JWT implemented but No Audio/Video & Meetings getting created without token

Hi @all,
cc: @maxired cc: @damencho
I have created custom layout using lib-jitsi-meet. without authentication its all working fine. But when i enabled jwt by following the guide @ https://github.com/jitsi/lib-jitsi-meet/blob/master/doc/tokens.md the Audio/Video goes blank. No errors in console or in Server logs.
Here is the steps i followed.
Ubuntu 18.04
Prosody 0.11.5 (didn’t installed prosody-trunks as it was conflicting the main prosody version. not sure if this is the cause??! )

jitsi meet installed from official Docs jitsi meet and jitsi-meet-tokens from this guide. https://github.com/christiancuri/Docs/blob/master/Jitsi%20Meet%20Installation.md

Aug 05 11:26:08 portmanager	info	Activated service 'http' on [::]:5280, [*]:5280
Aug 05 11:26:08 portmanager	info	Activated service 'https' on no ports
Aug 05 11:26:08 conference.meet.mydomain.com:muc_domain_mapper	info	Loading mod_muc_domain_mapper for host meet.mydomain.com!
Aug 05 11:26:12 conference.meet.mydomain.com:muc_domain_mapper	warn	Session filters applied
Aug 05 11:26:12 c2s563b0b3e5560	info	Client connected
Aug 05 11:26:12 conference.meet.mydomain.com:muc_domain_mapper	warn	Session filters applied
Aug 05 11:26:12 c2s563b0b1d0840	info	Client connected
Aug 05 11:26:13 c2s563b0b3e5560	info	Stream encrypted (TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256)
Aug 05 11:26:13 c2s563b0b1d0840	info	Stream encrypted (TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256)
Aug 05 11:26:13 c2s563b0b3e5560	info	Authenticated as focus@auth.meet.mydomain.com
Aug 05 11:26:14 c2s563b0b1d0840	info	Authenticated as jvb@auth.meet.mydomain.com
Aug 05 11:26:14 focus.meet.mydomain.com:component	warn	Component not connected, bouncing error for: <iq to='focus.meet.mydomain.com' id='psj1i-40' type='get' from='focus@auth.meet.mydomain.com/focus12491357517'>
Aug 05 11:26:15 jcp563b0b5b5690	info	Incoming Jabber component connection
Aug 05 11:26:15 focus.meet.mydomain.com:component	info	External component successfully authenticated
Aug 05 11:26:35 mod_bosh	info	Client tried to use sid '6f72e0b1-a4d4-4470-b0b3-c974b1f40126' which we don't know about
Aug 05 11:26:48 conference.meet.mydomain.com:muc_domain_mapper	warn	Session filters applied
Aug 05 11:26:48 mod_bosh	info	New BOSH session, assigned it sid '4da03b5c-f232-42b2-a0e5-31ce6db8ead5'
Aug 05 11:26:48 bosh4da03b5c-f232-42b2-a0e5-31ce6db8ead5	warn	No available SASL mechanisms, verify that the configured authentication module is working
Aug 05 11:27:05 bosh4da03b5c-f232-42b2-a0e5-31ce6db8ead5	info	BOSH client disconnected: session close'

here are the jicofo logs:

Jicofo 2020-08-05 11:26:11.803 INFO: [10] org.eclipse.jetty.util.log.initialized() Logging initialized @4176ms to org.eclipse.jetty.util.log.Slf4jLog
Jicofo 2020-08-05 11:26:12.822 INFO: [10] org.eclipse.jetty.server.Server.doStart() jetty-9.4.15.v20190215; built: 2019-02-15T16:53:49.381Z; git: eb70b240169fcf1abbd86af36482d1c49826fa0b; jvm 1.8.0_252-8u252-b09-1~18.04-b09
Jicofo 2020-08-05 11:26:14.026 INFO: [16] org.jitsi.jicofo.ProtocolProviderHandler.log() XmppProtocolProvider(focus@auth.meet.mydomain.com/focus12491357517 (Jabber)): RegistrationStateChangeEvent[ oldState=Unregistered; newState=RegistrationState=Registered; reasonCode=-1; reason=null]
Jicofo 2020-08-05 11:26:14.240 INFO: [16] org.jitsi.jicofo.xmpp.BaseBrewery.log() Joined brewery room: JvbBrewery@internal.auth.meet.mydomain.com
Jicofo 2020-08-05 11:26:14.251 INFO: [16] org.jitsi.jicofo.ComponentsDiscovery.log() New component discovered: auth.meet.mydomain.com, Prosody(0.11.5,Linux)
Jicofo 2020-08-05 11:26:14.252 INFO: [16] org.jitsi.jicofo.JitsiMeetServices.log() Detected XMPP server version: Prosody(0.11.5,Linux)
Jicofo 2020-08-05 11:26:14.269 WARNING: [16] org.jitsi.impl.protocol.xmpp.OpSetSimpleCapsImpl.log() Failed to discover features for conferenceduration.meet.mydomain.com: XMPP error reply received from conferenceduration.meet.mydomain.com: XMPPError: service-unavailable - cancel
Jicofo 2020-08-05 11:26:14.274 WARNING: [16] org.jitsi.impl.protocol.xmpp.OpSetSimpleCapsImpl.log() Failed to discover features for focus.meet.mydomain.com: XMPP error reply received from focus.meet.mydomain.com: XMPPError: service-unavailable - wait
Jicofo 2020-08-05 11:26:14.278 INFO: [16] org.jitsi.jicofo.ComponentsDiscovery.log() New component discovered: conference.meet.mydomain.com, null
Jicofo 2020-08-05 11:26:14.280 WARNING: [16] org.jitsi.impl.protocol.xmpp.OpSetSimpleCapsImpl.log() Failed to discover features for speakerstats.meet.mydomain.com: XMPP error reply received from speakerstats.meet.mydomain.com: XMPPError: service-unavailable - cancel
Jicofo 2020-08-05 11:26:14.285 INFO: [16] org.jitsi.jicofo.ComponentsDiscovery.log() New component discovered: lobby.meet.mydomain.com, null
Jicofo 2020-08-05 11:26:14.285 INFO: [16] org.jitsi.jicofo.ComponentsDiscovery.log() Service rediscovery disabled
Jicofo 2020-08-05 11:26:14.285 INFO: [16] org.jitsi.jicofo.FocusManager.log() XMPP provider reg state: RegistrationState=Registered
Jicofo 2020-08-05 11:26:14.306 INFO: [16] org.jitsi.impl.protocol.xmpp.XmppProtocolProvider.log() XMPP provider Jabber:focus@auth.meet.mydomain.com/focus12491357517@localhost connected (JID: focus@auth.meet.mydomain.com/focus12491357517)
Jicofo 2020-08-05 11:26:15.224 INFO: [10] org.eclipse.jetty.server.handler.ContextHandler.doStart() Started o.e.j.s.ServletContextHandler@43662881{/,null,AVAILABLE}
Jicofo 2020-08-05 11:26:15.249 INFO: [10] org.eclipse.jetty.server.AbstractConnector.doStart() Started ServerConnector@3784a05e{HTTP/1.1,[http/1.1]}{0.0.0.0:8888}
Jicofo 2020-08-05 11:26:15.250 INFO: [10] org.eclipse.jetty.server.Server.doStart() Started @7638ms
Jicofo 2020-08-05 11:26:15.325 INFO: [10] org.jitsi.jicofo.health.Health.log() Health checks are disabled.
Jicofo 2020-08-05 11:26:15.326 INFO: [1] org.jitsi.impl.configuration.ConfigurationServiceImpl.log() org.jitsi.jicofo.BRIDGE_MUC=JvbBrewery@internal.auth.meet.mydomain.com
Jicofo 2020-08-05 11:26:15.341 INFO: [1] org.jitsi.xmpp.component.ComponentBase.log() Component org.jitsi.jicofo. config: 
Jicofo 2020-08-05 11:26:15.341 INFO: [1] org.jitsi.xmpp.component.ComponentBase.log()   ping interval: 10000 ms
Jicofo 2020-08-05 11:26:15.341 INFO: [1] org.jitsi.xmpp.component.ComponentBase.log()   ping timeout: 5000 ms
Jicofo 2020-08-05 11:26:15.341 INFO: [1] org.jitsi.xmpp.component.ComponentBase.log()   ping threshold: 3
Jicofo 2020-08-05 11:26:16.317 INFO: [28] org.jitsi.jicofo.xmpp.BaseBrewery.log() Added brewery instance: jvbbrewery@internal.auth.meet.mydomain.com/8f0d446c-c43a-45fc-be57-7d9c94be67d2
Jicofo 2020-08-05 11:26:16.322 INFO: [28] org.jitsi.jicofo.bridge.Bridge.log() Setting max total packet rate of 50800.0
Jicofo 2020-08-05 11:26:16.327 INFO: [28] org.jitsi.jicofo.bridge.Bridge.log() Setting average participant packet rate of 500
Jicofo 2020-08-05 11:26:16.337 INFO: [28] org.jitsi.jicofo.bridge.BridgeSelector.log() Added new videobridge: Bridge[jid=jvbbrewery@internal.auth.meet.mydomain.com/8f0d446c-c43a-45fc-be57-7d9c94be67d2, relayId=null, region=null, stress=0.00]
Jicofo 2020-08-05 11:26:16.339 INFO: [28] org.jitsi.jicofo.bridge.JvbDoctor.log() Scheduled health-check task for: jvbbrewery@internal.auth.meet.mydomain.com/8f0d446c-c43a-45fc-be57-7d9c94be67d2
root@meet:~# 

my /etc/prosody/prosody.cfg.lua file

-- Prosody XMPP Server Configuration
--
-- Information on configuring Prosody can be found on our
-- website at https://prosody.im/doc/configure
--
-- Tip: You can check that the syntax of this file is correct
-- when you have finished by running this command:
--     prosodyctl check config
-- If there are any errors, it will let you know what and where
-- they are, otherwise it will keep quiet.
--
-- Good luck, and happy Jabbering!


---------- Server-wide settings ----------
-- Settings in this section apply to the whole server and are the default settings
-- for any virtual hosts

-- This is a (by default, empty) list of accounts that are admins
-- for the server. Note that you must create the accounts separately
-- (see https://prosody.im/doc/creating_accounts for info)
-- Example: admins = { "user1@example.com", "user2@example.net" }
admins = { }
component_ports = { 5347 }
component_interface = "0.0.0.0"
https_ports = { }
-- Enable use of libevent for better performance under high load
-- For more information see: https://prosody.im/doc/libevent
--use_libevent = true

-- Prosody will always look in its source directory for modules, but
-- this option allows you to specify additional locations where Prosody
-- will look for modules first. For community modules, see https://modules.prosody.im/
--plugin_paths = {}

-- This is the list of modules Prosody will load on startup.
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
-- Documentation for bundled modules can be found at: https://prosody.im/doc/modules
modules_enabled = {

	-- Generally required
		"roster"; -- Allow users to have a roster. Recommended ;)
		"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
		"tls"; -- Add support for secure TLS on c2s/s2s connections
		"dialback"; -- s2s dialback support
		"disco"; -- Service discovery

	-- Not essential, but recommended
		"carbons"; -- Keep multiple clients in sync
		"pep"; -- Enables users to publish their avatar, mood, activity, playing music and more
		"private"; -- Private XML storage (for room bookmarks, etc.)
		"blocklist"; -- Allow users to block communications with other users
		"vcard4"; -- User profiles (stored in PEP)
		"vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard

	-- Nice to have
		"version"; -- Replies to server version requests
		"uptime"; -- Report how long server has been running
		"time"; -- Let others know the time here on this server
		"ping"; -- Replies to XMPP pings with pongs
		"register"; -- Allow users to register on this server using a client and change passwords
		--"mam"; -- Store messages in an archive and allow users to access it
		--"csi_simple"; -- Simple Mobile optimizations

	-- Admin interfaces
		"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
		--"admin_telnet"; -- Opens telnet console interface on localhost port 5582

	-- HTTP modules
		--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
		--"websocket"; -- XMPP over WebSockets
		--"http_files"; -- Serve static files from a directory over HTTP

	-- Other specific functionality
		--"limits"; -- Enable bandwidth limiting for XMPP connections
		--"groups"; -- Shared roster support
		--"server_contact_info"; -- Publish contact information for this service
		--"announce"; -- Send announcement to all online users
		--"welcome"; -- Welcome users who register accounts
		--"watchregistrations"; -- Alert admins of registrations
		--"motd"; -- Send a message to users when they log in
		--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
		--"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use
}

-- These modules are auto-loaded, but should you want
-- to disable them then uncomment them here:
modules_disabled = {
	-- "offline"; -- Store offline messages
	-- "c2s"; -- Handle client connections
	-- "s2s"; -- Handle server-to-server connections
	-- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
}

-- Disable account creation by default, for security
-- For more information see https://prosody.im/doc/creating_accounts
allow_registration = false

-- Force clients to use encrypted connections? This option will
-- prevent clients from authenticating unless they are using encryption.

c2s_require_encryption = false

-- Force servers to use encrypted connections? This option will
-- prevent servers from authenticating unless they are using encryption.

s2s_require_encryption = true

-- Force certificate authentication for server-to-server connections?

s2s_secure_auth = false

-- Some servers have invalid or self-signed certificates. You can list
-- remote domains here that will not be required to authenticate using
-- certificates. They will be authenticated using DNS instead, even
-- when s2s_secure_auth is enabled.

--s2s_insecure_domains = { "insecure.example" }

-- Even if you disable s2s_secure_auth, you can still require valid
-- certificates for some domains by specifying a list here.

--s2s_secure_domains = { "jabber.org" }

-- Required for init scripts and prosodyctl
pidfile = "/var/run/prosody/prosody.pid"

-- Select the authentication backend to use. The 'internal' providers
-- use Prosody's configured data storage to store the authentication data.

-- authentication = "internal_hashed"

-- Select the storage backend to use. By default Prosody uses flat files
-- in its configured data directory, but it also supports more backends
-- through modules. An "sql" backend is included by default, but requires
-- additional dependencies. See https://prosody.im/doc/storage for more info.

--storage = "sql" -- Default is "internal"

-- For the "sql" backend, you can uncomment *one* of the below to configure:
--sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
--sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
--sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }


-- Archiving configuration
-- If mod_mam is enabled, Prosody will store a copy of every message. This
-- is used to synchronize conversations between multiple clients, even if
-- they are offline. This setting controls how long Prosody will keep
-- messages in the archive before removing them.

archive_expires_after = "1w" -- Remove archived messages after 1 week

-- You can also configure messages to be stored in-memory only. For more
-- archiving options, see https://prosody.im/doc/modules/mod_mam

-- Logging configuration
-- For advanced logging see https://prosody.im/doc/logging
log = {
	info = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
	error = "/var/log/prosody/prosody.err";
	-- "*syslog"; -- Uncomment this for logging to syslog
	-- "*console"; -- Log to the console, useful for debugging with daemonize=false
}

-- Uncomment to enable statistics
-- For more info see https://prosody.im/doc/statistics
-- statistics = "internal"

-- Certificates
-- Every virtual host and component needs a certificate so that clients and
-- servers can securely verify its identity. Prosody will automatically load
-- certificates/keys from the directory specified here.
-- For more information, including how to use 'prosodyctl' to auto-import certificates
-- (from e.g. Let's Encrypt) see https://prosody.im/doc/certificates

-- Location of directory to find certificates in (relative to main config file):
certificates = "certs"

-- HTTPS currently only supports a single certificate, specify it here:
--https_certificate = "/etc/prosody/certs/localhost.crt"

----------- Virtual hosts -----------
-- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
-- Settings under each VirtualHost entry apply *only* to that host.

-- VirtualHost "localhost"

--VirtualHost "example.com"
--	certificate = "/path/to/example.crt"

------ Components ------
-- You can specify components to add hosts that provide special services,
-- like multi-user conferences, and transports.
-- For more information on components, see https://prosody.im/doc/components

---Set up a MUC (multi-user chat) room server on conference.example.com:
--Component "conference.example.com" "muc"
--- Store MUC messages in an archive and allow users to access it
--modules_enabled = { "muc_mam" }

---Set up an external component (default component port is 5347)
--
-- External components allow adding various services, such as gateways/
-- transports to other networks like ICQ, MSN and Yahoo. For more info
-- see: https://prosody.im/doc/components#adding_an_external_component
--
--Component "gateway.example.com"
--	component_secret = "password"

Include "conf.d/*.cfg.lua"

/etc/prosody/conf.avail/meet.mydomain.com.cfg.lua

plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }

-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "meet.mydomain.com";

turncredentials_secret = "ve1NDVHFT4RtblgD";

turncredentials = {
  { type = "stun", host = "meet.mydomain.com", port = "3478" },
  { type = "turn", host = "meet.mydomain.com", port = "3478", transport = "udp" },
  { type = "turns", host = "meet.mydomain.com", port = "443", transport = "tcp" }
};

cross_domain_bosh = true;
consider_bosh_secure = true;
-- https_ports = { }; -- Remove this line to prevent listening on port 5284

-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
ssl = {
  protocol = "tlsv1_2+";
  ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
}

VirtualHost "meet.mydomain.com"
        -- enabled = false -- Remove this line to enable this host
        authentication = "token"
        -- Properties below are modified by jitsi-meet-tokens package config
        -- and authentication above is switched to "token"
        app_id="MY_APP_ID" ---i had replaced this with my real app id and tokens
        app_secret="MY_APP_SECRET"
        allow_empty_token = false
	-- Assign this host a certificate for TLS, otherwise it would use the one
        -- set in the global section (if any).
        -- Note that old-style SSL on port 5223 only supports one certificate, and will always
        -- use the global one.
        ssl = {
                key = "/etc/prosody/certs/meet.mydomain.com.key";
                certificate = "/etc/prosody/certs/meet.mydomain.com.crt";
        }
        speakerstats_component = "speakerstats.meet.mydomain.com"
        conference_duration_component = "conferenceduration.meet.mydomain.com"
        -- we need bosh
        modules_enabled = {
            "bosh";
            "pubsub";
            "ping"; -- Enable mod_ping
            "speakerstats";
            "turncredentials";
            "conference_duration";
            "muc_lobby_rooms";
	    "presence_identity";
        }
        c2s_require_encryption = false
        lobby_muc = "lobby.meet.mydomain.com"
        main_muc = "conference.meet.mydomain.com"
        -- muc_lobby_whitelist = { "recorder.meet.mydomain.com" } -- Here we can whitelist jibri to enter lobby enabled rooms

Component "conference.meet.mydomain.com" "muc"
    storage = "memory"
    modules_enabled = {
        "muc_meeting_id";
        "muc_domain_mapper";
        "token_verification";
    }
    admins = { "focus@auth.meet.mydomain.com" }
    muc_room_locking = false
    muc_room_default_public_jids = true

-- internal muc component
Component "internal.auth.meet.mydomain.com" "muc"
    storage = "memory"
    modules_enabled = {
      "ping";
    }
    admins = { "focus@auth.meet.mydomain.com", "jvb@auth.meet.mydomain.com" }
    muc_room_locking = false
    muc_room_default_public_jids = true

VirtualHost "auth.meet.mydomain.com"
    ssl = {
        key = "/etc/prosody/certs/auth.meet.mydomain.com.key";
        certificate = "/etc/prosody/certs/auth.meet.mydomain.com.crt";
    }
    authentication = "internal_plain"

Component "focus.meet.mydomain.com"
    component_secret = "AYBOYY0h"

Component "speakerstats.meet.mydomain.com" "speakerstats_component"
    muc_component = "conference.meet.mydomain.com"

Component "conferenceduration.meet.mydomain.com" "conference_duration_component"
    muc_component = "conference.meet.mydomain.com"

Component "lobby.meet.mydomain.com" "muc"
    storage = "memory"
    restrict_room_creation = true
    muc_room_locking = false
    muc_room_default_public_jids = true

i have not changed any other configs. Jicofo config or Videobridge config are all at default.
What am i missing here?
Kind Regards
Puneet

I have same problem, did you mange to solve it.
Users are authenticated, aeven names are showing, but can not start video or audio. And every authenticated user shown you are only one in room.

The installation address and the access address may be different. They should be same