have a Nest, or even a Google account. I only have access to an OpenThread Border Router using a USB radio dongle (https://www.home-assistant.io/skyconnect/) & Home Assistant (to serve as a Matter Controller).

Was it commissioned via GHA?

I just compiled and ran the GHSAFM-3p-ecosystem app on my smartphone and went through the Set up without QR code process by punching in the code for device pairing while the lightbulb was in pairing mode (even though there's no Google Thread border router for the sample app to provide generated credentials to).

@pierredelisle
Copy link
Contributor

A Thread Border Router is needed to support the commissioning of a Matter Thread device. If a Thread Border Router has been commissioned via GHA, then the Thread credentials are available via the Google Home APIs. Any app that uses these APIs will then be able to commission Matter Thread devices.

If you commission a WiFi Matter device, then this is not required, and your device can be commissioned by simply using the sample app.

@zimmyxyz
Copy link
Author

zimmyxyz commented Sep 15, 2023
edited

Sorry, but I'm still not understanding why a Google account is needed to use the Google Home SDK API for Matter over Thread device commissioning. Since I already have a Thread border router and Matter controller connected I should be able to commission devices without "the cloud" or Internet by sending the generated credentials to them directly over my LAN.

I'm specifically speaking about the error line: UNAUTHENTICATED: Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project. in the stacktrace I posted above.

Are you saying that the device commissioning flow is:

Some Android Smart Home App using the Google Home API (GHA/GHSAFM-3p-ecosystem/Home Assistant Companion for example) --> Google Home API --> Bluetooth connection to Matter over Thread device for generating credentials --> Credentials received by Google Home API --> Upload generated credentials to Google's cloud which requires a Google account --> Thread Border Router downloads device credentials from Google's cloud servers?

@pierredelisle
Copy link
Contributor

Agree that the error you point to is confusing, and I wonder if this is not related to something unrelated to Thread.
I'll ask someone in our engineering team to have a look.

However, if you could try the following:
(1) Commission a Thread Border Router via GHA
(2) Commission the Thread device via GHSAFM
Then it should work.

A Google account is definitely necessary for (1). This is what gets the Thread credentials into the Google ecosystem.
Note that I believe that using a Nanoleaf or Samsung TBR should work as well.

Also, we will have some Thread "developer utilities" coming up for the sample app. (My colleague Doug should have a PR out soon).
With that, you'll be able to:

  • export your Thread credentials via a QR code
  • import these credentials into Google Home infrastructure (in Google Play Services).

@pierredelisle
Copy link
Contributor

@zimmyxyz Please see #172 and give it a try.

@zimmyxyz
Copy link
Author

zimmyxyz commented Sep 23, 2023
edited

@pierredelisle I gave the PR a try and was hoping it would let me dump the created credentials so I could import them into my own Matter controller software.

Unfortunately still running into the issue of GMS failing on the Caused by: m.plu: UNAUTHENTICATED: Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project. error before it even gets a chance to create the credentials. So still need that upstream issue resolved before the credential dumping feature can be used.

I'm going to try debugging GMS on a rooted device to figure what this mysterious Google API request is so we have better info about it soon.

@zimmyxyz
Copy link
Author

zimmyxyz commented Oct 1, 2023
edited

@pierredelisle just got around to debugging the "authentication" issue with a rooted device and mitmproxy. I don't see any requests from Google Play Services that are responded to with a 4XX code. I do see a bunch of gRPC traffic to the URL https://googlehomefoyer-pa.googleapis.com/google.internal.home.foyer.v1.CHIPService/GetCommissioningNonce though. GetCommissioningNonce was mentioned in the error stacktrace:

                 Caused by: m.fya: RPC GetCommissioningNonce returned code UNAUTHENTICATED; Sherlog for GetCommissioningNonce is needed to diagnose.
                 	at m.fze.b(:com.google.android.gms.optional_home@233614065@23.36.14 (100400-0):314)
                 	at m.qns.bN(:com.google.android.gms.optional_home@233614065@23.36.14 (100400-0):14)
                 	at m.qvx.run(:com.google.android.gms.optional_home@233614065@23.36.14 (100400-0):114)
                 	at m.dud.c(:com.google.android.gms.optional_home@233614065@23.36.14 (100400-0):50)
                 	at m.dud.run(:com.google.android.gms.optional_home@233614065@23.36.14 (100400-0):76)
                 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1137)
                 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:637)
                 	at ahvs.run(:com.google.android.gms@233614044@23.36.14 (190400-567131450):8)
                 	at java.lang.Thread.run(Thread.java:1012)
                 Caused by: m.pqp: UNAUTHENTICATED: Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
                 	at m.dsn.m(:com.google.android.gms.optional_home@233614065@23.36.14 (100400-0):17)
                 	at m.dsn.l(:com.google.android.gms.optional_home@233614065@23.36.14 (100400-0):176)
                 	at m.fwq.a(:com.google.android.gms.optional_home@233614065@23.36.14 (100400-0):37)
                 	at m.fxc.a(:com.google.android.gms.optional_home@233614065@23.36.14 (100400-0):49)
                 	at m.fze.b(:com.google.android.gms.optional_home@233614065@23.36.14 (100400-0):166)
                 	at m.qns.bN(:com.google.android.gms.optional_home@233614065@23.36.14 (100400-0):14) 
                 	at m.qvx.run(:com.google.android.gms.optional_home@233614065@23.36.14 (100400-0):114) 
                 	at m.dud.c(:com.google.android.gms.optional_home@233614065@23.36.14 (100400-0):50) 
                 	at m.dud.run(:com.google.android.gms.optional_home@233614065@23.36.14 (100400-0):76) 
                 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1137) 
                 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:637) 
                 	at ahvs.run(:com.google.android.gms@233614044@23.36.14 (190400-567131450):8) 
                 	at java.lang.Thread.run(Thread.java:1012) 

Can you maybe explain what this GetCommissioningNonce gRPC endpoint does/is for?

@zimmyxyz
Copy link
Author

zimmyxyz commented Oct 1, 2023

@pierredelisle could you please open a bug issue ticket on https://issuetracker.google.com/issues?q=componentid%3A655104 for this. I can't open one since I do not have a Google account

@pierredelisle
Copy link
Contributor

Are you using a rooted device?

@pierredelisle
Copy link
Contributor

Reason for asking whether you use a rooted device:
Basically the RPC is only meant to be used by GMSCore, so it uses a PKI signature to authenticate itself - but on a rooted device, because that could be faked, auth always fails.

@zimmyxyz
Copy link
Author

zimmyxyz commented Oct 3, 2023

@pierredelisle the original device I tried device commissioning with that got the UNAUTHENTICATED: Request is missing required authentication credential. error in logcat was NOT rooted. I recently got another phone for testing and rooted it to see if I could use root debugging privileges to figure out the specific details about the RPC request/response that was causing the UNAUTHENTICATED error. I used mitmproxy to record a bunch of RPC requests for the URL https://googlehomefoyer-pa.googleapis.com/google.internal.home.foyer.v1.CHIPService/GetCommissioningNonce but never managed to log the one request that got a 4XX response, which is what I was hoping to see. All the GetCommissioningNonce requests it intercepted and logged just got back 200 as a RPC response and no body, I never see an RPC request with an actual error response. I managed to find the APK that contains the code that causes the RPC auth error (dl-Home.optional_233614100400.apk in my case):
image
image
But like I said I never see the error RPC request, so I'm still unsure what's going on here. I thought the authentication error is due to not being signed into a Google account but at this point I'm not really sure. I will try to use my rooted device to breakpoint debug the RPC request soon and hopefully that will give some info about the error.

@ghost
Copy link

ghost commented Nov 29, 2023

I've read the entire discussion here, and I think there may be a misunderstanding what @zimmyxyz wants and what @pierredelisle understands from the question.

From how I understood it, @zimmyxyz wants to use the Google Home SDK, but doesn't wan't to use a device that has GMS on it, for ex. an Android phone with a custom ROM.

So the question why the dependence on a Google account is also why the dependency on GMS? Can't we setup devices offline without needing to have GMS, Google account or even internet connection at all? Sorry for busting in on the question, but I was basically wanting to ask the same question, so better here than to open a new issue.

@pierredelisle
Copy link
Contributor

why the dependency on GMS?

The Google Home Mobile SDK depends on Google Play Services, and more specifically the "home" module. This is the library code that is needed to run on the phone to provide the functionality offered by the Google Home Mobile SDK.
The SDK will not work without that "home" module running on the phone.

See https://developers.home.google.com/matter/verify-services for more details on checking the Matter modules.

@zimmyxyz
Copy link
Author

zimmyxyz commented Jan 10, 2024
edited

From how I understood it, @zimmyxyz wants to use the Google Home SDK, but doesn't wan't to use a device that has GMS on it, for ex. an Android phone with a custom ROM.

No, the device I am using DOES have GMS but isn't signed into a Google Account. This is the "issue" that nobody can explain to me.

@jonsmirl
Copy link

jonsmirl commented Feb 7, 2024
edited

I may be wrong, but I think your problem is with thread credential sharing. Matter has not implemented thread credential sharing yet, maybe Matter 1.3? The problem is that the border routers all used different APIs to pass in credentials. So GMS is trying to use a Google Home device as the border router and to use a Google Home device you need a Google account. I suspect you have a border router from a different vendor which you are trying to use. In the current Matter model thread border routers are proprietary things under the vendor's control. Matter thread credential sharing will solve this when it deploys. Something which might work would be to commission your device using the other border router first, and then share it back to Android.

@muddog
Copy link

muddog commented May 29, 2024
edited

When I use GHSAFM-3p-ecosystem apk to do commission of an MATTER WIFI bulb, it failed to make credential.
IMG_1316
I do not have a border router or a Nest connected. Just a Android Phone and a Bulb connected with a WIFI AP. What's the issue here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jonsmirl @pierredelisle @muddog @zimmyxyz