Force Jitsi to only accept API created meetings

Hi, just wondering if it’s possible to only allow new rooms that have been created using the Meet API? i.e. I don’t want people to visit the domain and create a new room independently of the API.

I suppose this could be done using the Secure domain options (https://github.com/jitsi/jicofo#secure-domain), but I’m not sure how you could pass the username and password via the API.

Alternatively it looks like the JWT plugin can be configured to only allow connections supplying a valid JWT. If that’s the case, what happens when users try to connect without a JWT? Do they get sent to the welcome page? Or can it be configured to send them elsewhere?

1 Like

If you allow guests in jwt they can open any room, will just be missing features.

If you allow guests in jwt they can open any room, will just be missing features.

So you can’t set it to only allow people to join a/any room unless they have a valid JWT? The documentation seems to suggest that if the room is created with a JWT everybody needs to have one to log in to that room.

There is an option allow_empty_token to allow guest to enter with no token.

You can set it with JWT as you described. If guest (someone without JWT) goes to your jitsi, he will be unauthorized. I don’t rembember what page shows, but i guess it’s input password page and since there is no password, guest cannot enter. I can’t recollect any jitsi setting, that would send the guest to some predefined url in that case.
We are using the same solution - only meet api conferences. We do not allow users to create new rooms in jitsi simply by restricting JWT tokens to only one room and disabling welcome page, we do not use secure domains.

Thanks for the info @nosmo and @damencho.

Under VirtualHost “jitsi.mydomain.com” in /etc/prosody/conf.d/jitsi.mydomain.com.cfg.lua I’ve set

authentication = "token"
allow_empty_token = false

But if I connect to a random room without using a JWT it’s still letting me in and not asking for any authentication. There’s another VirtualHost “auth.jitsi.mydomain.com” that has:

authentication = "internal_plain"

Should that be set to token as well? Trying 'token" didn’t seem to make a difference.

Turns out when configured correctly, users without a valid JWT will be presented with a login modal, hence blocking them.

I also ran into what seems to be a common issue where the microphone and camera weren’t working. For those who run into this issue I solved it by following the steps outlined here (see my post re: which steps): No audio and video after patching Prosody for Token Authentication
These steps also helped get the JWT config right too.

Hi, @nosmo and @DrMatt , I’m currently trying the same, can you explain me how you performed that?

I did all the steps on https://github.com/jitsi/lib-jitsi-meet/blob/master/doc/tokens.md but I still can join to a room via the Iframe API without a jwt.

Thanks.

Hi @mazueraalvaro what’s showing in your error logs?

There is no way to pass authentication via jitsi meet api without using jwt token?