Is there a way to build an URL link that grants moderator rights

Hello everyone,
Is there a way to add a “switch” at the end of a room link that would grant moderator rights to the recipient, whether or not he is the first in the room (it is an open domain, no password).

@damencho do you have a one-liner answer to this question, as usual ? :stuck_out_tongue:

No, other than enable jwt and use jwt for moderators …

Would there be a trick to not enable secure domain but add passwords to force some users as moderators?

Well I didn’t mention secure domain, but jwt. It is currently enabled on and for example for TheCall by default everyone are non-moderators, but those entering with jwt are moderators.

Can users create rooms even if they are not moderators?

How does it work?

Sorry… me again… Do you have a comprehensive guide on how to use JWT ?

Mostly, I need all rooms to be “public” except some rooms… How can it be achieved?
I would prefer some sort of API call to secure a room and password authentication requested for those rooms… can it be done?

@Normand_Nadon why not just do a search here? There’s a ton of information on JWT here and there’s of course the ‘official’ guide. This is a topic that has been extensively dealt with in several threads. I imagine if you run into issues, others can also chip in.

I understand @Freddie , I searched for several hours on the subject but most sources lead to dead-end posts where either the person did not find the answer, or has never came back after finding it…

I don’t even understand what a JWT token is in the end!

I use jitsi-meet-docker, I want SOME rooms to be secure and I would prefer the good old user/password way of doing it. We ca use the API as the room names are generated by our website for the event… Where do I start? If JWT is needed, is it something that jitsi has preloaded or do I need something external?

Thank you :slight_smile:

@Normand_Nadon did you check out the guide? It’s pretty high level for most, but it has the details. Usually, the process is to check out the guide, if you run into issues, search in the forum for possible solutions. JWT has been covered so extensively here that I doubt you’d be unable to find the answer to whatever issue(s) you encounter. And I’ve seen some regulars here who are incredibly knowledgeable on the subject and are often eager to help when they see topics posted on it.

My concern is this habit of specifically calling out certain people because they’ve helped us in the past. They may not complain but it’s overwhelming. It’s a community support forum where everyone helps everyone; we should be careful about treating people like personal support staff. Now of course if someone is already helping you on a specific issue, then it’s understandable to tag them. But to start out posts tagging people is just a bit much. I think we’d all stand to lose if they get overwhelmed and stop making themselves available altogether. Personally, I think of them as the LAST line of support - if everyone else has tried and everything else has failed. And even then, I just hope that they see my post and choose to chime in. Tagging people indiscriminately is not okay.

Sorry for my rant.

Rant accepted and understood @Freddie, and I love to contribute also whenever I can… I also get called-out from time to time :slight_smile:

I do not want to disturb everyone, but I am desperate for answers at the moment…
We are on a sprint to finish in time for a big event and the customer has very specific needs… After this event, we have decided to stop using jitsi to help clients manage large events as even though it is a lot better than using Zoom or teams, it is not a plug-and-play solution… We will use it internally as we love the platform, and keep improving on it, and I will try my best to help others here, but the “large event” path is ending in November for us…

That being said, Jitsi-Meet’s popularity will not wear-off with the current situation, and honestly, there are no similar options out-there. The documentation has come a long way since last winter, but still, I see the same questions coming up again and again, which means that if it is clear for some, it is certainly not for others how the entire system works… Some configs and parameters are not at all obvious for me, even after 8-9 months of playing around with jitsi-meet… Imagine for a newcomer!

My goal, when the November event will be over, is to make Youtube Videos, in english and french, explaining the system, it’s amazing strengths and the traps and quirks it has…

Now for the part of the question that I needed answers for (from anyone who has them):
Is it possible to secure only one room by API or some other way and can it be secured by password instead of tokens?
Also, if I enable JWT, do I understand that I don’t need to enable secure domain?

Have a nice day

Have you considered using persistent rooms with persistent passwords? That might be a solution for what you’re trying to accomplish. Do a quick search here for it, if you think that could work. There’s one thread I thought was really good, I can try to search it out in a bit if you don’t find something on your own.

1 Like

I have been reading on it for about 30 minutes and can’t wrap my head around it…
I also read a lot about JWT since this morning but there is a big missing piece that makes me not understand at all… I feel like in high school when I couldn’t figure out vectors, until something popped in my head and I understood it all in 30 seconds from the previous hours of reading!.. When the missing piece will reveal itself, I should be good to go! But for now I don’t get it at all :frowning:

For the persistent rooms, I saw that Damencho posted this, but I don’t even understand WHERE to put that function call!

Can you give me another push please? :stuck_out_tongue:

Ok, give me one second, let me find the link… brb

@Normand_Nadon - Here, check out this thread - Persistent Passwords on Self Hosted Rooms

1 Like

That was the post I was into…
I don’t get it, do I need to create a module? Do i simply put this in the jitsi-meet.cfg.lua file?

Also, what is an Admin in that context? what users are considered admins vs Moderators and how could I make someone an admin on a non-secure domain instance? I saw that modules such as jicofo (focus) and JVB act like admins, but what does it do? Couls I simply grant admin access to some users and they would be moderators by default?

I am such a pest!

EDIT: I think that I mus be onto something with that post…

I think this post should do it for you. Lua files are prosody config files. Your main prosody config lua is found in /etc/prosody/conf.avail/.

You create a new lua file with the code, save it as mod_persist_muc_passwords.lua and place it in the modules directory as instructed.

Then go to your main prosody config lua (in in /etc/prosody/conf.avail/) and add “mod_persist_muc_passwords” to the list of modules enabled.

One last stupid question… What folder is supposed to be used for the modules?
I tried prosody-plugins-custom and directly in conf.d without success…
Is this folder present when using docker?

I managed to install the plugin in the end, but it crashed… I will give it another try next week… This is getting exhausting :expressionless:

Thanks for you help anyways folks

I am sorry to summon you again @damencho, but I need precision on what you have done for

I have activated JWT tokens and managed to make it work (yay!!!)

  • If ENABLE_GUESTS and JWT_ALLOW_EMPTY are active, no one can create a room without a token
  • If I disable ENABLE_GUESTS and keep JWT_ALLOW_EMPTY, everyone is a moderator

How did you do it on the instance so that guests can open a room without having moderator privileges?
I have not found an answer to that despite hours of research…

Here is a screenshot of my config:

Again, sorry for calling you out directly…

You can have moderated rooms and moderated subdomains(tenants), a setting to allowners module, where participants without jwt are not moderators and those joining with jwt are.
1 Like