We have recently deployed Jitsi Meet on one of our servers, along with jitsi-meet-token plugin.
We have set it to allow only users with a token (and the proper “room” set inside) to be moderator of a room. Other users without a token (or with a token but with a different room set) are just guests.
The token live only 1 minute, as it is adviced by JWT standards.
It appears that when authentified as the room modeartor with a JWT, and then refresh the page (or close the tab et coming back to the URL), you’re no longer the moderator…
Is this a feature? A normal thing to happen? Or an issue?
My guess was that the token just replaced the login form to authenticate. Then, Jitsi created the session like it would do with the initial settings (withtout token).
With Jitsi tokens, you need a token in query string anytime you go in a room, even if you just authenticated into it???
If you set the token validity for just 1 minute, then after that, it’s no longer valid. When you refresh, the browser cache presents an invalid (no longer valid) token, so you’re placed in the meeting as a guest.
I don’t understand… there’s no Session Id created after managing the token?
JWT is not about sessions, it is just about authentication. You mean the session is based on the token from the url? It has to be there everytime? You don’t start any session? (I’m from PHP world, maybe I have a wrong understanding)