Jwt Jitsi Setup other participants joining not Working

hey everyone
actually i have setup jitsi…with jwt token…i didn’t got any errors while installing jitsi with jwt
after that if i tried hitting my domain example.meet.com it was asking for user name and password
so then i tired joining meet with jwt
example → domain/12345?jwt=mytoken
it worked and i was in the meeting as a moderator.
but after that i just tried to invite people with same link example.meet.com/12345
other people were not able to join …it was asking for username and password again for the same room
i tried giving them the token then they were able to join with token … ( not as a moderator which is fine)

i think did some mistakes . or maybe missed out something

the end result which i wanna achieve…

no body can create a meeting without token and the person who created the meet with valid token can invite … invited users can join without token in that specific room

That use case has always been a bit iffy. Guest support (that’s the name of what you want) doesn’t work with JWT. It might have work by accident but it was never intentional.

We will likely add it properly in the future, but I’m afraid it’s non-functional in the latest release.

previously it was working …i have seen youtube videos on it…followed the same approach. but for that person it was working…

i don’t know what happened in mine…

i am using ubuntu 22 latest LTS

so can i generate two tokens one for guest and one for host…will it work

i want that guest should not be able to acess untill host has joined

how can i generate non moderator token …i tried setting up like this

{
“aud”: “jitsi”,
“context”: {
“user”: {
“id”: “”,
“name”: “J”,
“avatar”: “”,
“email”: “”,
“moderator”: “false”
},
“features”: {
“livestreaming”: “false”,
“outbound-call”: “false”,
“transcription”: “false”,
“recording”: “false”
},
“room”: {
“regex”: false
}
},
“exp”: 1696284052,
“iss”: “chat”,
“nbf”: 1596197652,
“room”: “”,
}

it dosent work by default if noone is there in meet the user become moderator

By default the moderator isn’t set based on token content. The first coming user is the moderator.

how can i allow people to join without token…if moderator is already there in the call

how can i allow people to join without token…if moderator is already there in the call
but without token nobody should able to create or start a meeting

At present, I don’t think you can. Not easily anyway.

Someone will correct me if I am mistaken, but I believe if you want to use the built-in mechanism where only moderators can create rooms and guests end up in a waiting area until moderators join, then it only really works with Secure Domain auth, not JWT.

JWT was really designed for integrating with other apps whereby the user journey and auth is handled by your own app, and when they are ready to join, you send them to the appropriate Jitsi room with a token. So you kinda need to build the “waiting room” page yourself.

One approach is discussed here:

Might also be worth checking if something like eparto meets your needs. (you can deploy your own too – galaxy).

1 Like

yeah maybe that can be done i will definitely take a look into that . Thanks for sharing this…

but maybe a somewhat like that i wanted to achieve but not completely …that thing

maybe i can use this jwt only …i believe it will work in my used case

U have cleary imentioned and explained each n every thing

what i wanted to achieve was like once meeting get created with valid token…any user can be invited from jitsi meeting invite option but if i share that mydomain/code to users over mail or copy paste while being in the meeting through jitsi invite option
image_2022-08-09_200148163

no body can join because it will ask for token… even if moderator is there in the meet.

is thier any option available… to achieve that

The simplest solution really is to always route users via your app, even for guests. That way you can handle user journey in a consistent way and not have to worry about what happens if users go via your app vs directly to Jitsi.

If you really really need to have users generate invite links from within Jitsi rather than from your app, you’ll need to figure out how to make it produce a link to your app rather than Jitsi itself. I’ve never tried this, but if I had to do this I would investigate the following options:

  1. Overriding inviteDomain so that it shows invites.myapp.com/roomName instead of myjitsi.com/roomName then have my app handle requests on that path accordingly. Alas, this might not work too well if someone uses the “embed this meeting” feature.
  2. If that doesn’t work, then I’ll try to intercept the “invite” button click and show my own interface – this can be done by making sure users visit the Jitsi page via an embedded IFrame, then intercepting using buttonsWithNotifyClick option and toolbarButtonClicked event.
  3. If that doesn’t work either, then last resort would be to maintain a small fork of Jitsi Meet where the invite modal is modified slightly to show my app URL instead.

Option (1) would be ideal, and (3) is least desirable since maintaining a fork is a lot of work each time you need to upgrade Jitsi. (2) is relatively easy if you can make sure users always visit via the IFrame, but displaying the alternative UX to show/share invite URL requires a bit more work.


If the above is not viable for whatever reason, I suppose a workaround would be to integrate the reservations module so prosody will first ask your app for authorisation before creating a new room – your app can then have some logic whereby it rejects room creation if it was not started by a moderator. There are several ways to infer that, but all requires some work, and I won’t go into that just yet since this could end up as a really long post :pensive:

The major downside of this approach, which could be a deal breaker, is that if a guest arrives first then it sees a “reservation error” message rather than a friendly UI that explains that the moderator is not yet in the room.

In short, not a great solution unless you want incorporate some complex backend logic for room creation restrictions.

2 Likes

thanks for your detailed explanation… i think i am clear now what i have to do
invite link to the users option… while creating the code will be better …instead of doing in jitsi as it seems to be very much complicated …

i just saw this video thats why i thought that it will workout-Jitsi Meet Token(JTW) Authentication - YouTube if this would have been possible then i belive i would have achieved th end result i wanted

third option would work upto some extend i believe … i will achieve what i wanted… just need to work on creating the logic myself…it would be tough but would be fun :grinning: :grinning: :grinning:

@shawn thanks man,thanks for explaining in that much detail…

one last question … is their a way to change invite url to custom url… and maybe the body of the message while inviting people too
image_2022-08-09_222028265
t

That feature was designed to work mainly for Secure Domain, and coincidentally worked with JWT for a period even though it was never designed to. As with any unintentional feature, there is a risk that it will stop working as the software evolve – and in this case I believe that is what happened.

I’ve never explored that so I’m afraid I have no idea. There’s a chance you might be able to influence the link using the inviteDomain option I mentioned previously, and you can probably change the content to some extent by customising the translation files but anything more elaborate will probably require code changes. Don’t take my word for it thought; I’m just guessing.

Good luck with your project.

1 Like

Probably it will work if you add enable_domain_verification = false into your prosody config but this is a hacky way to solve it. It may break down in the future.

VirtualHost "jitsi.yourdomain.com"
    authentication = "token" -- do not delete me
    app_id="yourappid"
    app_secret="yourappsecret"
    enable_domain_verification = false
1 Like

i willl go through that once and will try it out. But as you said there r less chances …maybe it wont work…i believe in that situation i have to disable invite permanently…and put some logic inside my application itself…

even i think maybe due to that it has happened coz i have tried multiple ways but it didn’t worked, …i think if i play with Jwt a bit i believe i will be able to make a Solid architecture/model for my project…

soory again couple of more doubts i have …realted to JWT

1> Can i create a jwt for a spefic user only…with any kind of id or something…groups etc …
the end result i wanted is like that token will be valid for that particular person only…

   so anyhow if he got the token if he shares that to anybody nonone else can join.. 

 i think this question itself will solve a lot of doubts.

thanks for the reply emrah

unfortuntely…it didnt worked i have added this line …but same thing was happening

is their anything else i have to do our just changing that would have worked…

I tried it and it works for me

  • Enable token authentication
  • Add VirtualHost for guest
  • Enable external JWT authentication
  • Enable anonymousdomain in config.js
  • Add enable_domain_verification = false
  • Restart the services

The details for each steps are already shared in forum. Check the old posts.

2 Likes

That’s kinda like asking how to reject the other party if users share their password or Auth cookies. The whole point of tokens is that it is trusted data that can only be derived if your identity has already been verified. If you have to revalidate it each time then it really defeats the purpose.

What you do want to do however is:

  1. Make sure users cannot accidentally share their token e.g. it should never be sitting in the browser location bar – users are used to copy pasting that for sharing, so auth info should not be left there
  2. Limit the scope of a token in case it is accidentally exposed. E.g. make it valid for just one room, and for a limited time, and not reuse same token to access other apps.
1 Like

Thanks all… for your support and guidance and explaining each stuff in so much detail…you guys have helped me a lot to understand each stuff in detai…

now i have the idea whatever i have to do how can i achieve that and build a solid architecture for my project…

@shawn @emrah @saghul @damencho

Thanks all … :smiley: :smiley: :smiley:

2 Likes

hey every one two three more questions :saluting_face: :grimacing: :zipper_mouth_face:

1> jitsi automatically assigns a moderator if current moderator exit tha call …can i disable that

2-> can i disable or disconnect the call if moderator leaves the call automatiicaly

3-> can i hit custom api on disconnect call button

Yes, set this to false jicofo/reference.conf at f326b319444d0de48b28abb997969ec7afed80b9 · jitsi/jicofo · GitHub

There is no such feature at the moment.

Or

1 Like