KarTha
May 11, 2022, 5:39pm
#1
is there a way to add into the options parameter the prosody user credentials so i can skip the enter host credentials state when i have authentication on? my use case is that I am using wordpress for my website and want to use jitsi’s iframe api within it, I want the login to happen through wordpress and if a user wants to host a meeting they only need to first be logged into the wordpress website.
My current guess is that it involves the jwt token parameter in options, if correct how do format the token, if not, how would I go about adding this to the iframe myself? (as in what files need to be added and edited)
Thank you
KarTha:
My current guess is that it involves the jwt token parameter in options, if correct how do format the token, if not, how would I go about adding this to the iframe myself? (as in what files need to be added and edited)
This is exactly the usecase for jwt. You need some server side script generating jwt tokens for a logged in user, pass it to web where the web pass it to the iframeAPI and of course your deployment needs to be configured to use jwt.
JWT token authentication Prosody plugin
==================
This plugin implements a Prosody authentication provider that verifies a client connection based on a JWT token described in [RFC7519].
It allows use of an external form of authentication with lib-jitsi-meet. Once your user authenticates you need to
generate the JWT token as described in the RFC and pass it to your client app. Once it connects with a valid token it is considered authenticated by the jitsi-meet system.
During configuration you will need to provide the *application ID* that identifies the client and a *secret* shared by both server and JWT token generator. Like described in the RFC, the secret is used to compute a HMAC hash value which allows authentication of the generated token. There are many existing libraries which can be used to implement token generation. More info can be found here: [http://jwt.io/#libraries-io]
JWT token authentication only currently works with BOSH connections.
[RFC7519]: https://tools.ietf.org/html/rfc7519
[http://jwt.io/#libraries-io]: http://jwt.io/#libraries-io
### Token structure
The following JWT claims are used in the authentication token:
- 'iss' specifies the *application ID* which identifies the client app connecting to the server. It should be negotiated with the service provider before generating the token.
- 'room' contains the name of the room for which the token has been allocated. This is *NOT* the full MUC room address. An example assuming that we have full MUC 'conference1@muc.server.net' would be that 'conference1' should be used here. Alternately, a '*' may be provided, allowing access to all rooms within the domain.
- 'exp' token expiration timestamp as defined in the RFC
show original
There are examples how to pass jwt to the iframe API IFrame API | Jitsi Meet
KarTha
May 11, 2022, 6:45pm
#3
so do i put in a json for the jwt, or an encoded version (so an actual jwt token)
KarTha
May 11, 2022, 6:47pm
#4
nvm i can’t read, so i have to generate the jwt token myself and put that into the options
KarTha
May 11, 2022, 7:37pm
#5
@damencho so I am still confused where to get the data to make up the jwt token for a meeting
KarTha
May 11, 2022, 7:45pm
#7
iss, exp, sub and aud. (I assume room_name is up to the me?) Also where to i specify the password in the json for the jwt token?
These depend on how you set up your backend.