New Prosody modules to control a tokenized room: token_affiliation and token_owner_party

https://github.com/jitsi/jitsi-meet/blob/70fcabd13683f31cb16179df2fa8099a95645a29/resources/prosody-plugins/util.lib.lua#L268 this may help. There is also some json usage in speakerstats module.

Is token_affiliation working for you?

@glokon could you elaborate on this? Is there already an issue we can track?

I have mounted a file /config/custom-sip-communicator.properties containing org.jitsi.jicofo.DISABLE_AUTO_OWNER=true. This file is appended to /config/sip-communicator.properties. But still it doesn’t work unfortunately.

I think @glokon is talking about the rebuilding the config on container restarts. This has been fixed.

@glokon if this isn’t working for you then you can try below PR but you have to build your own jicofo image using unstable build or try docker image mentioned here

Thanks for clarifying @metadata. Indeed I can see in the Jicofo log output that the setting is being applied:

2020-12-29 09:23:57.604 INFO: [1] org.jitsi.impl.configuration.ConfigurationServiceImpl.log() org.jitsi.jicofo.DISABLE_AUTO_OWNER=true

However I am still facing the situation that every authenticated user gets the moderator role assigned, even when I see affiliation: member in Prosody log output (Docker stable-5142-4 + JWT auth + mod_token_affiliation). Any ideas?

The only mysterious things I could find are these lines from Prosody

focus.meet.jitsi:component       warn	Component not connected, bouncing error for: <iq type='get' from='focus@auth.meet.jitsi/focus924603759403' to='focus.meet.jitsi' id='MFJTK-44'>
jcp56445ed1fc60                  info	Incoming Jabber component connection
focus.meet.jitsi:component       info	External component successfully authenticated

and this line from Jicofo

WARNING: [82] org.jitsi.xmpp.component.ComponentBase.log() PROCESSING TIME LIMIT EXCEEDED - it took 721ms to process: <iq type="set" from="38f8a231-26f4-4648-94fc-61ee1253e8d1@meet.jitsi/lMV5QNFo" to="focus.meet.jitsi" id="553595bb-a8d1-41bf-b498-f0f830a8834b:sendIQ"><conference xmlns="http://jitsi.org/protocol/focus" room="7@muc.meet.jitsi" machine-uid="b8f2630a7877248e3b721ceb074bf621"><property name="channelLastN" value="-1"/><property name="disableRtx" value="false"/><property name="enableTcc" value="true"/><property name="enableRemb" value="true"/><property name="enableLipSync" value="false"/><property name="openSctp" value="false"/><property name="startAudioMuted" value="10"/><property name="startVideoMuted" value="10"/><property name="stereo" value="false"/></conference></iq>

Also tried this. enable-auto-owner is set to "false" in jicofo.conf. Nevertheless, Jicofo grants ownership to every authenticated user.

Looking at the code (Jicofo 5142) it actually seems to be the intended behaviour – the autoOwner variable is only checked in electNewOwner but not in checkGrantOwnerToAuthUser. Now I’m a bit confused. :confused:

Think I’m going to try using a patched version of Jicofo next.

This module isn’t working for me either. I don’t know why this is happening with docker setup only. This module is working fine with non-docker setup. They both uses same Jicofo code.

Got it working by explicitly overriding ENABLE_AUTH=0 for the Jicofo service in docker-compose.yml. This way, no org.jitsi.jicofo.auth.URL is written into sip-communicator.properties (didn’t have this property configured in my non-Docker setup as well).

I must say that I still don’t quite understand Jicofo’s role in the JWT auth process because from my understanding the JWT is verified inside Prosody (via the token_verification module). If anyone could bring some light on this topic that would be very much appreciated. :slightly_smiling_face:

That’s strange. if ENABLE_AUTH=0 then how can you use AUTH_TYPE=jwt?

I only set ENABLE_AUTH=0 for the Jicofo service:

It’s set to 1 everywhere else (through the .env file).

ok got it. I’ll try it too. Thanks for digging into it.

Hello, thank you for share costume module prosody, and its works, but i have trouble, after kick all participant, user didn’t direct to my main page, can you help me?

Hi, i would like to know what is the result of this scenario :
For the Owner Party plugin if a “member” try to create a room what happens ?
Does jitsi will display this :

Do you have an idea if it’s possible to reproduce this ?
Thank you a lot

Hello @slauth Is it working for you with latest docker images also?

@metadata not tried yet, I’m still on stable-5142-4. Did you try it?

@vboinard in my specific setup (moderators and members/guests are all authenticated via JWT) this dialog is not shown unfortunately. The conference starts right away once the first participant joins the call, no matter if it’s an moderator or not. Would love to see if there is a way to enable the “waiting for the host” feature…

Thanks for your answer @slauth ,
Do you mean that even a non-moderator can create a room, i thought it was the purpose of the plugin to disable that ?
I suppose that we can reacreate this event by searching in the code and customize the plugin … for the moment i’m working on the organisation of my project. I will let you know if this is a task i will work on

Sorry for the confusion, I’m only using token_affiliation currently, not token_owner_party.

Its not working for me. Not even previous images.
Disabled AUTO_OWNER, set ENABLE_AUTH=0 on jicofo. Now jicofo uses jicofo.conf file instead of sip-communicator. this is generated at every restart.

She will redirected to close2.html