Couldn't create a room with JWT authentication

Hi,
I wanted to make the following for our company:

  • Admin creates conferences with JWT authentication or by login (username/password)
  • Guests (anyone) can join the conference

My issue is that I couldn’t create a room neither by JWT authentication nor by login/password, this is very important and urgent so can someone help by telling what’s wrong in my config and what should I adjust?!

  • This is what I get when trying to create a room using JWT:

  • And this is what I receive when trying to login using login/password:
    log1 log2 log3

This is what I provided to create my token:
Header

    {
  "alg": "HS256",
  "typ": "JWT"
    }

PAYLOAD

    { 
      "sub": "my.domaine.name",
      "iss":"cnr_jitsi_app",
      "room":"dio",
      "iss":"cnr_jitsi_app"
    }

VERIFY SIGNATURE

HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  my_app_secret

) 
  • This is my /etc/prosody/prosody.cfg.lua file:
    admins = {"abdelaziz@auth.my.domain.name" }

    plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }

    asap_accepted_issuers = { "jitsi", "*" }
    asap_accepted_audiences = { "jitsi", "*" }

    modules_enabled = {

        -- Generally required
                "roster"; -- Allow users to have a roster. Recommended ;)
                "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
                "tls"; -- Add support for secure TLS on c2s/s2s connections
                "dialback"; -- s2s dialback support
                "disco"; -- Service discovery

        -- Not essential, but recommended
                "carbons"; -- Keep multiple clients in sync
                "pep"; -- Enables users to publish their avatar, mood, activity, playing music and more
                "private"; -- Private XML storage (for room bookmarks, etc.)
                "blocklist"; -- Allow users to block communications with other users
                "vcard4"; -- User profiles (stored in PEP)
                "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard

        -- Nice to have
                "version"; -- Replies to server version requests
                "uptime"; -- Report how long server has been running
                "time"; -- Let others know the time here on this server
                "ping"; -- Replies to XMPP pings with pongs
                "register"; -- Allow users to register on this server using a client and change passwords

        -- Admin interfaces
                "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
         
                                                             
   modules_disabled = {
}


allow_registration = false

c2s_require_encryption = false

s2s_require_encryption = true

s2s_secure_auth = false

pidfile = "/var/run/prosody/prosody.pid"

authentication = "internal_hashed"

archive_expires_after = "1w" 
log = {
        info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
        error = "/var/log/prosody/prosody.err";
        -- "*syslog"; -- Uncomment this for logging to syslog
        -- "*console"; -- Log to the console, useful for debugging with daemonize=false
}

certificates = "certs"

VirtualHost "my.domain.name"
    authentication = "token";
    app_id = "cnr_jitsi_app";             -- application identifier
    app_secret = "my_app_secret";     -- application secret known only to your token
                                                                           -- generator and the plugin
    allow_empty_token = false;             -- tokens are verified only if they are supplied by the client
    c2s_require_encryption=false

Component "conference.my.domain.name" "muc"
    authentication = "token";
    app_id = "cnr_jitsi_app";             -- application identifier
    app_secret = "my_app_secret";
    allow_empty_token = false;
    ssl = {
                key = "/etc/prosody/certs/my.domain.name.key";
                certificate = "/etc/prosody/certs/my.domain.name.crt";
        }

    modules_enabled = { "token_verification",
                        "presence_identity",
    }

Include "conf.d/*.cfg.lua"
  • This is my /etc/prosody/conf.d/my.domain.name.cfg.lua file:
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }

-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "my.domain.name";

turncredentials_secret = "8riuP4zb";

turncredentials = {
  { type = "stun", host = "my.domain.name", port = "443" },
  { type = "turn", host = "my.domain.name", port = "443", transport = "udp" },
  { type = "turns", host = "my.domain.name", port = "443", transport = "tcp" }
};

cross_domain_bosh = false;
consider_bosh_secure = true;
allow_registration = true

VirtualHost "my.domain.name"
        allow_registration = true
        -- enabled = false -- Remove this line to enable this host
        authentication = "token"
        --authentication = "internal_plain"
        -- Properties below are modified by jitsi-meet-tokens package config
        -- and authentication above is switched to "token"
        app_id="cnr_jitsi_app"
        app_secret="my_app_secret"
        -- Assign this host a certificate for TLS, otherwise it would use the one
        -- set in the global section (if any).
        -- Note that old-style SSL on port 5223 only supports one certificate, and will always
        -- use the global one.
        allow_empty_token=false
        ssl = {
                key = "/etc/prosody/certs/my.domain.name.key";
                certificate = "/etc/prosody/certs/my.domain.name.crt";
        }
        speakerstats_component = "speakerstats.my.domain.name"
        conference_duration_component = "conferenceduration.my.domain.name"
        -- we need bosh
        modules_enabled = {
            "bosh";
            "pubsub";
            "ping"; -- Enable mod_ping
            "speakerstats";
            "turncredentials";
            "conference_duration";
            "presence_identity";
        }
        c2s_require_encryption = false

Component "conference.my.domain.name" "muc"
    storage = "none"
    modules_enabled = {
        "token_verification";
    }
    admins = {  "abdelaziz@auth.my.domain.name" }
    muc_room_locking = false
    muc_room_default_public_jids = true
-- internal muc component
Component "internal.auth.my.domain.name" "muc"
    storage = "none"
    modules_enabled = {
      "ping";
      "token_verification";
    }
    admins = { "focus@auth.my.domain.name", "jvb@auth.my.domain.name", "abdelaziz@auth.my.domain.name"  }

VirtualHost "guest.my.domain.name"
    authentication = "token"
    app_id="cnr_jitsi_app"
    app_secret="my_app_secret"
    allow_empty_token = true
    c2s_require_encryption = false

VirtualHost "auth.my.domain.name"
    ssl = {
        key = "/etc/prosody/certs/auth.my.domain.name.key";
        certificate = "/etc/prosody/certs/auth.my.domain.name.crt";
    }
    authentication = "internal_plain"

Component "focus.my.domain.name"
    component_secret = "h80a8zQW"

Component "speakerstats.my.domain.name" "speakerstats_component"
    muc_component = "conference.my.domain.name"

Component "conferenceduration.my.domain.name" "conference_duration_component"
    muc_component = "conference.my.domain.name"
  • This is how starts my /etc/jitsi/meet/my.domain.name-config.js file:
var config = {
    // Connection
    //

    hosts: {
        // XMPP domain.
        domain: 'my.domain.name',
        anonymousdomain: 'guest.my.domain.name',

        muc: 'conference.<!--# echo var="subdomain" default="" -->my.domain.name'
    },

Thanks

Hi.

I’ve got the same problem. Did you get any solutions about this??

Thanks

Any answers?