Inexperienced user, I need help with JWT

Computer_Doctor · January 28, 2020, 4:45pm

Hello,
thank you for this awesome software! I am trying to use JWT authentication, so that only logged-in wordpress users will have access to rooms. I am trying to log-in with a predefined key from jwt.io by using this javascript snippet (nothing changed, even the key is a real one).

<div id="roomdiv"></div>
<script src="https://meet.jit.si/external_api.js"></script>
<script>
var domain = "conference.think-free.net";
var room = "testroom";
var width = document.getElementById("roomdiv").parentNode.parentElement.width;
var height = 500;
var jwt = 'eyJraWQiOiJqaXRzaS9jdXN0b21fa2V5X25hbWUiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjb250ZXh0Ijp7InVzZXIiOnsiYXZhdGFyIjoiaHR0cHM6L2dyYXZhdGFyLmNvbS9hdmF0YXIvYWJjMTIzIiwibmFtZSI6IkpvaG4gRG9lIiwiZW1haWwiOiJqZG9lQGV4YW1wbGUuY29tIiwiaWQiOiJhYmNkOmExYjJjMy1kNGU1ZjYtMGFiYzEtMjNkZS1hYmNkZWYwMWZlZGNiYSJ9LCJncm91cCI6ImExMjMtMTIzLTQ1Ni03ODkifSwiYXVkIjoiaml0c2kiLCJpc3MiOiJteV9jbGllbnQiLCJzdWIiOiJtZWV0LmppdC5zaSIsInJvb20iOiIqIiwiZXhwIjoxNTAwMDA2OTIzfQ.f4v7Kz3bO-rx_eiIdrW_W9HTFqQhQNzLYqjGw7y0EDk';
var options = {
    interfaceConfigOverwrite: {
        SHOW_JITSI_WATERMARK: false,
        SHOW_BRAND_WATERMARK: false,
        BRAND_WATERMARK_LINK: '',
        SHOW_POWERED_BY: false,
        SHOW_DEEP_LINKING_IMAGE: false,
        GENERATE_ROOMNAMES_ON_WELCOME_PAGE: false,
        DISPLAY_WELCOME_PAGE_CONTENT: false,
        DISPLAY_WELCOME_PAGE_TOOLBAR_ADDITIONAL_CONTENT: false,
        APP_NAME: 'Think Free',
        NATIVE_APP_NAME: 'Think Free',
        PROVIDER_NAME: 'Think-Free.net',
        INVITATION_POWERED_BY: false,
}
};
var api = new JitsiMeetExternalAPI(domain, room, width, height, document.getElementById("roomdiv"), options, jwt);
</script>

I am totally lost. Every single guide I’ve found is super hard for me to follow.

Is there anything that would explain server and client side setup in a step-by-step, easy to follow guide?

Thank you again.

damencho · January 29, 2020, 3:44am

Did you try passing the options as shown in the example: https://github.com/jitsi/jitsi-meet/blob/master/doc/examples/api.html#L10

var options = {
    roomName: room,
    width,
    height,
    parentNode: document.getElementById("roomdiv"),
    jwt,
    interfaceConfigOverwrite: {
        SHOW_JITSI_WATERMARK: false,
        SHOW_BRAND_WATERMARK: false,
        BRAND_WATERMARK_LINK: '',
        SHOW_POWERED_BY: false,
        SHOW_DEEP_LINKING_IMAGE: false,
        GENERATE_ROOMNAMES_ON_WELCOME_PAGE: false,
        DISPLAY_WELCOME_PAGE_CONTENT: false,
        DISPLAY_WELCOME_PAGE_TOOLBAR_ADDITIONAL_CONTENT: false,
        APP_NAME: 'Think Free',
        NATIVE_APP_NAME: 'Think Free',
        PROVIDER_NAME: 'Think-Free.net',
        INVITATION_POWERED_BY: false,
    }
};
var api = new JitsiMeetExternalAPI(domain, options);

Computer_Doctor · January 29, 2020, 10:18pm

Uhm,… yes. This is the exact script I am using as you suggested.

<div id="roomdiv"></div>
<script src="https://meet.jit.si/external_api.js"></script>
<script>
var domain = "conference.think-free.net";
var options = {
    roomName: "testroom",
    width: document.getElementById("roomdiv").parentNode.parentElement.width,
    height: 500,
    parentNode: document.getElementById("roomdiv"),
jwt: 'eyJraWQiOiJqaXRzaS9jdXN0b21fa2V5X25hbWUiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjb250ZXh0Ijp7InVzZXIiOnsiYXZhdGFyIjoiaHR0cHM6L2dyYXZhdGFyLmNvbS9hdmF0YXIvYWJjMTIzIiwibmFtZSI6IkpvaG4gRG9lIiwiZW1haWwiOiJqZG9lQGV4YW1wbGUuY29tIiwiaWQiOiJhYmNkOmExYjJjMy1kNGU1ZjYtMGFiYzEtMjNkZS1hYmNkZWYwMWZlZGNiYSJ9LCJncm91cCI6ImExMjMtMTIzLTQ1Ni03ODkifSwiYXVkIjoiaml0c2kiLCJpc3MiOiJteV9jbGllbnQiLCJzdWIiOiJtZWV0LmppdC5zaSIsInJvb20iOiIqIiwiZXhwIjoxNTAwMDA2OTIzfQ.f4v7Kz3bO-rx_eiIdrW_W9HTFqQhQNzLYqjGw7y0EDk',
    interfaceConfigOverwrite: {
        SHOW_JITSI_WATERMARK: false,
        SHOW_BRAND_WATERMARK: false,
        BRAND_WATERMARK_LINK: '',
        SHOW_POWERED_BY: false,
        SHOW_DEEP_LINKING_IMAGE: false,
        GENERATE_ROOMNAMES_ON_WELCOME_PAGE: false,
        DISPLAY_WELCOME_PAGE_CONTENT: false,
        DISPLAY_WELCOME_PAGE_TOOLBAR_ADDITIONAL_CONTENT: false,
        APP_NAME: 'Think Free',
        NATIVE_APP_NAME: 'Think Free',
        PROVIDER_NAME: 'Think-Free.net',
        INVITATION_POWERED_BY: false,
    }
};
var api = new JitsiMeetExternalAPI(domain, options);
</script>

And this is my javascript console. I just wanna cry.

damencho · January 29, 2020, 10:38pm

Your deployment is not working, checkout https://conference.think-free.net/http-bind, it should look like https://meet.jit.si/http-bind.

Computer_Doctor · January 30, 2020, 11:23am

Hello!
I’ve managed to get there. Now this

https://conference.think-free.net/http-bind

looks like this

https://meet.jit.si/http-bind

But when I open the same room from two browsers, one browser (user) cannot see the other one in the room.

This is my browser’s console from the page where I include the JavaScript from above.

Please, any help will be appreciated.

damencho · January 30, 2020, 12:12pm

Your deployment is still not working. Check out prosody logs, there must be any errors as your xmpp connection never got established.

Computer_Doctor · January 31, 2020, 12:50pm

@damencho please I seriously need some help here…

This is my log file. I’ve fixed the entries in my error log (pointed to the right SSL cert and key file) but I got the following errors in my log file.

root@vps758495:/etc/prosody# tail -f /var/log/prosody/prosody.log
Jan 31 13:42:30 c2s5573ca53c8a0 info Authenticated as focus@auth.conference.think-free.net
Jan 31 13:42:30 jitsi-videobridge.conference.think-free.net:component warn Component not connected, bouncing error for:
Jan 31 13:42:33 mod_bosh info Client tried to use sid ‘79515f7e-817b-4253-b25c-c5f4ec841bb6’ which we don’t know about
Jan 31 13:42:39 jcp5573ca672cb0 info Incoming Jabber component connection
Jan 31 13:42:39 jitsi-videobridge.conference.think-free.net:component info External component successfully authenticated
Jan 31 13:44:03 mod_bosh info New BOSH session, assigned it sid ‘f496f0d3-337d-4eae-aa69-f1c3755de8a7’
Jan 31 13:44:03 boshf496f0d3-337d-4eae-aa69-f1c3755de8a7 warn No available SASL mechanisms, verify that the configured authentication module is working
Jan 31 13:47:01 mod_bosh info New BOSH session, assigned it sid ‘93c6adef-752b-483b-8d00-07b818999609’
Jan 31 13:47:01 bosh93c6adef-752b-483b-8d00-07b818999609 warn No available SASL mechanisms, verify that the configured authentication module is working
Jan 31 13:47:23 bosh93c6adef-752b-483b-8d00-07b818999609 info BOSH client disconnected

damencho · January 31, 2020, 1:13pm

Enable this in your global config for prosody and restart prosody:

github.com

jitsi/jitsi-meet/blob/master/doc/debian/jitsi-meet-prosody/prosody.cfg.lua-jvb.example#L15




turncredentials_secret = "__turnSecret__";


turncredentials = {
  { type = "stun", host = "jitmeet.example.com", port = "443" },
  { type = "turn", host = "jitmeet.example.com", port = "443", transport = "udp" },
  { type = "turns", host = "jitmeet.example.com", port = "443", transport = "tcp" }
};


cross_domain_bosh = false;
consider_bosh_secure = true;


VirtualHost "jitmeet.example.com"
        -- enabled = false -- Remove this line to enable this host
        authentication = "anonymous"
        -- Properties below are modified by jitsi-meet-tokens package config
        -- and authentication above is switched to "token"
        --app_id="example_app_id"
        --app_secret="example_app_secret"
        -- Assign this host a certificate for TLS, otherwise it would use the one
        -- set in the global section (if any).

Computer_Doctor · January 31, 2020, 1:18pm

Does this look alright? The “SASL” error won’t go away…

Jan 31 14:16:01 jcp55d4e92dc550 info Incoming Jabber component connection
Jan 31 14:16:01 focus.conference.think-free.net:component info External component successfully authenticated
Jan 31 14:16:04 c2s55d4e93e4ac0 info Client connected
Jan 31 14:16:04 c2s55d4e93e4ac0 info Stream encrypted (TLSv1.2 with ECDHE-RSA-AES256-GCM-SHA384)
Jan 31 14:16:04 c2s55d4e93e4ac0 info Authenticated as focus@auth.conference.think-free.net
Jan 31 14:16:04 jitsi-videobridge.conference.think-free.net:component warn Component not connected, bouncing error for:
Jan 31 14:16:09 jcp55d4e9085620 info Incoming Jabber component connection
Jan 31 14:16:09 jitsi-videobridge.conference.think-free.net:component info External component successfully authenticated
Jan 31 14:16:27 mod_bosh info New BOSH session, assigned it sid ‘4b674208-69c0-40c0-a79e-4d60d21b02b1’
Jan 31 14:16:27 bosh4b674208-69c0-40c0-a79e-4d60d21b02b1 warn No available SASL mechanisms, verify that the configured authentication module is working

damencho · January 31, 2020, 1:22pm

Do you see it working? Event though I see the error:

Any errors in the error log, when loading or when opening the connection?

Computer_Doctor · January 31, 2020, 1:24pm

The tail command on the error log…

tail -f /var/log/prosody/prosody.err

Returns nothing since i changed the Key file and the Cert file. It’s clean…

damencho · January 31, 2020, 1:27pm

And is it working?

Computer_Doctor · January 31, 2020, 6:22pm

@damencho

Uhm… not as expected I think.
I tried to run the same script (same settings, same JWT auth key etc) from two different computers and the result was that they both were in the room “testroom”, but as they would be alone.

So, I logged in to one room, from two computers, and it was like i was logged in to two different rooms.

The log file upon page-refresh of each computer:

Jan 31 19:17:41 boshe8d008f1-7a1c-4cae-88fb-168dd972897d info BOSH client disconnected
Jan 31 19:17:44 mod_bosh info New BOSH session, assigned it sid ‘5a5d1d42-da7f-4406-bd94-c7bf7ff89ed9’
Jan 31 19:17:44 bosh5a5d1d42-da7f-4406-bd94-c7bf7ff89ed9 warn No available SASL mechanisms, verify that the configured authentication module is working
Jan 31 19:17:55 bosh6b94c34a-42ca-4e04-af64-615c712fc85b info BOSH client disconnected
Jan 31 19:17:56 mod_bosh info New BOSH session, assigned it sid ‘ec1a2d3b-2f8b-461e-a96c-8d9b5c803337’
Jan 31 19:17:56 boshec1a2d3b-2f8b-461e-a96c-8d9b5c803337 warn No available SASL mechanisms, verify that the configured authentication module is working

The error log is still clean.

Computer_Doctor · January 31, 2020, 7:44pm

@damencho finally I made a step further!!! But I still get an error.

Another user’s post helped me to install luacrypto successfully (here is the post, where you helped him solve his problem!).

I installed it correctly, reloaded/restarted the services without a problem. I din’t get any compiler errors, all went ok. But when I tried to log in to the room… I got the error below.

The error I got:

Jan 31 20:38:16 mod_bosh info New BOSH session, assigned it sid ‘89d0a907-ebd8-4855-a6ca-fb4206777fc9’
Jan 31 20:38:17 bosh89d0a907-ebd8-4855-a6ca-fb4206777fc9 info Authenticated as 84212d70-7289-42c3-8359-d3cd7ffce1a7@conference.think-free.net
Jan 31 20:38:20 c2s559f0e67e580 error Traceback[c2s]: /usr/lib/prosody/util/cache.lua:66: table index is nil
stack traceback:
/usr/lib/prosody/util/cache.lua:66: in function ‘set’
/usr/lib/prosody/modules/muc/mod_muc.lua:131: in function ‘track_room’
/usr/lib/prosody/modules/muc/mod_muc.lua:142: in function </usr/lib/prosody/modules/muc/mod_muc.lua:136>
(tail call): ?
/usr/lib/prosody/modules/muc/mod_muc.lua:287: in function ‘?’
/usr/lib/prosody/util/events.lua:78: in function </usr/lib/prosody/util/events.lua:74>
(tail call): ?
/usr/lib/prosody/core/stanza_router.lua:187: in function ‘core_post_stanza’
/usr/lib/prosody/core/stanza_router.lua:135: in function ‘core_process_stanza’
/usr/lib/prosody/modules/mod_c2s.lua:254: in function ‘func’
/usr/lib/prosody/util/async.lua:90: in function </usr/lib/prosody/util/async.lua:88>

Any suggestions?

Computer_Doctor · January 31, 2020, 8:45pm

@damencho problem solved. I don’t know HOW, but it’s solved. Thank god and you as well!

sachin_dubey · April 8, 2020, 6:09pm

@damencho @Computer_Doctor how you create room with jwt token

If i create JWT token from our API and i send <domain name/roomName ?jwt=token>