How to enable jwt token authentication in Docker self-hosted Jitsi? (Please help, trying for days)

Hello, I have a self-hosted Jitsi Server(Docker) and I am trying to enable the jwt token authentication option. I am looking at the self-host Docker guide. These are the relevant parts that I saw:


Here is the link of these pictures:https://jitsi.github.io/handbook/docs/devops-guide/devops-guide-docker
I have done the things told here. I have enabled the “ENABLE_AUTH”, “AUTH_TYPE” variables in the .env file and I specified a “JWT_APP_ID” and “JWT_APP_SECRET” in the .env file again. Then I did

docker-compose down

and

docker-compose up -d

But I can still create/join a room without a token. Can someone please please help me? Do I need to install extra plugins (if so, why didn’t they talk about it in the guide)? Or did I do something wrong? I am trying to do this for days…

set ENABLE_GUESTs=0

I dıd ıt. Stıll no luck.

If possible, Can you share the URL by which you are trying to access jitsi-setup?

for jwt you have to use: https://localhost:8443/myroom?jwt=TOKEN

Of course
https://{an_ıp_address}:8443/roomtryout?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb250ZXh0Ijp7InVzZXIiOnsiYXZhdGFyIjoiaHR0cHM6Ly9yb2JvaGFzaC5vcmcvam9obi1kb2UiLCJuYW1lIjoiSm9obiBEb2UiLCJlbWFpbCI6Impkb2VAZXhhbXBsZS5jb20ifX0sInN1YiI6IioiLCJpc3MiOiJteV9qaXRzaV9hcHBfaWQiLCJyb29tIjoiKiJ9.piDCVrAhDmUtXGcgC22XwHBMhiYzBty-9nYBCl2aK7I

Can you try below config to generate token?

{
  "context": {
    "user": {
      "avatar": "https://robohash.org/john-doe",
      "name": "John Doe",
      "email": "jdoe@example.com"
    }
  },
  "iss": "my_jitsi_app_id",
  "sub": "https://localhost:8443",
  "room": "*"
}

It ıs not localhost for me becaseu I am connecting remotely

Yes please change it accordingly

Tried it. Same… No progress

Did you remove the previous config before running docker-compose up -d command?

For me it is working fine with below config.

# Select authentication type: internal, jwt or ldap
AUTH_TYPE=jwt

# JWT authentication
#

# Application identifier
JWT_APP_ID=my_id

# Application secret known only to your token
JWT_APP_SECRET=XXXX

# (Optional) Set asap_accepted_issuers as a comma separated list
JWT_ACCEPTED_ISSUERS=my_web_client,my_app_client

# (Optional) Set asap_accepted_audiences as a comma separated list
JWT_ACCEPTED_AUDIENCES=myserver1,myserver2

JWT_ALLOW_EMPTY=0
JWT_TOKEN_AUTH_MODULE=token_verification
#

I left the optional parts (after the secret) commented. Did you install the prosody token plugin?

yes. token_verification is enabled by default.
{{ $JWT_TOKEN_AUTH_MODULE := .Env.JWT_TOKEN_AUTH_MODULE | default "token_verification" }} in jitsi-meet.cfg.lua

{{ if and $ENABLE_AUTH (eq $AUTH_TYPE "jwt") }}
        "{{ $JWT_TOKEN_AUTH_MODULE }}";
{{ end }}

Set prosody to debug mode using - LOG_LEVEL=debug and check for token_verification

I dıd not :smiley: maybe that ıs why but ın the guide it does not talk about the plugin

Waıt. I dıdnt catch it. How will I Set prosody to debug mode using LOG_LEVEL=debug? Where will I do ıt? And ıf ıt ıs default should I not ınstall the plugin?

add LOG_LEVEL=debug in docker-compose.yml file under service: prosody environment

Okay I wıll. I have to go right now but as soon as I do it, I will write here. You are the most helping person thank you so much, hope I can contact again.

1 Like

If I won’t help anyone then no one will help me.

Hello, I did not remove the previouse config but instead did “docker-compose down” and then “docker-compose up -d”. (I stıll could not do the debug thing [not accesing the server rn] but I tried to enter a room with the token and the name of the person I wrote to the token got displayed on the screen. I think the token is being registered correctly but I still could join w/o a token)

I dıd this and restarted the server but I do not know where to check.

what’s the value of JWT_ALLOW_EMPTY?