I have Jitsi Meet with JWT tokens enabled and working.
Everything is great except Shared Screen (Desktop) functionality for moderators is disabled.
If I set “enableFeaturesBasedOnToken: false;” in the config file, shared screen works for all users as expected.
If I set “enableFeaturesBasedOnToken: true”
Guest are shown, “Guest can’t share share” (which is expected)
Moderator is shown " Share Screen Disabled" (not expected)
How can I enable shared screen to work for moderators only with enableFeaturesBasedOnToken: true?
I did the quick install + JWT setup +
-- Token moderation
-- this module looks for a field on incoming JWT tokens called "moderator".
-- If it is true the user is added to the room as a moderator, otherwise they are set to a normal user.
-- Note this may well break other affiliation based features like banning or login-based admins
local log = module._log;
local jid_bare = require "util.jid".bare;
local json = require "cjson";
local basexx = require "basexx";
local um_is_admin = require "core.usermanager".is_admin;
local function is_admin(jid)
return um_is_admin(jid, module.host);
end
log('info', 'Loaded token moderation plugin');
-- Hook into room creation to add this wrapper to every new room
module:hook("muc-room-created", function(event)
log('info', 'room created, adding token moderation code');
local room = event.room;
local _handle_normal_presence = room.handle_normal_presence;
This file has been truncated. show original
My versions
ii jitsi-meet 2.0.5142-1
ii jitsi-meet-prosody 1.0.4466-1
ii jitsi-meet-turnserver 1.0.4466-1
Meet
ii jitsi-meet-web 1.0.4466-1
ii jitsi-meet-web-config 1.0.4466-1
Meet
ii jitsi-videobridge2 2.1-376-g9f12bfe2-1
onClick = { this._onToolbarToggleFullScreen }
text = { _fullScreen
? t('toolbar.exitFullScreen')
: t('toolbar.enterFullScreen') } />,
<LiveStreamButton
key = 'livestreaming'
showLabel = { true } />,
<RecordButton
key = 'record'
showLabel = { true } />,
this._shouldShowButton('sharedvideo')
&& <OverflowMenuItem
accessibilityLabel =
{ t('toolbar.accessibilityLabel.sharedvideo') }
icon = 'icon-shared-video'
key = 'sharedvideo'
onClick = { this._onToolbarToggleSharedVideo }
text = { _sharingVideo
? t('toolbar.stopSharedVideo')
: t('toolbar.sharedvideo') } />,
this._shouldShowButton('etherpad')
Have you added in jwt token the feature ‘screen-sharing’?
Thank you for quick reply.
Do you mean on the token itself? I just tried the following
…
“room”: “*”,
“screen-sharing”: true,
“moderator”: true
}
Unfortunately, I’m still seeing the Share Screen Disabled message for the moderator.
Does screen-sharing’ need to go somewhere else?
Nope, that should be in
"context": {
....
"features": {
“screen-sharing”: true
}
}
Thanks, Damencho.
I tried that too. Unfortunately, that still didn’t work. I tried a hard refresh just incase, but it’s still showing “Share Screen Disabled”.
Here’s the full JWT payload.
{
“context”: {
“users”:{
“name”: “Moderator”
},
“features”: {
“screen-sharing”: true
}
},
“aud”: “xxxxxxx”,
“iss”: “xxxxxxxx”,
“sub”: “xxxxxxxx”,
“room”: “*”,
“moderator”: true
}
With the token, I’m able to start the meeting, mute all users, kick a user out, etc… It’s only Share Screen that is disabled.
Am I still structuring the token wrong for “screen-sharing”?
I checked the following page and few others but didn’t see anything regarding features and tokens:
JWT token authentication Prosody plugin
==================
This plugin implements Prosody authentication provider that verifies client connection based on JWT token described in [RFC7519].
It allows to use any external form of authentication with lib-jitsi-meet. Once your user authenticates you need to
generate the JWT token as described in the RFC and pass it to your client app. Once it connects with valid token is considered authenticated by jitsi-meet system.
During configuration you will need to provide the *application ID* that identifies the client and a *secret* shared by both server and JWT token generator. Like described in the RFC, secret is used to compute HMAC hash value which allows to authenticate generated token. There are many existing libraries which can be used to implement token generator. More info can be found here: [http://jwt.io/#libraries-io]
JWT token authentication currently works only with BOSH connections.
[RFC7519]: https://tools.ietf.org/html/rfc7519
[http://jwt.io/#libraries-io]: http://jwt.io/#libraries-io
### Token structure
The following JWT claims are used in authentication token:
- 'iss' specifies *application ID* which identifies the client app connecting to the server. It should be negotiated with the service provider before generating the token.
- 'room' contains the name of the room for which the token has been allocated. This is *NOT* full MUC room address. Example assuming that we have full MUC 'conference1@muc.server.net' then 'conference1' should be used here. Alternately, a '*' may be provided, allowing access to all rooms within the domain.
- 'exp' token expiration timestamp as defined in the RFC
This file has been truncated. show original
Yeah that had not been used a lot … and no docs for this feature … Need to test it and debug js why it does not respect it …
tholmgren:
{
“context”: {
“users”:{
“name”: “Moderator”
},
“features”: {
“screen-sharing”: true
}
},
“aud”: “xxxxxxx”,
“iss”: “xxxxxxxx”,
“sub”: “xxxxxxxx”,
“room”: “*”,
“moderator”: true
}
Thanks. I really appreciate it. If you need anything, please let me know.
emrah
November 4, 2020, 10:26am
#8
“users
” should be “user
”
“screen-sharing
” works for me.
the latest stable
the token content (screen-sharing
) is same with your example
I didn’t test with token_moderation
, I have token_affiliation
Thanks, Emrah.
Odd, I tried your script too… I’m still getting the disabled message for shared desktop.
Do you have the following in your config?
enableUserRolesBasedOnToken: true,
enableFeaturesBasedOnToken: true,
emrah
November 4, 2020, 8:54pm
#10
yes, both of them are true
emrah
November 4, 2020, 9:04pm
#11
This is a working token
{
"aud": "myapp",
"iss": "myapp",
"sub": "meet.mydomain.com",
"exp": 1604566635,
"room": "test-1234",
"context": {
"user": {
"name": "myname",
"email": "myemail@gmail.com",
"avatar": "https://gravatar.com/avatar/abc123.png",
"affiliation": "owner"
},
"features": {
"recording": true,
"livestreaming": true,
"screen-sharing": true
}
}
}
and the link
https://meet.mydomain.com/test-1234?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJteWFwcCIsImlzcyI6Im15YXBwIiwic3ViIjoibWVldC5teWRvbWFpbi5jb20iLCJleHAiOjE2MDQ1NjY2MzUsInJvb20iOiJ0ZXN0LTEyMzQiLCJjb250ZXh0Ijp7InVzZXIiOnsibmFtZSI6Im15bmFtZSIsImVtYWlsIjoibXllbWFpbEBnbWFpbC5jb20iLCJhdmF0YXIiOiJodHRwczpcL1wvZ3JhdmF0YXIuY29tXC9hdmF0YXJcL2FiYzEyMy5wbmciLCJhZmZpbGlhdGlvbiI6Im93bmVyIn0sImZlYXR1cmVzIjp7InJlY29yZGluZyI6dHJ1ZSwibGl2ZXN0cmVhbWluZyI6dHJ1ZSwic2NyZWVuLXNoYXJpbmciOnRydWV9fX0.Do1iIGwI7e2lff-7k3rRrn0B5V-KQnygaWThZg4OMAY
1 Like
emrah
November 4, 2020, 9:24pm
#12
There may be a browser issue too. Try private window
or incognito window
1 Like
Solved!
Emrah, you were correct… it was the “users” in the token then a hard refresh to clear my cache.
Everything works now.
Thank you for your help.
1 Like
Emrah, have you find features options somewhere?
I want to activate or disable other features but I don’t find any list to know which features I can edit.
Thanks.
emrah
November 25, 2020, 8:49pm
#15
For the future readers, discussed here
1 Like