Jibri is not sending webhook Authorization header

deben · September 12, 2022, 3:42pm

I have set webhooks jwt token but jibri is not sending on status update.

It looks like jwt is configured properly.

Logs from jibri.

MainKt.main#55: Jibri starting up with id i-0df5096ee9f8c0a2a
2022-09-12 15:37:56.504 INFO: [1] JwtInfo$Companion.fromConfig#176: got jwtConfig: {
    # /etc/jitsi/jibri/jibri.conf: 56
    "audience" : "aud1",
    # /etc/jitsi/jibri/jibri.conf: 55
    "issuer" : "jibri",
    # /etc/jitsi/jibri/jibri.conf: 54
    "kid" : "jibri/recorder",
    # /etc/jitsi/jibri/jibri.conf: 53
    "signing-key-path" : "/etc/jitsi/jibri/private.pem",
    # /etc/jitsi/jibri/jibri.conf: 57
    "ttl" : "10 minute"
}

I made sure that rsa key exists and valid.

Request made from jibri:

saghul · September 13, 2022, 12:20pm

Send it where? How did you configure jibri?

deben · September 13, 2022, 1:08pm

To the webhooks subscriber endpoints.

Ref: jibri/reference.conf at 260cee3a118462aa419ff3b2e0ca2ac4645b7a92 · jitsi/jibri · GitHub

You can see my screenshot above jibri is posting its states to the /v1/status but authorization header is not present despite configured.

saghul · September 13, 2022, 2:13pm

Hum, looks like that header should be there: jibri/WebhookClient.kt at 8f198ae2c7c44622ccca73914dcdce72c3162da8 · jitsi/jibri · GitHub

deben · September 13, 2022, 5:22pm

Yeah, sadly it is not. Logs also show jwt configurations are loaded properly.

saghul · September 15, 2022, 7:27am

@oianc any idea?

oianc · September 16, 2022, 1:11pm

@deben Can you share the Jibri logs? Also, does the webhook work without Auth header?

deben · September 16, 2022, 1:41pm

yes, it is sending webhooks but without Auth header.

As I was pointing out these are the logs jibri supposed to be loading jwt config.


MainKt.main#55: Jibri starting up with id i-0df5096ee9f8c0a2a
2022-09-12 15:37:56.504 INFO: [1] JwtInfo$Companion.fromConfig#176: got jwtConfig: {
    # /etc/jitsi/jibri/jibri.conf: 56
    "audience" : "aud1",
    # /etc/jitsi/jibri/jibri.conf: 55
    "issuer" : "jibri",
    # /etc/jitsi/jibri/jibri.conf: 54
    "kid" : "jibri/recorder",
    # /etc/jitsi/jibri/jibri.conf: 53
    "signing-key-path" : "/etc/jitsi/jibri/private.pem",
    # /etc/jitsi/jibri/jibri.conf: 57
    "ttl" : "10 minute"
}

deben · September 20, 2022, 3:48am

@oianc any update on this?

RalucaT · September 21, 2022, 2:36pm

Hi! We were able to reproduce this issue. The problem is that even if the JwtInfo config is read correctly, it is read after the JWT used in the request was initialised. We don’t know yet why this happens, will look more into it in the following days.