JWT Tokens Install Guide

Thanks @KEYLETAL for the answer, I believe that’s it.

I used this guide to have a working Jitsi with token authentication enabled Docs/Jitsi Meet Installation.md at master · christiancuri/Docs

2 Likes

I have having same issue while installing jitsi-meet-tokens. Were you able to find the solution to this issue?

I haven’t tried it myself, but I’ve just found this guide that might help. I was hoping to try it later today.

Tested this tutorial it works when you replace the version of lus cjson with a newer one compatble with ubuntu 18.04 prosody stable apt lua 5.2 and jitsi unstable:
luarocks install lua-cjson 2.1.0-1

1 Like

Here i have prepared Jitsi with JWT installation guide;

For Ubuntu 20.04 LTS;

For Ubuntu 18.04 LTS;

4 Likes

This leave me with errors, and I am pulling my hair out trying to finish the installation manually.

I realized, after a day of pulling my hair out, that the quotes around

sed -i ‘s/lua_objlen/lua_rawlen/g’ lua_cjson.c &&

sed -i ‘s|$(PREFIX)/include|/usr/include/lua5.2|g’ Makefile &&

are left and right quotes and not single quotes like they should be.

I also needed ports 59009, 10000, 4443, 5222, 5347, 9418 open.

That was pretty much all that needed to be done except to watch to make sure that I was in the correct directory when executing commands on the command line. I ran each of these commands one at a time making adjustments to which directory I was in as I went; the installation completely pretty much uneventfully, no surprises.

Now that JWT Tokens is installed I have to learn how to use it…

1 Like

This works for me. Please see section marked Enable JWT

you can do this, it will solve the problem"

echo deb http://packages.prosody.im/debian $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list

wget https://prosody.im/files/prosody-debian-packages.key -O- | sudo apt-key add -

sudo apt update

After that when you type: sudo apt install jitsi-meet-tokens
it will work like shwiiiiii

1 Like

Couple of things, I installed downloaded luarocks in /usr/src rather than /src. will that make a difference.

I also noticed that Videobridge is listening on port 5347 along with Prosody. My instincts say to put Video bridge on port 5275. I asked my host to open port 5275 so I will have this available. Is this what I should do??

Another thing, I specified our Comodo Wildcard SSL certificate be used for authentication, yet I see in Prosody that the OpenSSL certificate is being specified instead. Can I go through all the Jitsi config files and point each component to our Comodo Wildcard SSL Cert, or do I have to generate and install an OpenSSL Certificate??

Our Comodo Cert comes with reputation verification as well as encryption.

OK, I get this message:

Reading state information… Done
All packages are up to date.
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list:4 and /etc/apt/sources.list:5
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list:4 and /etc/apt/sources.list:5
W: Target Translations (main/i18n/Translation-en_US) is configured multiple times in /etc/apt/sources.list:4 and /etc/apt/sources.list:5
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list:4 and /etc/apt/sources.list:5
W: Target CNF (main/cnf/Commands-amd64) is configured multiple times in /etc/apt/sources.list:4 and /etc/apt/sources.list:5
W: Target CNF (main/cnf/Commands-all) is configured multiple times in /etc/apt/sources.list:4 and /etc/apt/sources.list:5
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list:4 and /etc/apt/sources.list:5
W: Target Packages (main/binary-all/Packages) is configured multiple times in /etc/apt/sources.list:4 and /etc/apt/sources.list:5
W: Target Translations (main/i18n/Translation-en_US) is configured multiple times in /etc/apt/sources.list:4 and /etc/apt/sources.list:5
W: Target Translations (main/i18n/Translation-en) is configured multiple times in /etc/apt/sources.list:4 and /etc/apt/sources.list:5
W: Target CNF (main/cnf/Commands-amd64) is configured multiple times in /etc/apt/sources.list:4 and /etc/apt/sources.list:5
W: Target CNF (main/cnf/Commands-all) is configured multiple times in /etc/apt/sources.list:4 and /etc/apt/sources.list:5

Do I need to go through these files and eliminate all but the last configuration entry in each one??

This is what it is talking about in /etc/apt/sources.list, for instance

deb http://archive.ubuntu.com/ubuntu bionic main universe
deb http://archive.ubuntu.com/ubuntu bionic-security main universe
deb http://archive.ubuntu.com/ubuntu bionic-updates main universe
deb http://packages.prosody.im/debian bionic main
deb http://packages.prosody.im/debian bionic main

Since the bottom two lines are identical, I should just delete the last line and all should be well.

And now it looks like the following:

root@meet:/etc/apt# apt update
Hit:1 https://download.jitsi.org stable/ InRelease
Hit:2 http://archive.ubuntu.com/ubuntu bionic InRelease
Hit:3 http://archive.ubuntu.com/ubuntu bionic-security InRelease
Hit:4 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
Hit:5 http://packages.prosody.im/debian bionic InRelease
Reading package lists… Done
Building dependency tree
Reading state information… Done
All packages are up to date.

And when I run apt install jitsi-meet-tokens, I get the following:

root@meet:/etc/apt# apt install jitsi-meet-tokens
Reading package lists… Done
Building dependency tree
Reading state information… Done
jitsi-meet-tokens is already the newest version (1.0.4428-1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@meet:/etc/apt#

Bottom line, video and audio is not working in Jitsi.

Actually the video appears to be working, it is just that the meeting starts with video and audio disabled and there is no way to enable either. I don’t think I set it up that way in configuration.

Also the meeting disconnects every 15 seconds.

Back again.

Everything installed on a fresh install of Ubuntu 20.04 Focal Fossa without issue, but when I try to enter a room with a token, I get "Authentication Failed.

So now I need to know how a JWT.io token should be formed.

Here is what I did

Header
{
“alg”: “HS256”,
“typ”: “JWT”
}

Payload
{
“aud”: “jitsi”,
“iss”: “jkitol”,
“sub”: “meet.politea.us”,
“room”: “*”,
“exp”: 1500006923
}
HMACSHA256(
base64UrlEncode(header) + “.” +
base64UrlEncode(payload),
[app_secret]???

Is this anywhere near correct?
What should it look like.

JWT.io says the the secret needs to be a 256 bit secret. Is this something I can create arbitrarily by laying on my keyboard, or is this something that needs to be generated in a particular way? Is this one and the same as app_secret that goes in the prosody domain.name.cfg.lua file?

1 Like

aud = iss = app_id

“exp”: 1500006923 is already expired (July 14 2017). Try a value greater than 1602200000

Thanks, I thought that was far in the future, for sort of never expire.

What do we use app_secret for?

All is well. Can access rooms via the token, so I guess everything is set up correctly, at least where JWT is concerned.

So thanks again emrah.

Recently I created two docs with how to install jitsi meet + jwt on ubuntu 18 and 20 (with video)

https://github.com/christiancuri/Docs

NodeJS example how to create jwt

const jsonwebtoken = require(‘jsonwebtoken’)

const obj = {
context: {
user: {
email: ‘email@example.dev’,
name: Christian Curi,
}
},
room: ‘ChristianCuri’,
};

const jwt = jsonwebtoken.sign(obj, ‘secret’, {
issuer: “zellim”,
subject: https://jitmeet.example.com,
expiresIn: “12h”,
audience: “zellim”,
});

console.log(jwt)

the link you posted sent me to a 404, I think you meant this:

notice if you go one back in this GitHub link there is a directory with a second guide (for ubuntu 18 I think)

Someone can using this links for testing JWT, easy:
https://id.saza.vn/

Nice page but JWT format is different than what Jitsi uses