I want to share and check the solution for making the one who first enters the conference be Moderator(have Moderator rights) and all connected after first one being Participants(not having Moderator rights), by using JWT authentification.
What we have done is that we are using JWT auth for all participants so all of them are authenticated. I can confirm they are acting as moderators if org.jitsi.jicofo.auth.URL=SOME_DOMAIN is configured in jicofo configuration.
What we have done is to just comment (remove) the line jicofo org.jitsi.jicofo.auth.URL=<domain> and now we do have that only first participant is moderator and all others are participants.
I was trying to check if there are any negative implications and couldn’t see any.
Difference in console log is that when that line is present we do have :
I want to have first user being moderator but without allowing anyone to connect anonymously (being a guest). So basically i want first authenticated user to be moderator and all others authenticated users to be only participants without moderator rights.
I know that we were using deprecated config, we can use the new one as well and its the same.
is removed from jicofo config we have the behavior that we want, only the first user that connect is moderator.
That is what i wanted to check, are we hitting a bug or this is expected behavior ?
That matches our observations too. Things don’t work (can’t remember what the side-effects are) if we set jicofo.authentication block to JWT. Which makes sense, since JWT auth is handled in prosody not Jicofo.
This is briefly discussed in the following thread, but no definitive conclusion.
Re your use case where you want all guests to have valid JWT and only first becomes moderator, sounds like you already have it working? For the record, the approach would be to:
Nothing is set in stone, so always retest the scenario on every upgrade. But this particular setup (without auth block in jicofo) has worked for us for a very long time across many many upgrades.
It would however be nice to have a definitive answer on what the jicofo.authentication.type=JWT is meant to do, especially since that is mentioned in Secure Domain docs. @damencho sorry to pull you in; any ideas?
But not sure I understand how that works. Does it behave like Secure Domain auth, but instead of username/password you instead get sent to an external URL that will handle token generation and redirect back?
Would enable-auto-login still work when this? (I’m trying to figure out when to use this instead of tokenAuthUrl config).