Breakout room fails with JWT authentication


We are running a self-hosted installation of Jitsi in a scalable setup. We use JWT for authentication for starting a conference. Accessing a running conference is possible for anonymous users (=no JWT). User with JWT gets moderator rights. Our JWT includes also “room” claim and so it should match to conference room name.

As a moderator user I can create a breakout room, but when I try to join it, I get a page with text “Sorry! You are not allowed to be here”. Users, who joined the main conference without a JWT can join breakout rooms without issues.

In prosody logs I find this error:

breakout.<myhost>:token_verification error Token eyJ0eXAi..... not allowed to join: bb747194-be1d-4d61-b7b5-d276706c4513@breakout.<myhost>/b8612835

I suppose, it’s because claim “room” of the token doesn’t match the room name of the breakout room.
I tried with both enabled and disabled token_verification module in the prosody config - doesn’t make any difference

Component "breakout.<myhost>" "muc"
    restrict_room_creation = true
    storage = "memory"
    modules_enabled = {
--        "token_verification";
    admins = { "focus@auth.<myhost>" }
    muc_room_locking = false
    muc_room_default_public_jids = true

I can confirm, that when using “*” for the “room” claim, joining breakout rooms for moderator works. Unfortunately, using “*” is not an option.

Do you have some suggestions, how this issues can be solved? Maybe there is a workaround, similar to this, possible?

Hum, interesting. I think we should handle this in the prosody plugin, yeah. Can you please open an issue on GitHub?

Thanks! I hope, I’ve put it into right place: Joining a breakout room with JWT authentication enabled is not possible · Issue #11075 · jitsi/jitsi-meet · GitHub

1 Like