Anonymous users are able to join the meeting with out password(jwt is enabled)

Hi @damencho,
We are facing the below issue in our video conference portal. We have enabled JWT token with meeting Id. Please request to go through the below portal and I am giving one sample meeting Id to join the video conference.
Website: URL
Meeting Id: JGDmTEyC
Issue 1.
We have enabled authentication to join the meeting and dynamically we are generating meeting url(with jwt token) and sending to meeting participants. Participants they are going their mail and when they will click the invited link they are able to join the meeting using JWT token.
Problem : Once one Participant is joined through jwt token , after that any other anonymous user who is not part of this meeting invitation without password he can able to join the meeting on the same room.

Issue 2:
Using JWT token who joined the meeting they are able to do all permission like kick-out any one, generate password and sharing the url , mute to all etc . which we don’t want.

Please help me on this.