Jibri with JWT token Not Working

Jibri fails to record with JWT enabled Jitsi.

Throws below error:
Error verifying token err:not-allowed, reason:token required

I can’t enable below parameter since that breaks our requirement for every user to have jwt before joining.
allow_empty_token = true

Any idea How to solve this issue? How can we let jibri enter the conference without jwt?

Note: I have registered prosody users for jibri and recorders as well as made necessary config changes according to the doc.

Jibri by instructions use reccorder.yourdomain.com which uses user/password authentication and jibri does not need jwt to access the meeting.

Make sense. In that case, I already have recorder.domain.com registered as prosody user as well as added the config inside domain.lua as below:

VirtualHost "recorder.domain.com"
    modules_enabled = {
      	"ping";
    }
    authentication = "internal_plain"

It still throws token required error. Any idea what am I missing?

Is /var/lib/prosody/recorder*/accounts/recorder.dat hashed or plain?

cat /var/lib/prosody/recorder*/accounts/recorder.dat
cat /var/lib/prosody/auth*/accounts/jibri.dat

Is recorder in trusted domain list?

hocon -f /etc/jitsi/jicofo/jicofo.conf get "jicofo.xmpp.trusted-domains"

The recorder.dat contains plain password as below:

cat /var/lib/prosody/recorder*/accounts/recorder.dat 
return {
	["password"] = "plain_password";
};

while Jibri.dat seems to contain hashed password as below:

return {
	["iteration_count"] = 4096;
	["stored_key"] = <stored_key>;
	["salt"] = <salt>;
	["server_key"] = <server_key>;
};

Also, recorder is already in trusted domain list:

hocon -f /etc/jitsi/jicofo/jicofo.conf get "jicofo.xmpp.trusted-domains"
[
    "recorder.domain.com"
]

Do jibri and jitsi match each other? For example if your jitsi version is outdated and you install jibri from the current stable repo, this may cause some issues.

Oh Ohk. Interesting. That might be the case. Let me install the same version of Jibri (as Jitsi) and give it a try.

Uh! No. Installed same version of Jibri as Jitsi and still the same. Throws token required error.
Anything else that I can look into?

Jibri config?

jibri {
// A unique identifier for this Jibri
id = “jibri-437913602”

api {
  xmpp {
    // See example_xmpp_envs.conf for an example of what is expected here
    environments = [
        {
            // A user-friendly name for this environment
            name = "<no value>"

            // A list of XMPP server hosts to which we'll connect
            xmpp-server-hosts = [ 
                "domain.com"
            ]

            // The base XMPP domain
            xmpp-domain = "domain.com"

            // The MUC we'll join to announce our presence for
            // recording and streaming services
            control-muc {
                domain = "internal.auth. domain.com"
                room-name = "jibribrewery"
                nickname = "jibri-437913602"
            }

            // The login information for the control MUC
            control-login {
                domain = "auth. domain.com"
                username = "jibri"
                password = "jibri_password"
            }

            // The login information the selenium web client will use
            call-login {
                domain = "recorder.domain.com"
                username = "recorder"
                password = "recorder_password"
            }
            
            // The value we'll strip from the room JID domain to derive
            // the call URL
            strip-from-room-domain = "conference."

            // How long Jibri sessions will be allowed to last before
            // they are stopped.  A value of 0 allows them to go on
            // indefinitely
            usage-timeout = "0"
            
            // Whether or not we'll automatically trust any cert on
            // this XMPP domain
            trust-all-xmpp-certs = true
        }
    ]
  }
}
recording {
  recordings-directory = "/config/recordings"
  finalize-script = "/config/finalize.sh"
  }

ffmpeg {
  resolution =  "1280x720"
  }

}

The password matches?

Yes, it does matches with the one in /var/lib/prosody/recorder*/accounts/recorder.dat

What is your prosody version?
Is there any error in the prosody logs?

Prosody version is

ii prosody-trunk 1nightly1313-1~buster amd64 Lightweight Jabber/XMPP server

There is no error when prosody is started and I just get this below error (on prosody) when recorder tries to join the conference:

Error verifying token err:not-allowed, reason:token required

The issue may be related with this

Not sure if it’s prosody issue or the issue mentioned below: