How to pass authentication credentials in URL


#1

Hi,

after installing a messaging server based on Matrix/Riot I found that they fully support Jitsi for audio and video conferencing.

I’ve set up my own Jitsi server within 2 hours with LDAP authentication, that was straight forward and works pretty well.

When I want to integrate Jitsi now in a room on my Matrix server, I need to configure a URL for the room. No big deal normally, but I have secured my Jitsi for room creation - I don’t want the whole internet to use it.

I did not find how to pass credentials, so that my Server can directly create the room without the need to manually “enter” the auth credentials.

https://username:password@jitsi.mydomain.de does not work :confused:

Can anybody help me? Or mayb there is a way to list an IP address which can bypass the authentication?


#2

The only way to do that currently is to have those set in the local storage.
The values that needs to be added in localstorage are xmpp_username_override and xmpp_password_override. https://github.com/jitsi/jitsi-meet/blob/84b589719f4d1e9d29870ebc0d741822338ec89e/connection.js#L167
This is how jibri is currently connecting authenticated.


#3

Hi @damencho,

I don’t get the point … I have a different server (Matrix-Synapse) which needs to be able to create a Jitsi room without Authentication (as it is not a human). The only way to specify the Jitsi instance is to enter the URL of my Jitsi server for the room it needs to create.

As my server is needing authentication how should I pass the auth credentials inside the URL I can specify in my Matrix server?

So either I need a way to include the username and password in the URL, or better to specify the IP of my server in a way that incoming requests from this IP can create a room without the need of entering the username and password.

The only other option I can think of is to try to create a second virtual host without authentication which can create a room directly with a strange subdomain (like https://fgalkjflsdiz.mydomain.org) and specify this in the HOSTS file of my Matrix server to avoid creating a real public DNS A record (which could be easily found with a “dig”).


#4

Note that these domains are listable by any connected XMPP client via disco#items

Boris


#5

I did a short test and it still does not work either. So I still need a kind of solution for that (I can’t do a wide open Jitsi Server anybody can use, but I need my Matrix server to be able to create a room)


#6

Can you explain what does this creating room means, I don’t get it?
The room is created when the first participant joins and destroyed when the last one leaves…


#7

@damencho
Sure. The creation etc. works perfectly, but I have secured my Jitsi so that the first visitor of the room must log in (Hit “I am the host” and then enter username / password) to prevent anybody to use my Jitsi server.

The issue is that Matrix can’t “create” a room as it’s not able to “virtually” hit the “I’m the host” button and enter login credentials. So I’m looking for a way to bypass that so that my Jitsi installation is still secured but my Matrix server can create a room on demand even without the need of authenticate.


#8

Sorry, but I’m not familiar with Matrix and what does it do and I’m trying to understand what is your goal.
So, your goal is to ‘create a room’ with Matrix and post a link some where and let all other participants join anonymously?
Your goal is to have a secured jitsi-meet deployment, so only the matrix users can join?
Are you able to send participants individual links that they can use? How that works?

If you are integrating jitsi-meet in Matrix and can handle link, per user, you can setup jitsi-meet to use jwt tokens and distribute links with tokens. The generated tokens can be per room and cannot be used for other rooms. Just an idea, without knowing the specifics.