Jitsi + Mattermost + JWT - Sorry! You are not allowed to be here :(

Hi i i installed Jitsi and Mattermost from docker images.
I configured Mattermost’s Jitsi plugin to JWT autentication
Same APP_ID, same APP_Secret
Mattermost is generating JTW like this:

(eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJtYXR0ZXJtb3N0X2RlbGtvIiwiaXNzIjoibWF0dGVybW9zdF9kZWxrbyIsInN1YiI6Im1lZXQuZGVsa28ucGwiLCJleHAiOjE2NjQzNjIwMzEsImNvbnRleHQiOnsidXNlciI6eyJhdmF0YXIiOiIiLCJuYW1lIjoiIiwiZW1haWwiOiIiLCJpZCI6IiJ9LCJncm91cCI6IiJ9LCJyb29tIjoiaXQtZGVsa28tdG93bi1zcXVhcmUtYml3YWpvd2t2aiJ9.EO_BQxuy-3eSnlS8i46-gMToNVmv7-YgMyU3ek3q0YQ#config.callDisplayName=%22Town%20Square%20Channel%20Meeting%22)
{
  "aud": "mattermost_delko",
  "iss": "mattermost_delko",
  "sub": "meet.delko.pl",
  "exp": 1664362031,
  "context": {
    "user": {
      "avatar": "",
      "name": "",
      "email": "",
      "id": ""
    },
    "group": ""
  },
  "room": "it-delko-town-square-biwajowkvj"
}

But when i try to join room i get "Sorry! You are not allowed to be here :frowning:

In prosody container log i get this:

speakerstats.meet.jitsi:speakerstats_component               warn	A module has been configured that triggers external events.
speakerstats.meet.jitsi:speakerstats_component               warn	Implement this lib to trigger external events.
c2s55def6f54050                                              info	Client connected
c2s55def6f54050                                              info	Authenticated as mq5asaynxpwda-vn0djwpxlp@meet.jitsi
muc.meet.jitsi:token_verification                            error	Token eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJtYXR0ZXJtb3N0X2RlbGtvIiwiaXNzIjoibWF0dGVybW9zdF9kZWxrbyIsInN1YiI6Im1lZXQuZGVsa28ucGwiLCJleHAiOjE2NjQzNjIwMzEsImNvbnRleHQiOnsidXNlciI6eyJhdmF0YXIiOiJodHRwczovL21tLmRlbGtvLnBsL2FwaS92NC91c2Vycy96NnNwdXpxeWlmZjE5ajExcTFmNzdnM2Jrby9pbWFnZT9fPTE2NjM3Njg1ODM5NTYiLCJuYW1lIjoia2FtaWwiLCJlbWFpbCI6ImtiYWxpY2tpQGRlbGtvb3R0by5wbCIsImlkIjoiejZzcHV6cXlpZmYxOWoxMXExZjc3ZzNia28ifSwiZ3JvdXAiOiIifSwicm9vbSI6Iml0LWRlbGtvLXRvd24tc3F1YXJlLWJpd2Fqb3drdmoifQ.PLtGHPHMUtFGDpQgeV5qSSFrVyYlfxNFQVEj7ItsHsQ not allowed to join: it-delko-town-square-biwajowkvj@muc.meet.jitsi/a2ef3221
c2s55def6f54050                                              info	Client disconnected: connection closed
c2s55def7036e20                                              info	Client connected
c2s55def7036e20                                              info	Authenticated as wtqs-7785q4hmm9duacowutl@meet.jitsi
speakerstats.meet.jitsi:speakerstats_component               warn	A module has been configured that triggers external events.
speakerstats.meet.jitsi:speakerstats_component               warn	Implement this lib to trigger external events.
muc.meet.jitsi:token_verification                            error	Token eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJtYXR0ZXJtb3N0X2RlbGtvIiwiaXNzIjoibWF0dGVybW9zdF9kZWxrbyIsInN1YiI6Im1lZXQuZGVsa28ucGwiLCJleHAiOjE2NjQzNjIwMzEsImNvbnRleHQiOnsidXNlciI6eyJhdmF0YXIiOiIiLCJuYW1lIjoiIiwiZW1haWwiOiIiLCJpZCI6IiJ9LCJncm91cCI6IiJ9LCJyb29tIjoiaXQtZGVsa28tdG93bi1zcXVhcmUtYml3YWpvd2t2aiJ9.EO_BQxuy-3eSnlS8i46-gMToNVmv7-YgMyU3ek3q0YQ not allowed to join: it-delko-town-square-biwajowkvj@muc.meet.jitsi/c143bbb5
c2s55def7036e20                                              info	Client disconnected: connection closed
speakerstats.meet.jitsi:speakerstats_component               warn	A module has been configured that triggers external events.
speakerstats.meet.jitsi:speakerstats_component               warn	Implement this lib to trigger external events.

Can you try with

"sub": "*",
1 Like

It works with “sub” = *
But how to generate token with sub = “*” from Mattermost?

I think its getting from jitsi server url

Or change this @muc.meet.jitsi to meet.delko.pl

I set
XMPP_MUC_DOMAIN=meet.delko.pl in .env file and it works but im locked in prejoin page.
“Join meeting” button is not responding.
When i disabled prejoin page in .env
ENABLE_PREJOIN_PAGE=false
I manage to join meeting.
My tokens provide display name and avatar i think this is a problem.

Users don’t see each other, i can join channel, but i am only one.
Tested from different Mattermost acounts.

You should disable enable_domain_verification in prosody config. No idea how it is done on Docker setup.

1 Like

I pulled the latest docker image and its working fine with
JWT_ENABLE_DOMAIN_VERIFICATION=false

Thank you for valuable tips.