I have installed the jitsi-meet-token and edited the config following below doc
I am not using a secret server but just use a common secret key.
now when I try to create a meeting, a username/pwd windows will popup.
I have tried to create a new user using:
prosodyctl register auth.jitsi.example
prosodyctl adduser
but the new users cannot login. I inspect the request/response:
request:
iq type=‘get’ to=‘jitsi.example.com’ id=’_auth_1’ xmlns=‘jabber:client’
query xmlns=‘jabber:iq:auth’
username
When you configure tokens when joining a conference you need to provide a correctly signed token as a parameter ?jwt=… Are you providing it? You can use https://jwt.io/ to generate tokens so you can test. When using tokens there are no users to create or anything. Creating and authenticating users is a responsibility of the service providing the tokens.
This is a setting in your webserver, you better use nginx when deploying so you can have more flexibility.
No, its just you create a token for group ‘jitsi’ and the user using that token can connect to https://meet.jit.si/jitsi/someRoom and if the user tries to use the jwt with group ‘google’ access will be denied as token will not be verified against the URL.
I have generate a token on jwt.io. I copied the token from the left panel of the page (the encoded section)
header
{
“kid”: “my_app_shared_secret”,
“typ”: “JWT”,
“alg”: “RS256”
}
I have installed the prosody-trunk_1nightly747-1_trusty_amd64
the virtual host defines:
VirtualHost “jitsi.example.com”
authentication = “token”
app_id=“my_app_id”
app_secret=“my_app_shared_secret”
allow_empty_token=false
ssl = {
key = “/etc/prosody/certs/jitsi.example.com.key”;
certificate = “/etc/prosody/certs/jitsi.example.com.crt”;
}
modules_enabled = {
“bosh”;
“pubsub”;
“ping”;
“presence_identity”; – not sure if this modules is needed
}
c2s_require_encryption = false
now when I try to create a room and login. the prosody log throw error:
Aug 27 15:18:55 general warn Error verifying token err:not-allowed, reason:Not a public PEM key
Remove kid and try again. Kid is when signing with a certificate (not shared secret) and you need to configure prosody from where to fetch the public keys to verify it.
I find:
Alternately the token may be signed by a private key and authorized via public keyserver using RS256 tokens. In this mode, the ‘kid’ header of the JWT must be set to the name of the public key. The backend server must be configured to fetch and confirm keys from a pre-configured public keyserver.
is there any doc about “configured to fetch and confirm keys from a pre-configured public keyserver.”
You can use a common secret used to sign the token and prosody will use the same secret to verify it: app_secret = "example_app_secret";
I am trying to use this one:
so the app_secret is not the one I input when install jitsi-meet-token ? I should use the public key generated on the jwt.io ?
I think I got confused and probably confused you.
So what are you trying to use the shared secret (this is the one that is configured in prosody by default on install time) or the public-private key?
Here in the doc are explained both types, shared secret hs256 and rs256:
Secret is used to compute HMAC hash value and verify the token for HS256 tokens.
Alternately the token may be signed by a private key and authorized via public keyserver using RS256 tokens. In this mode, the 'kid' header of the JWT must be set to the name of the public key. The backend server must be configured to fetch and confirm keys from a pre-configured public keyserver.
really thanks for your patient and great help.
finally I have pass it.
so to achieve the multi-tenant. the username/pwd mode is not supported ? we can only use the token ?
I can just create different token for different company ?
like “room” = “companyA” or “room” =“companyB”
the common secret is the same so I should distinguish user by user name and meeting room ?
or I should use “group” ?
Just a simple question, How did you install prosody-trunk? I tried to install jitsi-meet-tokens but it asks for those dependencies.
The following packages have unmet dependencies:
jitsi-meet-tokens : Depends: prosody-trunk (>= 1nightly747) but it is not installable or
prosody-0.11 but it is not installable or
prosody (>= 0.11.2) but 0.10.0-1build1 is to be installed
hi, damencho , I am trying to use public-private key in JWT , but it alwse tell me “Authenication falied”,and the /var/log/prosody/prosody.log is :Error verifying token err:not-allowed, reason:Not a public PEM key
I already install JWT and working well
but I don’t know
How to change App secret ?
app_id=“my_app_id”
app_secret=“my_app_shared_secret”
Change ID or App_secret