Moderators only with JWT


I’ve successfully set up my Jitsi server with JWT support which works perfectly fine. I am using the iFrame API to integrate Jitsi in my web application. Now I want certain users to be moderators and others to be normal guests. I only provide a JWT token for moderators and allow_empty_token is set to true.

Now everyone can be a moderator, even without the jwt token - why?
Also I would like to make sure the meeting only stars when a moderator is logged in via the jwt token, before that the meeting should not start.

Can you help?

Thanks a lot