Docker-jitsi-meet JWT token for one room authenticates all rooms with sessionid from localStorage

Hi,

TLDR :- How do we make sure an user authenticated with a JWT which contains room: "newroom" in the payload is not authenticated automatically to create any other room as he wishes because the sessionId in the localStorage currently allows him to do so

Let me just say as a precursor that I have gone through all the community links and github issues I could find on this topic, but didn’t help much, and I am hoping someone could help me.

I am using docker-jitsi-meet and the Iframe API.

So I have to authenticate users via JWT which works great the first time. The JWT validates roomname, nbf (token not valid before) and exp (token expired) as shown in the payload example below. But the next time onwards the now authenticated user can create any room he wants by just typing in domain.jitsi.co/roomname. If however he uses an invalid JWT along with the roomname it does block him so that interaction works. Its just that he can create any room he wants (using url without JWT) once he has been authenticated for the first time without the need for a JWT token.

This is happening because of the sessionId stored in the localStorage after authenticating with a room the first time. Doing window.localStorage.clear() proves this, because trying to open a new room shows the waiting for host message again.

My Sample JWT Payload :-

{
  "context": {
    "user": {
      "name": "John Doe",
      "email": "jdoe@example.com"
    }
  },
  "aud": "audience-uses-the-same-as-one-set-in-docker-JWT_APP_ID",
  "iss": "issuer-uses-the-same-as-one-set-in-docker-JWT_APP_ID",
  "sub": "domain.jitsi.com",
  "room": "newroom",
  "exp": 1595506000,
  "nbf": 1595406000
}

My Relevant Docker Env Variables

  ENABLE_AUTH: "1"
  ENABLE_GUESTS: "1"
  AUTH_TYPE: "jwt"
  JWT_ALLOW_EMPTY: "0"

So to summarize my questions boil down to :-

  1. How do we work around this issue?
  2. Is this considered a bug and will be fixed down the line?

@damencho hoping you can shed some light on this.

Thanks in advance :slight_smile:

You need this set https://github.com/jitsi/jitsi-meet/blob/29366a0029c3da05207d21d99e1f987b7575930d/config.js#L316

Thanks a lot. Really appreciate it… Will test it out. !! :))