Ban or outcasting users with JWT token


My team and I are developing conference rooms using jitsi-meet. We have managed to apply configuration with JWT Token Authentication.

What is going on:

  1. Our backend server is creating tokens with one hour expiration date (exp = NOW() + 1h).
  2. Inside JWT tokens are encrypted users (names, roles etc.).
  3. We are using prosody BOSH to join the rooms (url in the browsers - https://XXXX/room&jwt=YYYY).

It works fine, but we need to have an ability to ban/oucast misbehaving users on a conference and stop them from login again.

I was trying to use prosody modules with console command ( - muc:room(""):set_affiliation(true, "user@host", "outcast");):

  • modules/mod_admin_telnet
  • modules/mod_admin_adhoc
    , but without luck - I don’t see authenticated users inside prosody rooms after they enter a room.

What I am thinking now is that I must change some code of lua prosody files or jitsi-meet javascript files to be able to add this functionality (to ban users and block them from login again). I should create some kind of table to list banned users.

Do you have some advices for me? Where should I start? I was thinking about these files:

Or maybe this kind of functionality already exists and I simply don’t know about it?