Jitsi Authencation

Hey, I have installed jitsi in one of my aws servers. I have a fronted user can create a meeting. I have a domain in which jitsi is installed ( meeting.example.com). So i want anybody visit this url should not able to create a meeting only users are allowed to create a meeting through frontend . How can i add authencation middleware in jitsi. I have seen while installing jitsi we can enable authencation with the help of username and password . they will able to join but how can pass username and passowrd through url . I don`t know whether this will work through passing into url. Any other suggestion please help

@damencho @saghul

Please do not tag people unless they are already helping you with the specific topic. They are not your personal tech support. This is a community forum where people invest their own free time to help others; spamming individuals with the hope of getting a faster response is not ok.

To your question, the standard way to achieve this is to enable JWT authentication. You app will generate a token for a user to join the meeting, and Jitsi will only trust the token as long as it is not tampered with and signed with the correct cert/key.

Sorry for that i will keep in my mind . Thanks for the reply . I will try it out

When we try jitsi with jwt auth then error are showing

general warn Error verifying token err:not-allowed, reason:Invalid signature

Here my token eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb250ZXh0Ijp7InVzZXIiOnsibmFtZSI6IlZpc2hhbCBTaHVrbGEiLCJlbWFpbCI6InZpa2FzaGt1bWFyc2h1a2xhMjAwMEBnbWFpbC5jb20ifX0sIm1vZGVyYXRvciI6dHJ1ZSwiYXVkIjoiODgxMUNBIiwiaXNzIjoiODgxMUNBIiwic3ViIjoiY29kZXdpdGhzaHVrbGEuaW4iLCJyb29tIjoidmlzaGFsIiwiZXhwIjoxNjcwNTA4ODE1fQ.PYccpR2VMZVnKfWoFJk8TuGGdilTL7Z8Mn1zhIQpTG4

{
“alg”: “HS256”,
“typ”: “JWT”
}
{
“context”: {
“user”: {
“name”: “Vishal Shukla”,
“email”: “vikashkumarshukla2000@gmail.com
}
},
“moderator”: true,
“aud”: “8811CA”,
“iss”: “8811CA”,
“sub”: “codewithshukla.in”,
“room”: “vishal”,
“exp”: 1670508815
}

Here my jvb log
JVB 2022-08-08 07:43:17.104 INFO: [18] [hostname=localhost id=shard] MucClient.lambda$getConnectAndLoginCallable$9#637: Logging in.
JVB 2022-08-08 07:43:17.124 WARNING: [18] [hostname=localhost id=shard] MucClient.lambda$getConnectAndLoginCallable$9#651: Failed to login. Disconnecting to trigger a re-connect.
org.jivesoftware.smack.sasl.SASLErrorException: SASLError using SCRAM-SHA-1: not-authorized
at org.jivesoftware.smack.SASLAuthentication.authenticationFailed(SASLAuthentication.java:286)
at org.jivesoftware.smack.AbstractXMPPConnection.lambda$new$2(AbstractXMPPConnection.java:407)
at org.jivesoftware.smack.NonzaCallback$ClassAndConsumer.accept(NonzaCallback.java:177)
at org.jivesoftware.smack.NonzaCallback$ClassAndConsumer.access$200(NonzaCallback.java:166)
at org.jivesoftware.smack.NonzaCallback.onNonzaReceived(NonzaCallback.java:46)
at org.jivesoftware.smack.AbstractXMPPConnection.parseAndProcessNonza(AbstractXMPPConnection.java:1444)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1700(XMPPTCPConnection.java:131)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1010)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$700(XMPPTCPConnection.java:916)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketRe

That sounds like the secret you used to sign your JWT token does not match the secret configured in app_secret in your prosody config.

Perhaps try generating a token using https://jitok.emrah.com/ with a secret matching your prosody config. If that works, then we know the issue is down to how you generate your tokens. If it doesn’t then it may be a misconfiguration somewhere.

P.S. you really don’t have to cross post the same issue in multiple threads (1, 2).

Here my prosody logs
Aug 08 07:49:02 c2s5650f2f99450 info Client disconnected: connection closed
Aug 08 07:49:04 mod_posix warn Received SIGTERM
Aug 08 07:49:04 startup info Shutting down: Received SIGTERM
Aug 08 07:49:04 portmanager info Deactivated service ‘c2s’
Aug 08 07:49:04 portmanager info Deactivated service ‘c2s_direct_tls’
Aug 08 07:49:04 portmanager info Deactivated service ‘legacy_ssl’
Aug 08 07:49:04 portmanager info Deactivated service ‘s2s’
Aug 08 07:49:04 portmanager info Deactivated service ‘s2s_direct_tls’
Aug 08 07:49:04 general info Shutting down…
Aug 08 07:49:04 general info Shutdown status: Cleaning up
Aug 08 07:49:04 general info Shutdown complete

Sorry. I have no idea what to make of your logs. That looks like prosody shutting down.

What I meant was to generate the token using jitok then use it on your service to see if you can authenticate.

:warning: Your screenshot exposes your JWT secrets, and your hostname is visible in some of your previous posts. I would strongly suggest you change the secret.

I have tried using jitok i generated a token but still after generating a token and using that into our website address same issue remains. It shows reconnecting . I have change my jwt secret .

If it shows “reconnecting” then the error is not due to invalid JWT but something else wrong with your setup.

I see that you already asked this in a different thread and emrah is already helping you and gave you exactly the same advice.

Have you tried that yet?

Yeah I have tried that think but it was not working.
my website are codewithshukla.in

If it is not working then you should work out why it is not working and stop posting new items asking for help with JWT auth tokens. Once you get your deployment working, then try to add JWT auth.

If you look at the dev console while the “reconnecting” error is happening, there is a very obvious error stating that there is something wrong with the websocket connection.

There are plenty of topics on this forum discussing that. I would suggest you read up on them and try them out first.

All these points have already been mentioned by emrah.

Please don’t treat this forum as your personal tech support and just dump in your URL or a massive amounts of logs and expect others to do all the legwork for you. May I suggest you read the following: