Enable to authenticate with JWT token

Hi everyone.

I’ve got a strange error on JWT authentication, i follow the configuration in https://github.com/jitsi/lib-jitsi-meet/blob/master/doc/tokens.md, so i set all the configuration needed.

I got this error in /var/log/prosody/prosody.err after restart prosody service:

Apr 17 18:10:40 modulemanager   error   Error initializing module 'auth_token' on '{my-domain}': .../share/jitsi-meet/prosody-plugins/mod_auth_token.lua:40: attempt to call method 'hook_global_global_global' (a nil value)
stack traceback:
        .../share/jitsi-meet/prosody-plugins/mod_auth_token.lua:40: in main chunk
        [C]: in function 'xpcall'
        /usr/lib/prosody/core/modulemanager.lua:200: in function 'do_load_module'
        /usr/lib/prosody/core/modulemanager.lua:283: in function 'load'
        /usr/lib/prosody/core/usermanager.lua:90: in function '?'
        /usr/lib/prosody/util/events.lua:79: in function </usr/lib/prosody/util/events.lua:75>
        (tail call): ?
        /usr/lib/prosody/core/hostmanager.lua:108: in function 'activate'
        /usr/lib/prosody/core/hostmanager.lua:58: in function '?'
        /usr/lib/prosody/util/events.lua:79: in function </usr/lib/prosody/util/events.lua:75>
        (tail call): ?
        /usr/lib/prosody/util/startup.lua:368: in function 'prepare_to_start'
        /usr/lib/prosody/util/startup.lua:594: in function 'f'
        /usr/lib/prosody/util/async.lua:139: in function 'func'
        /usr/lib/prosody/util/async.lua:127: in function </usr/lib/prosody/util/async.lua:125>
Apr 17 18:10:40 modulemanager   error   Error initializing module 'auth_token' on 'localhost': .../share/jitsi-meet/prosody-plugins/mod_auth_token.lua:40: attempt to call method 'hook_global_global_global' (a nil value)
stack traceback:
        .../share/jitsi-meet/prosody-plugins/mod_auth_token.lua:40: in main chunk
        [C]: in function 'xpcall'
        /usr/lib/prosody/core/modulemanager.lua:200: in function 'do_load_module'
        /usr/lib/prosody/core/modulemanager.lua:283: in function 'load'
        /usr/lib/prosody/core/usermanager.lua:90: in function '?'
        /usr/lib/prosody/util/events.lua:79: in function </usr/lib/prosody/util/events.lua:75>
        (tail call): ?
        /usr/lib/prosody/core/hostmanager.lua:108: in function 'activate'
        /usr/lib/prosody/core/hostmanager.lua:58: in function '?'
        /usr/lib/prosody/util/events.lua:79: in function </usr/lib/prosody/util/events.lua:75>
        (tail call): ?
        /usr/lib/prosody/util/startup.lua:368: in function 'prepare_to_start'
        /usr/lib/prosody/util/startup.lua:594: in function 'f'
        /usr/lib/prosody/util/async.lua:139: in function 'func'
        /usr/lib/prosody/util/async.lua:127: in function </usr/lib/prosody/util/async.lua:125>
Apr 17 18:10:40 certmanager     error   SSL/TLS: Failed to load '/etc/prosody/certs/localhost.key': Check that the permissions allow Prosody to read this file. (for localhost)
Apr 17 18:10:40 portmanager     error   Error creating TLS context for SNI host localhost: error loading private key (Permission denied)
Apr 17 18:10:40 certmanager     error   SSL/TLS: Failed to load '/etc/prosody/certs/localhost.key': Previous error (see logs), or other system error. (for localhost)
Apr 17 18:10:40 portmanager     error   Error creating TLS context for SNI host localhost: error loading private key (system lib)
Apr 17 18:10:40 certmanager     error   SSL/TLS: Failed to load '/etc/prosody/certs/localhost.key': Previous error (see logs), or other system error. (for localhost)
Apr 17 18:10:40 localhost:tls   error   Error creating context for c2s: error loading private key (system lib)
Apr 17 18:10:40 certmanager     error   SSL/TLS: Failed to load '/etc/prosody/certs/localhost.key': Check that the permissions allow Prosody to read this file. (for localhost)
Apr 17 18:10:40 localhost:tls   error   Error creating contexts for s2sout: error loading private key (Permission denied)
Apr 17 18:10:40 certmanager     error   SSL/TLS: Failed to load '/etc/prosody/certs/localhost.key': Previous error (see logs), or other system error. (for localhost)
Apr 17 18:10:40 localhost:tls   error   Error creating contexts for s2sin: error loading private key (system lib)

I don’t know how to solve this, can anyone help me?

Thanks

After following this (Token authentication working with prosody 747 but not with latest version. Ubuntu 18.04) and following the instructions here (https://pastebin.com/eTSnENqJ) I am also seeing the same issue.

The error comes from this line in mod_auth_token.lua:

module:hook_global_global(“bosh-session”, init_session);

So i looked around for BOSH errors/warning. This is in /var/log/prosody/prosody.log

Apr 19 13:10:55 mod_bosh info New BOSH session, assigned it sid ‘b5a156b1-efdc-499c-8f7f-bd97b9550a9f’
Apr 19 13:10:55 boshb5a156b1-efdc-499c-8f7f-bd97b9550a9f warn No available SASL mechanisms, verify that the configured authentication module is working

Anyone have any thoughts?

Looks like you have to edit that file.
you should replace hook_global_global_global by hook_global

during ths installation process, there is a sed expression remplacing hook by hook_global. looks like this was run several times, creating that error

I read “https://github.com/jitsi/docker-jitsi-meet/blob/master/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua” that said, “JWT token authentication currently works only with BOSH connections”. But it is on 11 Jul 2019. Now, is it still only possible to work with BOSH connections? Websocket connections?

I’ve manually made changes to mod_auth_token.lua to correct the extra “_global” strings on line 40-41. This should be as per the below:

module:hook_global("bosh-session", init_session);
module:hook_global("websocket-session", init_session);

In my case there was an extra “_global” in the string on line 40 and 41, which looked like “module:hook_global_global” so it looks like the sed expression to make the changes as part of the package deployment is not fully correct.