[jitsi-users] Multiples token "domains" for Jitsi Meet


#1

Hello all.
Thanks for Jitsi Meet, it's a very nice software.

I'm testing JWT token auth with Jitsi Meet and i wonder what is the best/simpliest strategy to have multiple token secret, each for a different pool of rooms.

Thanks,


#2

Hi,

The idea of the tokens is that this is another serverside software
that will be generating tokens and will be providing them to the
clients. This is the case where users are authenticated in some other
service which will be responsible for providing tokens.
If you want to share your goal so we can come with some advice on the subject.

Regards
damencho

···

On Fri, Oct 6, 2017 at 2:59 AM, Inkey <inkey@inkey-art.net> wrote:

Hello all.
Thanks for Jitsi Meet, it's a very nice software.

I'm testing JWT token auth with Jitsi Meet and i wonder what is the
best/simpliest strategy to have multiple token secret, each for a different
pool of rooms.

Thanks,

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#3

Hi.

I'm working on integrating jitsi-meet in a web software.
My goal is to have "private" rooms related to "projects" in my software,
but with automatic authentification within the software.

It seems that tokens is the only way to do this. so, i use them. I
didn't see anything else to pass authentifications params directly into
jitsi meet external API.

I want to be able to have 2 groups of users from two different web
software access to different rooms (without the same pass/tokens) but
sharing the same jitsi-meet instance. I know i can almost do this
through token by setting room but it's not really secure. I don't want
one web software to be able to create token to access to room related to
the other group.

I was before thinking of using room password but i found no way to
automatically secure the room an no way to automatically authen to the
room. This password solution seems closer to what i want, but up to now
it doesn't work.

Thanks,

···

Le 10/10/2017 à 18:35, Damian Minkov a écrit :

Hi,

The idea of the tokens is that this is another serverside software
that will be generating tokens and will be providing them to the
clients. This is the case where users are authenticated in some other
service which will be responsible for providing tokens.
If you want to share your goal so we can come with some advice on the subject.

Regards
damencho

On Fri, Oct 6, 2017 at 2:59 AM, Inkey <inkey@inkey-art.net> wrote:

Hello all.
Thanks for Jitsi Meet, it's a very nice software.

I'm testing JWT token auth with Jitsi Meet and i wonder what is the
best/simpliest strategy to have multiple token secret, each for a different
pool of rooms.

Thanks,

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#4

Hi,

Hi.

I'm working on integrating jitsi-meet in a web software.
My goal is to have "private" rooms related to "projects" in my software,
but with automatic authentification within the software.

It seems that tokens is the only way to do this. so, i use them. I
didn't see anything else to pass authentifications params directly into
jitsi meet external API.

There is a parameter jwt you can use:
https://github.com/jitsi/jitsi-meet/blob/master/doc/api.md#api

I want to be able to have 2 groups of users from two different web
software access to different rooms (without the same pass/tokens) but
sharing the same jitsi-meet instance. I know i can almost do this
through token by setting room but it's not really secure. I don't want
one web software to be able to create token to access to room related to
the other group.

This should be done through a server-side service which generates
tokens, pass them to your web software which then opens a jitsi-meet
room using the external API passing that token. The token generation
use a shared secret which should be used and configured on the
serverside and not be shared with web app, it is only the generated
tokens go to the web.

Hope this helps.

Regards
damencho

···

On Tue, Oct 10, 2017 at 1:08 PM, Guenael Muller <guenael.muller@inkey-art.net> wrote:

I was before thinking of using room password but i found no way to
automatically secure the room an no way to automatically authen to the
room. This password solution seems closer to what i want, but up to now
it doesn't work.

Thanks,

Le 10/10/2017 à 18:35, Damian Minkov a écrit :

Hi,

The idea of the tokens is that this is another serverside software
that will be generating tokens and will be providing them to the
clients. This is the case where users are authenticated in some other
service which will be responsible for providing tokens.
If you want to share your goal so we can come with some advice on the subject.

Regards
damencho

On Fri, Oct 6, 2017 at 2:59 AM, Inkey <inkey@inkey-art.net> wrote:

Hello all.
Thanks for Jitsi Meet, it's a very nice software.

I'm testing JWT token auth with Jitsi Meet and i wonder what is the
best/simpliest strategy to have multiple token secret, each for a different
pool of rooms.

Thanks,

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#5

Hi,

Thanks,I understand now .
I was thinking about my web app as a server-side element because it is, but in fact, i have
to use it as a client of a third part system which generate token according to authentification of the web app
and return only some kind of room token (not the one, who where used by other client).
I just now have to think how to authentificate the webserver to the token generator service, but it's no more
a jitsi-related problem. I hope also luacrypto and openSSL1.1 problem will soon be repaired (https://github.com/jitsi/jitsi-meet/issues/2029) in
order to have something "production-ready".

Regards

···

Le 2017-10-10 20:16, Damian Minkov a écrit :

Hi,

On Tue, Oct 10, 2017 at 1:08 PM, Guenael Muller > <guenael.muller@inkey-art.net> wrote:

Hi.

I'm working on integrating jitsi-meet in a web software.
My goal is to have "private" rooms related to "projects" in my software,
but with automatic authentification within the software.

It seems that tokens is the only way to do this. so, i use them. I
didn't see anything else to pass authentifications params directly into
jitsi meet external API.

There is a parameter jwt you can use:
https://github.com/jitsi/jitsi-meet/blob/master/doc/api.md#api

I want to be able to have 2 groups of users from two different web
software access to different rooms (without the same pass/tokens) but
sharing the same jitsi-meet instance. I know i can almost do this
through token by setting room but it's not really secure. I don't want
one web software to be able to create token to access to room related to
the other group.

This should be done through a server-side service which generates
tokens, pass them to your web software which then opens a jitsi-meet
room using the external API passing that token. The token generation
use a shared secret which should be used and configured on the
serverside and not be shared with web app, it is only the generated
tokens go to the web.

Hope this helps.

Regards
damencho

I was before thinking of using room password but i found no way to
automatically secure the room an no way to automatically authen to the
room. This password solution seems closer to what i want, but up to now
it doesn't work.

Thanks,

Le 10/10/2017 à 18:35, Damian Minkov a écrit :

Hi,

The idea of the tokens is that this is another serverside software
that will be generating tokens and will be providing them to the
clients. This is the case where users are authenticated in some other
service which will be responsible for providing tokens.
If you want to share your goal so we can come with some advice on the subject.

Regards
damencho

On Fri, Oct 6, 2017 at 2:59 AM, Inkey <inkey@inkey-art.net> wrote:

Hello all.
Thanks for Jitsi Meet, it's a very nice software.

I'm testing JWT token auth with Jitsi Meet and i wonder what is the
best/simpliest strategy to have multiple token secret, each for a different
pool of rooms.

Thanks,

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users