JWT Tokens Install Guide

I would really appreciate if someone can write a step-by-step guide up for getting JWT to work with jitsi.

3 Likes

Did you see below guide?

yes, i did. but for beginners like me its just flying over the head

what is the application ID? where do i get that

more over when i tried to

apt-get install jitsi-meet-tokens

i got this.

Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 jitsi-meet-tokens : Depends: prosody-trunk (>= 1nightly747) but it is not installable or
                              prosody-0.11 but it is not installable or
                              prosody (>= 0.11.2) but 0.10.0-1build1 is to be installed
E: Unable to correct problems, you have held broken packages.

i have jitsi unstable latest version installed.

i got around updating prosody to .11x by adding prosody’s deb source list etc

So i was hoping that a step-by-step guide will be helpful for people like me

2 Likes

@masteryoda.

You are right, we need a more detailed Installation Guide, I am 45 days trying to install and configure JWT token authenticationcorrectly, but I found several problems. It seems that the community has no interest in providing this type of information. Unfortunately, the learning curve is big.

Rather, there is no enough manpower by the side of the development team to provide that information officially. They are simply full of tasks.

1 Like

Thanks @KEYLETAL for the answer, I believe that’s it.

I used this guide to have a working Jitsi with token authentication enabled Docs/Jitsi Meet Installation.md at master · christiancuri/Docs

2 Likes

I have having same issue while installing jitsi-meet-tokens. Were you able to find the solution to this issue?

I haven’t tried it myself, but I’ve just found this guide that might help. I was hoping to try it later today.

Tested this tutorial it works when you replace the version of lus cjson with a newer one compatble with ubuntu 18.04 prosody stable apt lua 5.2 and jitsi unstable:
luarocks install lua-cjson 2.1.0-1

1 Like

Here i have prepared Jitsi with JWT installation guide;

For Ubuntu 20.04 LTS;

For Ubuntu 18.04 LTS;

3 Likes

This leave me with errors, and I am pulling my hair out trying to finish the installation manually.

I realized, after a day of pulling my hair out, that the quotes around

sed -i ‘s/lua_objlen/lua_rawlen/g’ lua_cjson.c &&

sed -i ‘s|$(PREFIX)/include|/usr/include/lua5.2|g’ Makefile &&

are left and right quotes and not single quotes like they should be.

I also needed ports 59009, 10000, 4443, 5222, 5347, 9418 open.

That was pretty much all that needed to be done except to watch to make sure that I was in the correct directory when executing commands on the command line. I ran each of these commands one at a time making adjustments to which directory I was in as I went; the installation completely pretty much uneventfully, no surprises.

Now that JWT Tokens is installed I have to learn how to use it…

1 Like

This works for me. Please see section marked Enable JWT

you can do this, it will solve the problem"

echo deb http://packages.prosody.im/debian $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list

wget https://prosody.im/files/prosody-debian-packages.key -O- | sudo apt-key add -

sudo apt update

After that when you type: sudo apt install jitsi-meet-tokens
it will work like shwiiiiii

1 Like

Couple of things, I installed downloaded luarocks in /usr/src rather than /src. will that make a difference.

I also noticed that Videobridge is listening on port 5347 along with Prosody. My instincts say to put Video bridge on port 5275. I asked my host to open port 5275 so I will have this available. Is this what I should do??

Another thing, I specified our Comodo Wildcard SSL certificate be used for authentication, yet I see in Prosody that the OpenSSL certificate is being specified instead. Can I go through all the Jitsi config files and point each component to our Comodo Wildcard SSL Cert, or do I have to generate and install an OpenSSL Certificate??

Our Comodo Cert comes with reputation verification as well as encryption.

OK, I get this message:

Reading state information… Done
All packages are up to date.
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list:4 and /etc/apt/sources.list:5
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list:4 and /etc/apt/sources.list:5
W: Target Translations (main/i18n/Translation-en_US) is configured multiple times in /etc/apt/sources.list:4 and /etc/apt/sources.list:5
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list:4 and /etc/apt/sources.list:5
W: Target CNF (main/cnf/Commands-amd64) is configured multiple times in /etc/apt/sources.list:4 and /etc/apt/sources.list:5
W: Target CNF (main/cnf/Commands-all) is configured multiple times in /etc/apt/sources.list:4 and /etc/apt/sources.list:5
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list:4 and /etc/apt/sources.list:5
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list:4 and /etc/apt/sources.list:5
W: Target Translations (main/i18n/Translation-en_US) is configured multiple times in /etc/apt/sources.list:4 and /etc/apt/sources.list:5
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list:4 and /etc/apt/sources.list:5
W: Target CNF (main/cnf/Commands-amd64) is configured multiple times in /etc/apt/sources.list:4 and /etc/apt/sources.list:5
W: Target CNF (main/cnf/Commands-all) is configured multiple times in /etc/apt/sources.list:4 and /etc/apt/sources.list:5

Do I need to go through these files and eliminate all but the last configuration entry in each one??

This is what it is talking about in /etc/apt/sources.list, for instance

deb http://archive.ubuntu.com/ubuntu bionic main universe
deb http://archive.ubuntu.com/ubuntu bionic-security main universe
deb http://archive.ubuntu.com/ubuntu bionic-updates main universe
deb http://packages.prosody.im/debian bionic main
deb http://packages.prosody.im/debian bionic main

Since the bottom two lines are identical, I should just delete the last line and all should be well.

And now it looks like the following:

root@meet:/etc/apt# apt update
Hit:1 https://download.jitsi.org stable/ InRelease
Hit:2 http://archive.ubuntu.com/ubuntu bionic InRelease
Hit:3 http://archive.ubuntu.com/ubuntu bionic-security InRelease
Hit:4 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
Hit:5 http://packages.prosody.im/debian bionic InRelease
Reading package lists… Done
Building dependency tree
Reading state information… Done
All packages are up to date.

And when I run apt install jitsi-meet-tokens, I get the following:

root@meet:/etc/apt# apt install jitsi-meet-tokens
Reading package lists… Done
Building dependency tree
Reading state information… Done
jitsi-meet-tokens is already the newest version (1.0.4428-1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@meet:/etc/apt#

Bottom line, video and audio is not working in Jitsi.

Actually the video appears to be working, it is just that the meeting starts with video and audio disabled and there is no way to enable either. I don’t think I set it up that way in configuration.

Also the meeting disconnects every 15 seconds.

Back again.

Everything installed on a fresh install of Ubuntu 20.04 Focal Fossa without issue, but when I try to enter a room with a token, I get "Authentication Failed.

So now I need to know how a JWT.io token should be formed.

Here is what I did

Header
{
“alg”: “HS256”,
“typ”: “JWT”
}

Payload
{
“aud”: “jitsi”,
“iss”: “jkitol”,
“sub”: “meet.politea.us”,
“room”: “*”,
“exp”: 1500006923
}
HMACSHA256(
base64UrlEncode(header) + “.” +
base64UrlEncode(payload),
[app_secret]???

Is this anywhere near correct?
What should it look like.

JWT.io says the the secret needs to be a 256 bit secret. Is this something I can create arbitrarily by laying on my keyboard, or is this something that needs to be generated in a particular way? Is this one and the same as app_secret that goes in the prosody domain.name.cfg.lua file?

aud = iss = app_id

“exp”: 1500006923 is already expired (July 14 2017). Try a value greater than 1602200000

Thanks, I thought that was far in the future, for sort of never expire.

What do we use app_secret for?