I am looking for some guidance on how best to achieve my desired use case.
I have a self-hosted jitsi instance that I use via API from my website. The use case is that website members can join large calls for scheduled events, but there is no presenter or moderation required for the event to happen.
Currently with JWT authentication all users are moderators which has some challenges I need to resolve.
- I would like the ability for a moderator to join the event via a password or private token if required
- All other users to be guests (no access to kick out button etc)
- Event to start and complete with no moderation (if no moderation is required)
The reason I use JWT authentication is to restrict access from my website only. Would it be better to not use tokens for guests (enableUserRolesBasedOnToken), but restrict IP access from my webserver, or limit access to API only?
Thanks all in advance! I have already learned a lot from this community.