How to use jwt mode


#1

hello,
I deploy jitsi meet follow by https://github.com/jitsi/jitsi-meet/blob/master/doc/manual-install.md. And jitsi can work in anonymous mode and it can work fine in internal_plain mode.

Now I want jitsi can work in token mode, and all logs seems fine. But I don’t know how to use jwt. I write a program as follows:

  1. // Create token header as a JSON string

  2.         $header = json_encode(["kid"=>"jitsi/oolo_app_id", 'typ' => 'JWT', 'alg' => 'HS256']);
    
  3.         // Create token payload as a JSON string
    
  4.         $payload = json_encode([
    
  5.         "context"=> [
    
  6.         "user" => [
    
  7.             "avatar" => "https://demo.oolo.com/storage/app/uploads/public/5a1/d7a/a99/thumb_24_100_100_0_0_crop.jpg",
    
  8.             "name" => "juzing",
    
  9.             "email" => "jdoe@example.com",
    
  10.             "id" => "oolo_app_id",
    
  11.             "secret" => "oolo_app_secret"
    
  12.         ],
    
  13.         "group" => "a123-123-456-789"
    
  14.         ],
    
  15.         "aud" => "gengxin",
    
  16.         "iss" => "jeffgeng",
    
  17.         "sub" => "47.106.212.149",
    
  18.         "room" => "*",
    
  19.         "exp" => 1600006923
    
  20.         ]);
    
  21.         // Encode Header to Base64Url String
    
  22.         $base64UrlHeader = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($header));
    
  23.         // Encode Payload to Base64Url String
    
  24.         $base64UrlPayload = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($payload));
    
  25.         // Create Signature Hash
    
  26.         $signature = hash_hmac('sha256', $base64UrlHeader . "." . $base64UrlPayload, 'abC123!', true);
    
  27.         // Encode Signature to Base64Url String
    
  28.         $base64UrlSignature = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($signature));
    
  29.         // Create JWT
    
  30.         $jwt = $base64UrlHeader . "." . $base64UrlPayload . "." . $base64UrlSignature;
    
  31.         echo $jwt;
    

and I can get this string:
https://47.106.212.149/jeffgeng?jwt=“eyJraWQiOiJqaXRzaVwvb29sb19hcHBfaWQiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjb250ZXh0Ijp7InVzZXIiOnsiYXZhdGFyIjoiaHR0cHM6XC9cL2RlbW8ub29sby5jb21cL3N0b3JhZ2VcL2FwcFwvdXBsb2Fkc1wvcHVibGljXC81YTFcL2Q3YVwvYTk5XC90aHVtYl8yNF8xMDBfMTAwXzBfMF9jcm9wLmpwZyIsIm5hbWUiOiJqdXppbmciLCJlbWFpbCI6Impkb2VAZXhhbXBsZS5jb20iLCJpZCI6Im9vbG9fYXBwX2lkIiwic2VjcmV0Ijoib29sb19hcHBfc2VjcmV0In0sImdyb3VwIjoiYTEyMy0xMjMtNDU2LTc4OSJ9LCJhdWQiOiJnZW5neGluIiwiaXNzIjoiamVmZmdlbmciLCJzdWIiOiI0Ny4xMDYuMjEyLjE0OSIsInJvb20iOiIqIiwiZXhwIjoxNjAwMDA2OTIzfQ.0L7rbF1owa-irY0nuEdK309DENyI0o_WSF1pFLlRFdw”

And in the console I get app.bundle.min.js?v=145:2 [connection.js] <n.l>: CONNECTION FAILED: connection.passwordRequired.

I don’t know what’s wrong with this code, and what does above codes means.

Thanks in advance.


#2

If you open Chrome’s network tab and look on the BOSH response it should give more details on what’s wrong.


#3

Thanks, Pawel Domas. My bosh logs says:
Invalid signature

But I don’t know how to deal with it.

Any help is appreciated.


#4

Is the secret the same for signing the token and in prosody config (‘abC123!’)?

You are using “group” => “a123-123-456-789”, this is for the multi-tenant case, where you will access your deployment as https://main.domain.com/companyA/someroom, if you are not using that remove it from the token.

Also you maybe not setting correct values for aud and iss check this for more info: Token Setup


#5

hi damoncho,

My jwt works, after changes config abC123.Thanks.