Jibri recording failure with prosody error "Token nil not allowed to join" after JWT enable

gaocunbin · September 12, 2022, 9:34am

I have successfully setup a standalone self-host jitsi-meet with jibri together. All 3rd-party conference and recording are working well before jwt enabled

But when I enabled the JWT as the official guide

I found all functions of jitsi-meet worked well except jibir with following errors:
2022-09-12 16:48:40.882 INFO: [162] AbstractPageObject.visit#38: Waited 555ms for driver to load page
2022-09-12 16:48:40.900 FINE: [162] CallPage$visit$$inlined$measureTimedValue$lambda$1.apply#58: Not joined yet: Cannot read properties of undefined (reading ‘isJoined’)
2022-09-12 16:48:41.405 FINE: [162] CallPage$visit$$inlined$measureTimedValue$lambda$1.apply#58: Not joined yet: Cannot read properties of undefined (reading ‘isJoined’)
2022-09-12 16:48:42.415 FINE: [162] CallPage$visit$$inlined$measureTimedValue$lambda$1.apply#58: Not joined yet: APP is not defined
2022-09-12 16:48:42.920 FINE: [162] CallPage$visit$$inlined$measureTimedValue$lambda$1.apply#58: Not joined yet: APP is not defined

And meanwhile, I found the prosody log reported following error info:
Sep 12 16:09:37 conference.jitsi.3vyd.com:token_verification error Token nil not allowed to join: alex@conference.jitsi.3vyd.com/b49101c1

Looks like the recording also need the jwt token to join. but I already set “allow_empty_token = false” in prosody, I am not sure whether I missed any other jwt configuration for jibri recording feature, please help me to figure out, thanks a lot

gaocunbin · September 12, 2022, 9:42am

I add more prosody log with the same timestamp as jibri recording error:

emrah · September 12, 2022, 10:16am

Did you add recorder account into the admins list in your prosody config?

gaocunbin · September 12, 2022, 10:43am

Do you mean add this line "admins = { “focus@auth.”, “recorder.” } " in prosody configuration as below?

I changed it but still not working.
If I did not catch your point, would you please help to share how to check, thank you

Component “conference.” “muc”
restrict_room_creation = true
storage = “memory”
modules_enabled = {
“muc_meeting_id”;
“muc_domain_mapper”;
“polls”;
“token_verification”;
– “token_affiliation”;
“token_moderation”;
“muc_rate_limit”;
}
admins = { “focus@auth.”, “recorder.” }
muc_room_locking = false
muc_room_default_public_jids = true

gaocunbin · September 12, 2022, 10:50am

Hi emrah,
Thanks for your light, I try to change it to “recorder@recorder.domain” in prosody configuration and jibri recording work well with jwt enabled.
Thanks a lot for your support so quickly

Dusan_Panic · October 7, 2022, 11:14am

Can you please share which section you edited?

Thanks

emrah · October 7, 2022, 11:30am

in /etc/prosody/conf.d/jitsi.yourdomain.com.cfg.lua
in Component "conference.jitsi.yourdomain.com" "muc" block
add recorder@recorder.jitsi.yourdomain.com into admins

James_Green · October 14, 2022, 12:52am

Hi @emrah I have added this and “IT WORKS!”. My next question is why did this need changing as it worked on previous releases?

emrah · October 14, 2022, 8:07am

Because the default configuration for token authentication in codes has been changed.

mehtapaxshal · October 19, 2022, 10:54pm

@emrah Just wonder why “recorder” hasn’t been added as an Env config for admins inside prosody docker config. Any idea?
cc @damencho

github.com

jitsi/docker-jitsi-meet/blob/93272b93c76412bf1925da49d69813fe0652a24c/prosody/rootfs/defaults/conf.d/jitsi-meet.cfg.lua#L38


      
          {{ $XMPP_GUEST_DOMAIN := .Env.XMPP_GUEST_DOMAIN | default "guest.meet.jitsi" -}}
          {{ $XMPP_INTERNAL_MUC_DOMAIN := .Env.XMPP_INTERNAL_MUC_DOMAIN | default "internal-muc.meet.jitsi" -}}
          {{ $XMPP_MUC_DOMAIN := .Env.XMPP_MUC_DOMAIN | default "muc.meet.jitsi" -}}
          {{ $XMPP_MUC_DOMAIN_PREFIX := (split "." $XMPP_MUC_DOMAIN)._0 }}
          {{ $XMPP_RECORDER_DOMAIN := .Env.XMPP_RECORDER_DOMAIN | default "recorder.meet.jitsi" -}}
          {{ $DISABLE_POLLS := .Env.DISABLE_POLLS | default "false" | toBool -}}
          {{ $ENABLE_SUBDOMAINS := .Env.ENABLE_SUBDOMAINS | default "true" | toBool -}}
          {{ $PROSODY_RESERVATION_ENABLED := .Env.PROSODY_RESERVATION_ENABLED | default "false" | toBool }}
          {{ $PROSODY_RESERVATION_REST_BASE_URL := .Env.PROSODY_RESERVATION_REST_BASE_URL | default "" }}
          
          
admins = {
              {{ if .Env.JIGASI_XMPP_PASSWORD }}
              "{{ $JIGASI_XMPP_USER }}@{{ $XMPP_AUTH_DOMAIN }}",
              {{ end }}
          
          
    {{ if .Env.JIBRI_XMPP_PASSWORD }}
              "{{ $JIBRI_XMPP_USER }}@{{ $XMPP_AUTH_DOMAIN }}",
              {{ end }}
          
          
    "{{ $JICOFO_AUTH_USER }}@{{ $XMPP_AUTH_DOMAIN }}",
              "{{ $JVB_AUTH_USER }}@{{ $XMPP_AUTH_DOMAIN }}"

emrah · October 20, 2022, 7:35am

Sorry, no idea about Dockerized setup

mehtapaxshal · October 24, 2022, 11:12pm

@saghul Is this expected to not have “recorder@recorder.domain” as part of admins list in docker setup?