I would like to use iFrame API with a self-hosted Jitsi installation.
I need to make sure that:
only people I decide should be able to participate to the meeting
people should have one of the following roles:
power user: can do a lot of things (I do not use the term “moderator” which is used by Jitsi, too)
simple participant: can do a few things
From my understanding (I am quite new to Jitsi):
I can make sure that only authenticated people can join the meeting:
setting ENABLE_GUESTS=false so that unknown people cannot join the room
using JWT authentication, so that I can set their username, and they cannot modify it
The main problem with this solution is that all the users authenticated using JWT are Jitsi moderators, am I missing something?
I can use iFrame API to customize UI based on their application role. The problem is that a user could potentially see the HTML source code and create an HTML page with the same code, modifying only certain parameters to customize their UI. For example, in my application I would like the “power user” to create breakout rooms and to add “simple participants” to the breakout room, while “simple participants” cannot create breakout rooms and cannot join autonomously breakout rooms. I can achieve that with iFrame API, but I cannot prevent a user from downloading the page and changing the parameters to allow himself to create and join breakout rooms.
Is there a way to enforce that configOverwrite and interfaceConfigOverwrite are not modified by the user? I think the ideal case would be to have them inside the JWT token