External API with JWT auth

Hi!

I have set up Jitsi Meet with the internal_plain authentication following the quick install guide which works fine.

My goal is to use the External API with JWT auth but I’m running into some issues.

In my Prosody configuration, I have updated the values as follows:

cross_domain_bosh = true;
consider_bosh_secure = true;

VirtualHost "chat.<DOMAIN>.com"
        -- enabled = false -- Remove this line to enable this host
        -- authentication = "internal_plain"
        authentication = "token"
        app_id="<APPNAME>"
        app_secret="<JWTSECRET>"
-- ...

In my Javascript I have the following code:

      const options = {
        jwt: window.jitsiToken, // JWT token in PHP - see below
        roomName: resp.data.call.id, // This is fetching a UUID generated from PHP backend
        width: window.innerWidth,
        height: window.innerHeight - 58, // minus navbar
        parentNode: document.getElementById('meet'),
        interfaceConfigOverwrite: {
          DEFAULT_BACKGROUND: '#50f9dd',
          DEFAULT_REMOTE_DISPLAY_NAME: 'Teammate',
          // SHOW_JITSI_WATERMARK: true,
          // SHOW_WATERMARK_FOR_GUESTS: true,
          APP_NAME: '<AppName>',
          BRAND_WATERMARK_LINK: 'https://<DOMAIN>.com/'
        },
        configOverwrite: {
          startAudioOnly: true,
          liveStreamingEnabled: true
        },
        userInfo: {
          email: this.user.email, // PHP backend user email
          displayName: this.user.name // PHP backend user name
        },
        invites: resp.data.call.invites.map((i) => { return { email: i.user.email, displayName: i.user.name } }) // List of invited users from PHP app
      }

      console.log('running jitsi meet')
      this.api = new JitsiMeetExternalAPI('chat.<DOMAIN>.com', options)

The JWT token

        $jitsiPayload = [
            "context" => [
                "user" => [
                    "avatar" => "",
                    "name" => $user->name,
                    "email" => $user->email,
                    "id" => "{$user->id}"

                ],
                "group" => "<COMPANYNAME>"
            ],
            "aud" => "<APPNAME>",
            "iss" => "<APPNAME>",
            "sub" => "chat.<DOMAIN>.com",
            "room" => $call->id,
            "exp" => Carbon::now()->addHours(4)->timestamp
        ];
        $jitsiToken = JWT::encode($jitsiPayload, config('services.jitsi.secret'), config('services.jitsi.jwt_algorithm')); // HS256

With this configruation Jitsi Meet loads into the HTML element correctly, but the call does not appear to start. In the console I’m seeing the following:

2020-05-06T10:56:27.022Z [modules/browser/BrowserCapabilities.js] This appears to be firefox, ver: 76.0 Logger.js:154:22
2020-05-06T10:56:28.805Z [index.web] (TIME) document ready:  4279 Logger.js:154:22
2020-05-06T10:56:29.108Z [features/base/lastn] There is no active conference, not updating last N Logger.js:154:22
2020-05-06T10:56:29.111Z [modules/UI/videolayout/VideoLayout.js] <changeUserAvatar>:  Missed avatar update - no small video yet for undefined Logger.js:154:22
2020-05-06T10:56:29.123Z [modules/UI/videolayout/VideoLayout.js] <changeUserAvatar>:  Missed avatar update - no small video yet for undefined Logger.js:154:22
2020-05-06T10:56:29.128Z [modules/UI/videolayout/VideoLayout.js] <changeUserAvatar>:  Missed avatar update - no small video yet for undefined Logger.js:154:22
2020-05-06T10:56:29.135Z [features/base/config] <_/<>:  Extending config with: {"liveStreamingEnabled":false,"startAudioOnly":true} Logger.js:154:22
2020-05-06T10:56:29.138Z [features/base/config] <_/<>:  Extending interfaceConfig with: {"APP_NAME":"<AppName>","BRAND_WATERMARK_LINK":"https://<DOMAIN>.com/","DEFAULT_BACKGROUND":"#50f9dd","DEFAULT_REMOTE_DISPLAY_NAME":"Teammate"} Logger.js:154:22
2020-05-06T10:56:29.271Z [modules/UI/videolayout/VideoLayout.js] <changeUserAvatar>:  Missed avatar update - no small video yet for undefined Logger.js:154:22
2020-05-06T10:56:29.287Z [features/base/media] Start muted: Logger.js:154:22
2020-05-06T10:56:29.295Z [features/base/media] Start audio only set to true Logger.js:154:22
2020-05-06T10:56:29.297Z [features/base/audio-only] <c/<>:  Audio-only enabled Logger.js:154:22
2020-05-06T10:56:29.303Z [features/base/lastn] There is no active conference, not updating last N Logger.js:154:22
2020-05-06T10:56:29.331Z [features/analytics] <ne/</<>:  Loaded 0 analytics handlers Logger.js:154:22
2020-05-06T10:56:29.333Z [modules/statistics/AnalyticsAdapter.js] <dispose>:  Disposing of analytics adapter. Logger.js:154:22
2020-05-06T10:56:29.334Z [features/analytics] <ne/<>:  Error: "No analytics handlers created!"
2020-05-06T10:56:29.615Z [features/base/devices] setAudioOutputDevice: undefined[default]
2020-05-06T10:56:29.623Z [features/base/devices] <O/</</<>:  Failed to set audio output device.
                        Default audio output device will be used instead Error: Audio output device change is not supported Logger.js:154:22
2020-05-06T10:56:31.386Z [features/base/storage] <persistState>:  redux state persisted. fd3b6442272f785f3d52e8a518f57ba8 -> 2f0d031531d15f0d82f2ecb84dea6d65 Logger.js:154:22
2020-05-06T10:56:31.577Z [modules/RTC/RTCUtils.js] <init/<>:  Available devices:  
Array(4) [ MediaDeviceInfo, MediaDeviceInfo, MediaDeviceInfo, MediaDeviceInfo ]
Logger.js:154:22
2020-05-06T10:56:31.622Z [features/base/devices] Device list updated:
audioInput:
    [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=]
    [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=]
    [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=]
audioOutput:

videoInput:
    [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=] Logger.js:154:22
2020-05-06T10:56:31.684Z [modules/xmpp/xmpp.js] <_initStrophePlugins>:  P2P STUN servers:  
Array [ {…} ]
Logger.js:154:22
2020-05-06T10:56:31.716Z [modules/xmpp/xmpp.js] <connectionHandler>:  (TIME) Strophe connecting:   7190 Logger.js:154:22
2020-05-06T10:56:31.734Z [modules/RTC/RTCUtils.js] <newObtainAudioAndVideoPermissions>:  Using the new gUM flow Logger.js:154:22
2020-05-06T10:56:31.736Z [modules/RTC/RTCUtils.js] <newObtainAudioAndVideoPermissions/i<>:  Got media constraints:  
Object { video: false, audio: {…} }
Logger.js:154:22
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('moz-extension://242218af-2347-174d-a798-fb32e6d52a2f') does not match the recipient window's origin ('https://v1-alpha.<DOMAIN>.com').
2020-05-06T10:56:32.729Z [modules/xmpp/strophe.util.js] <t.a/r.Strophe.log>:  Strophe: Server did not yet offer a supported authentication mechanism. Sending a blank poll request. Logger.js:154:22
2020-05-06T10:56:33.809Z [modules/RTC/RTCUtils.js] <_newGetUserMediaWithConstraints/</<>:  onUserMediaSuccess Logger.js:154:22
2020-05-06T10:56:33.812Z [modules/RTC/JitsiLocalTrack.js] <_setStream>:  Setting new MSID: {8b97a599-4cd4-b846-930a-bc876238bad9} {aa8034a7-f442-de4f-aa34-f1544172ed37} on LocalTrack[undefined,audio] Logger.js:154:22
2020-05-06T10:57:29.502Z [modules/xmpp/strophe.util.js] <t.a/r.Strophe.log>:  Strophe: Server did not yet offer a supported authentication mechanism. Sending a blank poll request. Logger.js:154:22

In Prosody error logs I’m seeing references to

May 06 11:36:56 portmanager     error   Error binding encrypted port for https: No key present in SSL/TLS configuration for https port 5281
May 06 11:36:56 modulemanager   error   Error initializing module 'auth_token' on 'chat.<DOMAIN>.com': /usr/bin/prosody:185: module 'basexx' not found:

In the regular Prosody log I’m seeing items like the following

May 06 11:36:56 modulemanager   error   Error initializing module 'auth_token' on 'chat.<DOMAIN>.com': /usr/bin/prosody:185: module 'basexx' not found:
May 06 11:45:45 mod_bosh        info    Client tried to use sid 'eb96279c-7da2-46d6-8c44-565d4112bb50' which we don't know about
May 06 11:56:32 boshbaed443d-13f5-428f-9163-93ae202c4857        warn    No available SASL mechanisms, verify that the configured authentication module is working

I have tried lots of different setting tweaks over the last couple of days but have had no luck. Any help with is appreciated.

Thanks for reading!

1 Like