How to let host authenticatie via JWT on mobile

Hi,

We want to use JWT authentication for hosts. But can not find anywhere how that would work on mobile. So if someone in the mobile app starts a meeting and clicks on ‘I am the host’, with JWT (s)he should be redirected to the page where (s)he will get a JWT token and be redirected to the meeting, right?
Or is there a better setup for people starting from the app? Am I missing a setting?

Any help would be greatly appreciated!

Regards,
Rick

1 Like

+1 Would also like to know more about this.

Reading the code I saw a hint of external auth here, which does seem related to the problem.

Taking a closer look it does seem this option is set from the strophe/XMPP connection itself, so probably taking a look at videobridge or maybe jicofo can shed some light? What happens if a conference is configured with external auth?

I hope someone can point out to some documented resources about this.

Cheers,
Gabriel

By reading jitsi-meet code, it does seem this is not implemented yet.
On the web, this should work fine. It seems that an undocumented parameter in config.js called tokenAuthUrl is picked up if set, and the user is redirected to a page set by tokenAuthUrl if both this parameter and secure domain is enabled, but on mobile I do see that tokenAuthUrl is not picked up and the user is offered a dialog for the username and password instead. Can someone confirm this?

There is a similar issue about shibboleth auth on mobile here.

great research. Can you provide some guidance here @saghul?
Thanks!

I’m reviving this old thread to see if anything has changed here… I have a working setup with jwt token authentication which works fine in the browser, but not at all in the app. Instead of being redirected to the TOKEN_AUTH_URL I just get a request asking for username and password.

Is this a dead end?

Yep

I don’t really understand the reference to that thread. If I understand it correctly, the jwt token auth is one of the mechanisms that should not be removed. Does that mean that it will be supported in the apps in the future?

These parts:

Oh, crap. I thought that part was referring to something else than the JWT that we’re using now. Guess that leaves me back to square one on how to find a working authentication flow for Jitsi that works in the future :sleepy:

There is no problem with JWT. You can continue to use the token authentication.

External JWT is not the same thing.

No, the one we’re using is the tokenAuthUrl (just didn’t recognize it when I read it in that thread). When a person tries to enter a room they’re redirected to our idp (via jitsi-openid) and are then redirected back with a JWT. So if tokenAuthUrl is to be deprecated we need to rethink. I guess I’ll have to read up on the available alternatives…

If I understand referenced thread correctly, even if tokenAuthUrl were to be dropped, there will be something else put in place eventually to support a similar usage model.

Ref:

But as emrah pointed out tokenAuthUrl isn’t currently supported on mobile, hence the “dead end” comment with regards to the current thread topic. If you intent to use it mainly for web, then I think there might still be a way forward.

Yep. I guess we’ll have to wait and see what it turns out to be then and hope our users are happy without the app in the meanwhile.