How can create user in command but
Authenticated users are by default Moderators. You would have to change the logic in Jicofo to alter this. Easier to use JWT and grant privilege based on role using
@emrah’s token_affiliation plugin.
These are two new Prosody modules to control a tokenized conference room. Use these with token_verification
This module sets the occupant’s affiliation according to the token content. Like the token_moderation module but with a different approach.
Token Owner Party
This module prevents the unauthorized users to create a room and terminates the conference when the owner leaves.
you mean pass the user’s password using JWT ?
Not password per se, just the authentication rights. You would need to assign a token to each user and in the payload, specify their role. The plugin referenced above will identify the role and grant privilege accordingly.
First of all I’m new in jitsi.
I create a user by using :
prosodyctl register username domain password
how can I set a token.
You would be authenticating through JWT instead creating prosody users like in Secure domain (which you’ve referenced). Here’s how you install Jitsi JWT:
This file has been truncated.
JWT token authentication Prosody plugin
This plugin implements a Prosody authentication provider that verifies a client connection based on a JWT token described in [RFC7519].
It allows use of an external form of authentication with lib-jitsi-meet. Once your user authenticates you need to
generate the JWT token as described in the RFC and pass it to your client app. Once it connects with a valid token it is considered authenticated by the jitsi-meet system.
During configuration you will need to provide the *application ID* that identifies the client and a *secret* shared by both server and JWT token generator. Like described in the RFC, the secret is used to compute a HMAC hash value which allows authentication of the generated token. There are many existing libraries which can be used to implement token generation. More info can be found here: [http://jwt.io/#libraries-io]
JWT token authentication works with BOSH and websocket connections.
### Token structure
The following JWT claims are used in the authentication token:
- 'iss' specifies the *application ID* which identifies the client app connecting to the server. It should be negotiated with the service provider before generating the token.
- 'room' contains the name of the room for which the token has been allocated. This is *NOT* the full MUC room address. An example assuming that we have full MUC 'firstname.lastname@example.org' would be that 'conference1' should be used here. Alternately, a '*' may be provided, allowing access to all rooms within the domain.
- 'exp' token expiration timestamp as defined in the RFC
can you help me by sending an example, please ?