How to use JWT token in jitsi external API

Good morning, everyone,

I am currently using the “jitsi meet external API”.
Currently I want to have a video conference admin and guests
but I have a problem when I use a token JWT that I build as follows:

<<
headers: {
“kid”: “jitsi/ckws”,
“alg”: “RS256”,
“typ”: “JWT”
}

payload:{
“context”: {
“user”: {
“avatar”:"",
“name”: “ckwebsoft”,
“email”: "ckws@ckwebsoft.fr",
“id”: “id-1”
},
“group”: “g-1”
},
“aud”: “jitsi”,
“iss”: “ckwebsoft”,
“sub”: “meet.jit.si”,
“room”: “envisite”,
“exp”: 159084646376
}

I get this error in the console:

"[modules/statistics/statistics.js] <b.sendAnalyticsAndLog>: {“type”: “operational”, “action”: “connection.failed”, “attributes”:{“error_type”: “connection.passwordRequired”, “error_message”:null}} Logger.js:125:17

[Amplitude] WARNING: Property key “error_message” with invalid value type null, ignoring amplitude.js:2085

[connection.js] >: FAILED CONNECTION: connection.passwordRequired Logger.js:125

react/features/base/base/connection/actions.web.js] <a/</</</</<>: connection.passwordRequired ".

I don’t exactly understand what to put in the “kid” property,
please, is there anyone who can give me a concrete example showing how to generate and use a token JWT in jitsi external API.

Kid is when you are using certificates to sign the token and a server to query for the pub certificates. Explained in 2. in https://github.com/jitsi/lib-jitsi-meet/blob/master/doc/tokens.md

Alternately instead of using a shared secret you can set an asap_key_server to the base URL where valid/accepted public keys can be found by taking a sha256() of the 'kid' field in the JWT token header, and appending .pem to the end

Hi @damencho

thank you for your response

Currently I use “jitsi meet external API” i.e. I don’t have a server on my side, I use directly your “jitsi” servers with this config.js:

hosts: {
// XMPP domain.
domain: jitsi-meet.example.com’,

    /// When using authentication, domain for guest users.
    // Anonymous domain: guest.example.com',

    // Domain for authenticated users. Defaults to <domain>.
    // authdomain:'jitsi-meet.example.com',

    // Jirecon recording component domain.
    // jirecon:'jirecon.jitsi-meet.example.com',

    // Call control component (Jigasi).
    // call_control:'callcontrol.jitsi-meet.example.com',

    // Focus component domain. Defaults to focus. <domain>.
    // focus:'focus.jitsi-meet.example.com',

    // XMPP MUC domain. FIXED: use XEP-0030 to discover it.
    muc: conference.jitsi-meet.example.com
},

// BOSH URL. FIXED: use XEP-0156 to discover it.
bosh: `` //jitsi-meet.example.com/http-bind'',

// The name of client node advertised in XEP-0115'c' stanza
clientNode:'http://jitsi.org/jitsimeet',

what I don’t understand is how jitsi will check the token since it doesn’t have the secret that was used to generate the JWT token.

concretely can you give me an example of a JWT token with the HS256 algorithm

Headers
{
“typ”: “JWT”,
“alg”: “RS256”
}

Payload
{
“aud”: ???,
“iss”: ???,
“sub”: ???,
“room”: “*”
}

Thank you so much for your help.

The idea of jwt is to have external service that create tokens pass it to some client which uses a deployment, this way to authenticate users, where both service creating tokens and deployment are configured with sharing the same secret.
As you don’t have the meet.jit.si secret or private certificate for signing jwt token, you cannot use that deployment.
Why you want to use tokens with meet.jit.si?

I want to use JWT tokens to set up the ADMIN and GUESTS system,

I noticed that all users who connect to the conference all have the role ADMIN (role: “moderator”) and I would like to set up the system where there will be an admin and one or more guests.

and when I read the documentation, it says that everyone who joins the conference with a JWT token will be considered ADMIN and the others will be guests.

what is the way to have an ADMIN/ GUEST system.

Thank you in advance for your answer.

You need to have your own deployment and configure it according to your needs.

currently I’m working on windows, I’ll try to install a linux virtual machine and install jitsi meet on it.

Thank you for all this information.

hi @damencho

now I have my own “jitsi-meet” deployment, I installed it according to your tutorial.

I also installed “jitsi-meet-tokens” with this command “apt-get install jitsi-meet-tokens”.

what I don’t understand is that when I connect to a ROOM, it asks me for a "user@domain.net" and a “password”. Is that normal?

currently I’m stuck on how to get the ADMIN/guest system.

can you help me, please.

Screenshot_2019-06-14%20Jitsi%20Meet

If you have installed tokens package, you had configured tokens and need to provide token whenever you connect.