Can JWT be used with the public IFrame API?


I am trying to assign a moderator role to a user using the public IFrame API. Currently everyone is a moderator. I read that this can be achieved using the JWT token for self hosted solutions. How about the public servers? Is this possible?

Thank you all for this great product and community!

Nope. If you want to use jwt, you need a self hosted deployment so you can control the shared secret or private key for signing the tokens, having that information public means anyone can create there own jwt which defeats the purpose of having this authentication as everyone will be able to provide valid jwt.

Yeah, my thoughts exactly. But, is any other way so that we have the creator of the room be the only moderator?

Using your own deployment and controlling that by jwt or some other custom mechanism you implement using custom prosody modules …

1 Like