Defining roles using JWT

Greetings, we would like to only allow usage of our jitsi server via iframe API (meaning can’t create rooms using the domain if entered through browser). We use JWT to enforce that, problem is we also implement user roles (moderators and guests) and by using JWT, all users who enter the room are automatically moderators. Is there any way to define user roles with JWT? We are currently using latest stable build with jitsi-meet-tokens on Ubuntu 20.04

You can disable auto-ownership feature in Jicofo and use a custom prosody plugin to assign moderator role only when tokens with specific attributes are set. See:

I don’t think you can use JWT to enforce iframe-only access to Jitsi, but it certainly does help control the user journey i.e. users have to go through your app which generates the token and sets up the conference in IFrame. It is not going to stop a savvy (but legitimate) user from extracting the token and joining the meeting directly, but it does indeed stop an unauthorised user from simply joining a room on web.

1 Like

Thanks for the feedback. Will give that a shot =)