New Prosody modules to control a tokenized room: token_affiliation and token_owner_party

I have tried @emrah prosody modules and they are working perfectly, there is no any issue but I hope he can make dynamically controlled room duration through JWT token so we can pass time limit for each room in JWT payload.
thank you for making those modules

1 Like

It’s possible to use token_affiliation in Moodle using Jitsi-Meet moodle plugin now

Related commit: token_affiliation compability

1 Like

Hi @emrah I am having the same issues as @metadata that everyone in the room is a moderator. I too am using docker-jitsi-meet.

I have no Docker environment, therefore I can’t test it on Docker

You can run docker locally with Docker for Windows (Using VirtualBox), or install docker-ce on Linux

I found the issue to be with Jicofo AUTO OWNER. You need to disable it in sip.properties

org.jitsi.jicofo.DISABLE_AUTO_OWNER=true

Unfortunately theres a bug in the current Docker-Jitsi-Meet that doesnt update the sip.properties when you change it

@emrah I have noticed you have good experience in prosody module development.

Can you please help me how you can send

Post send request to

  1. Https://example.com/api
    Data
    “Secret”:“xxxx”
    “Message”: “my message”

Then how to read respond if it’s as json
( In lua with prosody & with dependencies or packages we need )

  1. In same way how to read from local json file, like data.json
    & Update specific data with it’s ID in that json file
    & Delete the data.

Thank you.

I don’t know how to send the http post request and to edit/process a JSON file in Lua. Lua is not my everyday language and I only learn about it when I need to do something. Sorry

https://github.com/jitsi/jitsi-meet/blob/70fcabd13683f31cb16179df2fa8099a95645a29/resources/prosody-plugins/util.lib.lua#L268 this may help. There is also some json usage in speakerstats module.

Is token_affiliation working for you?

@glokon could you elaborate on this? Is there already an issue we can track?

I have mounted a file /config/custom-sip-communicator.properties containing org.jitsi.jicofo.DISABLE_AUTO_OWNER=true. This file is appended to /config/sip-communicator.properties. But still it doesn’t work unfortunately.

I think @glokon is talking about the rebuilding the config on container restarts. This has been fixed.

@glokon if this isn’t working for you then you can try below PR but you have to build your own jicofo image using unstable build or try docker image mentioned here

Thanks for clarifying @metadata. Indeed I can see in the Jicofo log output that the setting is being applied:

2020-12-29 09:23:57.604 INFO: [1] org.jitsi.impl.configuration.ConfigurationServiceImpl.log() org.jitsi.jicofo.DISABLE_AUTO_OWNER=true

However I am still facing the situation that every authenticated user gets the moderator role assigned, even when I see affiliation: member in Prosody log output (Docker stable-5142-4 + JWT auth + mod_token_affiliation). Any ideas?

The only mysterious things I could find are these lines from Prosody

focus.meet.jitsi:component       warn	Component not connected, bouncing error for: <iq type='get' from='focus@auth.meet.jitsi/focus924603759403' to='focus.meet.jitsi' id='MFJTK-44'>
jcp56445ed1fc60                  info	Incoming Jabber component connection
focus.meet.jitsi:component       info	External component successfully authenticated

and this line from Jicofo

WARNING: [82] org.jitsi.xmpp.component.ComponentBase.log() PROCESSING TIME LIMIT EXCEEDED - it took 721ms to process: <iq type="set" from="38f8a231-26f4-4648-94fc-61ee1253e8d1@meet.jitsi/lMV5QNFo" to="focus.meet.jitsi" id="553595bb-a8d1-41bf-b498-f0f830a8834b:sendIQ"><conference xmlns="http://jitsi.org/protocol/focus" room="7@muc.meet.jitsi" machine-uid="b8f2630a7877248e3b721ceb074bf621"><property name="channelLastN" value="-1"/><property name="disableRtx" value="false"/><property name="enableTcc" value="true"/><property name="enableRemb" value="true"/><property name="enableLipSync" value="false"/><property name="openSctp" value="false"/><property name="startAudioMuted" value="10"/><property name="startVideoMuted" value="10"/><property name="stereo" value="false"/></conference></iq>

Also tried this. enable-auto-owner is set to "false" in jicofo.conf. Nevertheless, Jicofo grants ownership to every authenticated user.

Looking at the code (Jicofo 5142) it actually seems to be the intended behaviour – the autoOwner variable is only checked in electNewOwner but not in checkGrantOwnerToAuthUser. Now I’m a bit confused. :confused:

Think I’m going to try using a patched version of Jicofo next.

This module isn’t working for me either. I don’t know why this is happening with docker setup only. This module is working fine with non-docker setup. They both uses same Jicofo code.

Got it working by explicitly overriding ENABLE_AUTH=0 for the Jicofo service in docker-compose.yml. This way, no org.jitsi.jicofo.auth.URL is written into sip-communicator.properties (didn’t have this property configured in my non-Docker setup as well).

I must say that I still don’t quite understand Jicofo’s role in the JWT auth process because from my understanding the JWT is verified inside Prosody (via the token_verification module). If anyone could bring some light on this topic that would be very much appreciated. :slightly_smiling_face:

That’s strange. if ENABLE_AUTH=0 then how can you use AUTH_TYPE=jwt?

I only set ENABLE_AUTH=0 for the Jicofo service:

It’s set to 1 everywhere else (through the .env file).

ok got it. I’ll try it too. Thanks for digging into it.

Hello, thank you for share costume module prosody, and its works, but i have trouble, after kick all participant, user didn’t direct to my main page, can you help me?