Jitsi + JWT + special chars in room name

Hi community,
I have successfully running Jitsi + JWT. It works fine.
Prosody version is: Prosody trunk nightly build 1415 (2021-03-24, 671f6b867e0d)

When I use a room name with a blank inside (e.g: “for demo”), it will throw an exception:
token_verification error

Digging in token/util.lib.lua-> verify room:
The variable “room” has the room name url-encoded like “for%20demo”
The variable “auth_room” has room name not url-encode like “for demo”

Any hints?
Thanks in advanced

I think this one comes from the jwt, how do you have it in jwt token, it should be URL encoded?

In JWT I have:
“room”: “for demo”

I try url encoding and testing.
Thanks for quick reply.

In general it works, if I url encode my room name in the JWT. So, I have as room name “for demo”. JWT will have now “for%20demo” and it works.

BUT, if I put some other special chars like german umlaute (äöüÄÖÜß) it get strange.

Example without a blank: room name = “abcdefäöüßende”

In /usr/share/jitsi-meet/prosody-plugins/token/util.lib.lua, adding logging information:

Apr 06 09:29:06 general info Room: abcdef%25e4%25f6%25fc%25dfende
Apr 06 09:29:06 general info AuthRoom: abcdefäöüßende

So the room is ISO_8859_1 encoded? And the percent char is escaped (twice)?

If I do this hack in JWT too, so I generate url encode with ISO_8859_1 plus substituting % with %25, it will work.
I can go into the room as organisator.

With “secure domain” setup a guest will not join my room. If I enter the room name from above “abcdefäöüßende” into the meet form,
the meet url is just the same https://my domain/abcdefäöüßende
But I get the information, the organisator is not here and I get a room name “abcdef%c3%a4%c3%b6%c3%bc%c3%9fende”

So it seems, here UTF-8 is used.

Sorry for confusing.
I found the problem with ISO_8859_1/UTF-8 coding.

My web application, generating the JWT will offer the URL to the Jitsi meeting room with the JWT.
Here I just use Tomcat/Primefaces/JSF with <h:outputLink>. Not found yet, but <h:outputLink> will transform the URL to the ISO8859_1 format, so the rooms will not join.

Actual code in my app is just using
URLEncoder + replacing the “+” char to “%20”. See URLEncoder behavior.
urlRoom = URLEncoder.encode(urlRoom, StandardCharsets.UTF_8.name()).replaceAll("\+", “%20”);

So this is all, with this behavior I can handle “blanks” and other special german chars in the room name.
It works fine in my prototype.

Some additional information for the community.

If you have special chars in the room name like german umlaute (äöüÄÖÜß).
The “roomName” is mapped to lowercase → äöüÄÖÜß
util.lib.lua: the “auth_room” is not mapped to lowercase
My solution: I map in the JWT the roomname to lowercase (plus URL encoding as above)

other special chars like brackets are completely dropped from the roomname
But not from “auth_room”, so the names are not matching.
Either remove from JWT too, in my case, I do not allow such special chars.
My pattern:
@Pattern(regexp = “^[- _|a-zA-Z0-9\u00e4\u00c4\u00f6\u00d6\u00fc\u00dc\u00df]+$”)
(using Primeface: pattern will be send to client side validation, so do not use java char classes like \p{Alnum}. JavaScript can’t handle it).