Authentication via headers

Is there anyway to authentiate the user that is accessing JITSI Meet via HTTP headers? We have a reverse proxy server (specifically Nginx) in front which knows the identity of the user connecting, but I’m unsure the best way of passing that information through to JITSI.

Specifically, we authenticate using client certificate authentication (PKI), not using any usernames and passwords.

No there is no such option, if you want to embed jitsi-meet experience in some other software, you best bet is using jwt tokens and generating them server-side for your logged in users.

That’s fair. Does seem like a feature specific to larger corporations.

Is there a way we can tell if someone is logged in or not from the headers / equivalent (something accessible from a reverse proxy)? If there is, we could send a JWT token with each request from an unauthenticated user.

We can’t send JWT requests for all requests because we’ll end up in an infinite loop.

What is this loop?

You have a authentication service or something on the backend … when authenticate a user you also create a jwt token and you pass it to the iframe api or mobile sdk and your jitsi-meet user is now authenticated.

Maybe I’m just not understanding the service well enough. I generate a JWT, then I create a URL like:

https://service.com/room?jwt=aughreogaeroigjr==

I send the user to that URL (not via iframe, just a <a href>). They then get logged in with the JWT (which all works perfectly) and sent to a URL like:

https://service.com/room (but logged in!)

They want to invite another user, so they pass the link across and the next user visits https://service.com/room, but it doesn’t work because they have no JWT token and so they can’t login!

This can be solved if you check every request for a jwt query parameter, and if it doesn’t exist then add it in, but then you get into an infinite loop of:

https://service.com/room?jwt=abc== (redirects to...)
https://service.com/room (thinks that it's not authenticated so redirects to...)
https://service.com/room?jwt=abc== (redirects to...)
https://service.com/room (thinks that it's not authenticated so redirects to...)
....

You mention embedding it in an iframe, which is a very interesting idea. We are intending to start JITSI conversations via Mattermost, so that could be useful.

So the way to be used with jwt is to embed it and those invites and stuff are going through your internal communication used by the app that embeds jitsi-meet, not just sending a message with a jwt in the link. And if you want to be able to invite external entities then you enable the property to allow entering rooms without a token, and guests are invited without a token.

Kk, thank you so much for the advice and support! :slight_smile:

i want to authenticate with username and password by passing on url so how ca i do it please help?