Hello,
I tried to setup authentication using the token, first I enabled password and then JWT token-based. When I installed the following things it’s changed prosody configuration as required but not working for me.
sudo dpkg -i prosody-trunk_1nightly747-1~trusty_amd64.deb
apt-get install jitsi-meet-tokens
Even username password login also stopped working, after some struggle and resolved the issue, at last, I faced the following issue, not getting where I made mistake.
Plase paste your prosody configuration.
Sure,
You can check follow
prosody.cfg.lua
-- Prosody XMPP Server Configuration
-- Information on configuring Prosody can be found on our
-- website at https://prosody.im/doc/configure
admins = { }
modules_enabled = {
-- Generally required
"roster"; -- Allow users to have a roster. Recommended ;)
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
"tls"; -- Add support for secure TLS on c2s/s2s connections
"dialback"; -- s2s dialback support
"disco"; -- Service discovery
-- Not essential, but recommended
"private"; -- Private XML storage (for room bookmarks, etc.)
"vcard"; -- Allow users to set vCards
-- These are commented by default as they have a performance impact
--"blocklist"; -- Allow users to block communications with other users
--"compression"; -- Stream compression (requires the lua-zlib package installed)
-- Nice to have
"version"; -- Replies to server version requests
"uptime"; -- Report how long server has been running
"time"; -- Let others know the time here on this server
"ping"; -- Replies to XMPP pings with pongs
"pep"; -- Enables users to publish their mood, activity, playing music and more
"register"; -- Allow users to register on this server using a client and change passwords
-- Admin interfaces
"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
--"admin_telnet"; -- Opens telnet console interface on localhost port 5582
-- HTTP modules
--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
--"http_files"; -- Serve static files from a directory over HTTP
-- Other specific functionality
--"groups"; -- Shared roster support
--"announce"; -- Send announcement to all online users
--"welcome"; -- Welcome users who register accounts
--"watchregistrations"; -- Alert admins of registrations
--"motd"; -- Send a message to users when they log in
--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
}
-- These modules are auto-loaded, but should you want
-- to disable them then uncomment them here:
modules_disabled = {
-- "offline"; -- Store offline messages
-- "c2s"; -- Handle client connections
-- "s2s"; -- Handle server-to-server connections
-- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
}
-- Disable account creation by default, for security
-- For more information see https://prosody.im/doc/creating_accounts
allow_registration = false
-- These are the SSL/TLS-related settings. If you don't want
-- to use SSL/TLS, you may comment or remove this
ssl = {
key = "/etc/prosody/certs/localhost.key";
certificate = "/etc/prosody/certs/localhost.crt";
}
-- consider_bosh_secure = true
c2s_require_encryption = false
s2s_secure_auth = false
-- s2s_insecure_domains = { "gmail.com" }
--s2s_secure_domains = { "jabber.org" }
-- Required for init scripts and prosodyctl
pidfile = "/var/run/prosody/prosody.pid"
storage = "none" -- Default is "internal"
-- Logging configuration
-- For advanced logging see https://prosody.im/doc/logging
log = {
info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
error = "/var/log/prosody/prosody.err";
"*syslog";
}
Include "conf.d/*.cfg.lua"
/etc/prosody/conf.d/vconf.vidoly.us.cfg.lua
-- Plugins path gets uncommented during jitsi-meet-tokens package install - that's where token plugin is located
plugin_paths = { "/usr/lib/prosody/modules/" }
VirtualHost "xxx.xxxxx.xx"
-- enabled = false -- Remove this line to enable this host
authentication = "token"
c2s_require_encryption=false
-- VirtualHost "guest.xxx.xxxxx.xx"
-- authentication = "token"
-- c2s_require_encryption = false
-- Properties below are modified by jitsi-meet-tokens package config
-- and authentication above is switched to "token"
app_id="xxxx_app"
app_secret="xxxx_app_secret"
allow_empty_token = false
-- Assign this host a certificate for TLS, otherwise it would use the one
-- set in the global section (if any).
-- Note that old-style SSL on port 5223 only supports one certificate, and will always
-- use the global one.
ssl = {
key = "/etc/prosody/certs/xxx.xxxxx.xx.key";
certificate = "/etc/prosody/certs/xxx.xxxxx.xx.crt";
}
-- we need bosh
modules_enabled = {
"bosh";
"pubsub";
"ping"; -- Enable mod_ping
}
consider_bosh_secure = true
VirtualHost "guest.xxx.xxxxx.xx"
authentication = "anonymous"
-- c2s_require_encryption=false
Component "conference.xxx.xxxxx.xx" "muc"
storage = "none"
modules_enabled = { "token_verification" }
admins = { "focus@auth.xxx.xxxxx.xx" }
Component "jitsi-videobridge.xxx.xxxxx.xx"
component_secret = "6JDMWI95"
VirtualHost "auth.xxx.xxxxx.xx"
ssl = {
key = "/etc/prosody/certs/auth.xxx.xxxxx.xx";
certificate = "/etc/prosody/certs/auth.xxx.xxxxx.xx.crt";
}
authentication = "internal_plain"
Component "focus.xxx.xxxxx.xx"
component_secret = "gQIXxX5J"
Component "callcontrol.xxx.xxxxx.xx" component_secret = "d2wrhrVL"
Component "internal.auth.xxx.xxxxx.xx" "muc"
modules_enabled = {
"ping";
}
storage = "none"
muc_room_cache_size = 1000
VirtualHost "recorder.xxx.xxxxx.xx"
modules_enabled = {
"ping";
}
authentication = "internal_plain"jwt and username/password authentication cannot co-exist.
When you have configured token authentication, the error you see is because you have not provide token or correct token.
@damencho
Agree JWT and username/password auth cannot co-exist.
I’m using node.js jsonwebtoken module to generate token using following code. Let me know If I missed something from it.
var jwt = require('jsonwebtoken');
var privateKey = require("fs").readFileSync('/etc/prosody/certs/xxxx.xxxx.us.key');
jwt.sign({
"aud": "*",
"iss": "xxxx_app",
"sub": "xxxx.xxxx.us",
"room": "*",
"exp": Math.floor(Date.now() + (24 * 60 * 60 * 1000))
},
privateKey,
{ algorithm: 'RS256' }, function(err, token) {
console.log(token);
});You are mixing jwt signing, so you had configured jwt with a shared secret app_secret="xxxx_app_secret"
So you need to use that secret to sign it HS256. If you use RS256 you need to configure asap_key_server and use kid.
Thank you gotcha!
Now, something like following console printing and
<d._allocateConferenceFocusSuccess>: Waiting for the focus… 64000
You can check prosody configuration in 3rd comment in same chain.
were you able to solve the issue? same here
