Guest permissions

We have running Jitsi Meet in a Rocket.Chat environment.
Everything works fine.
For security we configured the JWT authentication. So nobody has access from outside or can create a meeting.

Now we want guests to invite in a running Jitsi Meet meeting.
But at this point the guest has to login with credentials (because of the JWT authentication).

There are two possibilities:

  1. set up a VirtualHost for guests
  2. add allow_empty_token = true; to the VirtualHost with the token authentication

I tried 2) now. But guests can then create meetings again.
How can I prevent this problem ?
So guests can join a meeting but are not allowed to create one ?

Nobody any answer ?

This is by design.

Have you any suggestion how we can solve this ?

I have the same problem. I would like guests to join existing rooms but not create new ones.

Somebody did just a configuration like this:

VirtualHost "jitsi.example.com"
    authentication = "token"
    app_id = 'jitsi.example.com'
    app_secret = 'supersecret'
    ssl = {
        key = "/var/lib/prosody/jitsi.example.com.key";
        certificate = "/var/lib/prosody/jitsi.example.com.crt";
    }
    modules_enabled = {
        "bosh";
        "pubsub";
        "presence_identity";
    }
    allow_empty_token = false
    c2s_require_encryption = false

VirtualHost "guest.jitsi.example.com"
    authentication = "token"
    app_id = 'jitsi.example.com'
    app_secret = 'supersecret'
    allow_empty_token = true
    c2s_require_encryption = false

Could this work ?

Yes, it works for me with these same parameters

VirtualHost "meet.domain.com"
    authentication = "token"
    app_id="id"
    app_secret="*****"
    ssl = {
        key = "/etc/prosody/certs/meet.domain.com.key";
        certificate = "/etc/prosody/certs/meet.domain.com.crt";
    }
    av_moderation_component = "avmoderation.meet.domain.com"
    speakerstats_component = "speakerstats.meet.domain.com"
    conference_duration_component = "conferenceduration.meet.domain.com"
    modules_enabled = {
        "bosh";
        "pubsub";
        "ping"; -- Enable mod_ping
        "speakerstats";
        "external_services";
        "conference_duration";
        "muc_lobby_rooms";
        "presence_identity";
        "av_moderation";
    }
    c2s_require_encryption = false
    lobby_muc = "lobby.meet.domain.com"
    main_muc = "conference.meet.domain.com"
....
....
....
VirtualHost 'guest.meet.domain.com'
    authentication = 'token';
    app_id = 'id';
    app_secret = '******';
    c2s_require_encryption = true;
    allow_empty_token = true

And you can’t create a meeting with for example https://guest.meet.domain.com/room0815 ?

These domains are internal for the system and has nothing to do with the DNS, so you cannot use a host like guest.meet.domain.com, there is only one DNS for your deployment in your example this is meet.domain.com

This is not running on our side.
I get when I share a call with a video link still the request for username and password.

Do I have to change something else ? Perhaps in the config.js ?