I’ve set up JWT auth security for a private instance of Jitsi where all users (mods/guests) must have tokens to access rooms. I’m trying to wrap my head around how the security works to prevent bad actors from gaining access.
If an authenticated user is granted a token to access a room, would it not be fairly trivial for this user to distribute his token to allow others to access that same room? Is there any security mechanism to ensure that the token only works for the user it is granted to?
Appreciate the help. Total security n00b here!