[Authentication Failed] - Jitsi Meet Token Authentication Problem

Hi Jitsers,

After facing multiple challenges, finally, I installed jitsi tokens and I think it’s ready for jwt authentications.

**

I am just typing a random room name with jwt in url

**

However, when i pass jwt tokens in my URL like this https://call.edvoid.com/tested?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb250ZXh0Ijp7InVzZXIiOnsibmFtZSI6IkpvaG4gRG9lIiwiZW1haWwiOiJqZG9lQGV4YW1wbGUuY29tIn19LCJhdWQiOiJleGFtcGxlX2FwcF9pZCIsImlzcyI6ImV4YW1wbGVfYXBwX2lkIiwic3ViIjoiY2FsbC5lZHZvaWQuY29tIiwicm9vbSI6InRlc3RlZCIsImV4cCI6MTU5NTUwNjAwMH0.WHjQmaP-Ar8bqH2ddwFyq71J2W5mG7qGKYUrDxlu9_k

I am getting error “Authentication failed” and when i don’t pass anything i get a prompt to enter username and password.

This is my prosody.log file and everything seems normal to me

This was my payload

{
“context”: {
“user”: {
“name”: “John Doe”,
“email”: “jdoe@example.com
}
},
“aud”: “example_app_id”,
“iss”: “example_app_id”,
“sub”: “call.edvoid.com”,
“room”: “tested”,
“exp”: 1595506000
}

and my secret is “example_app_secret” (you can use this to generate jwt, and check my URL auth)

@damencho can you please help me with this?

Is the URL correct? It seems to me that you are passing a weird jwt: https://call.edvoid.com?jwt=https://call.edvoid.com

Maybe that format error is caused by an incorrect format jwt

Can you try with just the URL https://call.edvoid.com?jwt=

Passing the url again as a JWT will cause it to bug out

Hi @Kenza_Cohen and @thomasi

Sorry for this, this was just a typo while posting this, i edited my post and FYI this is till not working after visiting this https://call.edvoid.com/tested?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb250ZXh0Ijp7InVzZXIiOnsibmFtZSI6IkpvaG4gRG9lIiwiZW1haWwiOiJqZG9lQGV4YW1wbGUuY29tIn19LCJhdWQiOiJleGFtcGxlX2FwcF9pZCIsImlzcyI6ImV4YW1wbGVfYXBwX2lkIiwic3ViIjoiY2FsbC5lZHZvaWQuY29tIiwicm9vbSI6InRlc3RlZCIsImV4cCI6MTU5NTUwNjAwMH0.WHjQmaP-Ar8bqH2ddwFyq71J2W5mG7qGKYUrDxlu9_k

Can you guys please try your self to generate jwt with a secret, secret is example_app_secret.

Maybe, my jwt is wrong…

OK well the good news is that i can replicate the error as now i have fixed my JWT issue i am having yours now lmao.

Looking into it now

@Kenza_Cohen, How you solved it? what was your’s problem?

FYI, these are my jicofo logs

In /var/log/prosody/prosody.log do you see the following?

Apr 13 21:21:11 general warn Error verifying token err:not-allowed, reason:token required?

This is what i am getting now, also what version of trunk are you using?

@Kenza_Cohen
I am having trunk 747, and i don’t see this kind of warn msg in my prosody.log file. I don’t know, when i’ll be able to solve this. I am stick into these kind of problems since last 3 days.

ok so what i just did to get mine working is updated trunk to latest nightly.

Makre sure the plug directory is set correctly to the VHost file

I am also getting this error now, previous problem fixed by using this technique

and now i am getting same error as you, can you please try this ? https://github.com/jitsi/lib-jitsi-meet/issues/837

OK so first of all make sure that the LUA Modules have installed, for some reason mine didnt, you’d need OpenSSL installed as well as the LUA modules.

Than give the server a reboot

@Kenza_Cohen i already installed lua modules and openssl. I can’t se anything weird in my logs. Check my logs
Jicofo logs - https://pastebin.com/raw/82Y6jrhq

jvb logs - https://pastebin.com/raw/yLrrGTS6

Prosody logs - https://pastebin.com/raw/SVBmVAmr

What OS are you using?

Also is Presence_Identity added to your LUA modules for your VHost?

Ubuntu 18.04 bionic on AWS

Yep so we are on the same Distro Too :slight_smile:

In the VHost make sure config resembles something like this:

VirtualHost "meet.<your Domain>"
    -- enabled = false -- Remove this line to enable this host
    authentication = "token"
    -- Properties below are modified by jitsi-meet-tokens package config
    -- and authentication above is switched to "token"
    app_id="<your AppID>"
    app_secret="<Your Secret>"
    allow_empty_token = false;
    -- Assign this host a certificate for TLS, otherwise it would use the one
    -- set in the global section (if any).
    -- Note that old-style SSL on port 5223 only supports one certificate, and will always
    -- use the global one.
    ssl = {
            key = "/etc/prosody/certs/<your Domain>.key";
            certificate = "/etc/prosody/certs/<your domain>crt";
    }
    speakerstats_component = "speakerstats.<your domain>"
    conference_duration_component = "conferenceduration.<your domain>"
    -- we need bosh
    modules_enabled = {
        "bosh";
        "pubsub";
        "ping"; -- Enable mod_ping
        "speakerstats";
        "turncredentials";
        "conference_duration";
        "presence_identity";
    }
    c2s_require_encryption = false

Component "conference.meet.<your Domain>" "muc"
    storage = "none"
    modules_enabled = {
        "muc_meeting_id";
        "muc_domain_mapper";
        "token_verification";
    }
    admins = { "focus@<your domain>" }
    muc_room_locking = false
    muc_room_default_public_jids = true

Also i had to do the following:

sudo apt-get install libssl1.0-dev
sudo luarocks install luajwtjitsi
sudo luarocks install luacrypto
sudo apt-get install jitsi-meet-tokens

For some reason not everything was installed by running the command the first time due to errors but as soon as i ran those above i hit reboot then poof it started working

I am having same configuration, i just did one change storage = “null” instead of “none” because it throws lot of error related same like this [Solved] Issue in connectivity after upgrade the jitsi meet

I am still getting this error in my prosody log

general warn Error verifying token err:not-allowed, reason:token required

@Kenza_Cohen

Would you like to take a look yourself? I’ll share pem file via email and you can ssh to that server.

I am not having any problem, this is a testing instance not a prod.

I am really tired with this problem.