Is it enough to enable the ENABLE_AUTH and AUTH_TYPE in self-hosted server to check for tokens everytime a room is created?

Hello I am planning on doing this:


And then specify an application ID and secret in the server. Then I will generate jwt tokens with the ID and secret on the Android application and will setToken() while joining to a room. Would this be enough for a user without a token to not be able to enter a room?