New Prosody modules to control a tokenized room: token_affiliation and token_owner_party

@vboinard in my specific setup (moderators and members/guests are all authenticated via JWT) this dialog is not shown unfortunately. The conference starts right away once the first participant joins the call, no matter if it’s an moderator or not. Would love to see if there is a way to enable the “waiting for the host” feature…

Thanks for your answer @slauth ,
Do you mean that even a non-moderator can create a room, i thought it was the purpose of the plugin to disable that ?
I suppose that we can reacreate this event by searching in the code and customize the plugin … for the moment i’m working on the organisation of my project. I will let you know if this is a task i will work on

Sorry for the confusion, I’m only using token_affiliation currently, not token_owner_party.

Its not working for me. Not even previous images.
Disabled AUTO_OWNER, set ENABLE_AUTH=0 on jicofo. Now jicofo uses jicofo.conf file instead of sip-communicator. this is generated at every restart.

She will redirected to close2.html

A related topic

Jitok: Jitsi token generator

Jitok folder on Github

These Prosody modules are moved to jitsi-contrib

2 Likes

How can we handle the reconnection of the room’s owner ?

If for some reason the owner disconnects (network problems), the module start to log:

token_owner_party info an owner leaved

and even after rejoining before the:

party_check_timeout = 30

after these 30 seconds the room get’s destroyed for both owner and guest

token_owner_party |info| a participant leaved
token_owner_party |info| timer, kick the occupant
token_owner_party |info| a participant leaved
token_owner_party |info| timer, kick the occupant

It works as expected in my side. If the owner can reconnect to the room in timeout secs, nobody is kicked.

Maybe there are some things different in your conf

I found that if i reconnect using a new token with the same room name, the lua module recognize the new login and reset the countdown, instead if the user reconnect using the same (already opened) meet page (after fixing the network problems), only the BOSH server gets notified about the new login and the lua module keep going with the countdown

mod_bosh info New BOSH session, assigned it sid “XXXX”

1 Like

This means that the reconnecting one is not recognized by prosody too and she is not actually in the room

My fault, at the first reconnect, the owner rejoined as a guest, this explain why the countdown was not resetted, just a F5 reload issue

after using the same old token:

token_owner_party info timer, an owner is here

1 Like

Version 6173 here. Using only Token Affiliation plugin with JWT enabled. I want to achieve a very simple behavior:

  • only users with a valid JWT can use my instance of Jitsi (my backend generates valid JWT tokens)
  • only affiliation==moderator can do “everything”
  • for every affiliation!=moderator, only cam,microphone and screen share are enabled

I have the dockerized version of Jitsi. What I’ve done so far:

  • added mod_token_affiliation.lua on my custom prosody mods
  • in .env added token_affiliation on muc_modules (since token_verification is enabled by default)
  • in .env added ENABLE_AUTO_OWNER=0

But as mentioned here or here every user is getting the moderator setting, regardless of my preferenes.

I was able to almost-achieve the desired behaviour doing the ENABLE_AUTH=0 trick, but it’s not working properly. In fact, I need to leave the ENABLE_AUTO_OWNER=1 to make it work. But this last setting will enable auto-owner, so when the “moderator” will leave the call (intentionally or due to an error), the “guest” will receive automatically moderator permissions: that is not a desired effect.

I double-checked what docker is doing internally. I went to the Jicofo container docker exec -it <container> /bin/bash and did cat config/jicofo.conf file. In case of ENABLE_AUTO_OWNER=1 there is a param inside conference{ }, and obviously there is not if set to 0. Same thing with ENABLE_AUTH=0 that does his job.

Also, there is no sip-communicator.properties file in my jitsi folders, since it was all moved to jicofo.conf (AFAIK).

I read about what is a moderator and I’m worried that every JWT-authenticated user is seen as “moderator”. Affiliation should work “above it”, but it’s not. And making the ENABLE_AUTO_OWNER=1 + ENABLE_AUTH=0 trick will make it almost-work, so the problem must be somewhere else.

I really don’t know what to do.

(post edited to clarify the problem and simplify reading)

Maybe I have a workaround fix, including updating and ENABLE_AUTH=0 trick:

  1. I downloaded the new version (6433)
  2. Checked all the 6173.env variables and then moved only those that are effectively present in 6443.env (not adding extra values or not strictly requested ones)
  3. Checked all the 6173 docker-compose and then moved to 6443 only those lines that I strictly need
  4. On the new 6443 .env file I added only:
    ENABLE_AUTH=1
    ENABLE_GUESTS=0
    AUTH_TYPE=jwt
    ENABLE_AV_MODERATION=1
    XMPP_MUC_MODULES=token_affiliation
    ...
    ENABLE_AUTO_OWNER=0
    ENABLE_AUTO_LOGIN=0
    JWT_ALLOW_EMPTY=0
    ENABLE_P2P=0
    LOG_LEVEL=debug
    
  5. In the new 6443 docker-compose I set jicofo:environment:- ENABLE_AUTH=0
  6. Checked my custom-config.js and removing config.enableFeaturesBasedOnToken = true
  7. Added my mod_token_affiliation.lua to the plugin folder
  8. Restart

Still, I don’t understand why Jicofo needs ENABLE_AUTH=0 to make the plugin work, but now it seems to work. I tried to apply this configuration also in the 6173 version, but it still keep not working properly.

2 Likes

@emrah I am using the affiliation plugin with jitsi ( following this instruction (emrah-tools/jitsi/installer/school at main · emrahcom/emrah-tools · GitHub ). I see if the student joins before the teacher, Students are getting redirected to autherror.html , How can I make them wait as shown below
image

@harish_kumar,

I have no solution for this. These are two different authentication systems

Thanks, @emrah, is it possible to create a custom Html file that waits until the room is created by the moderator/owner?

You can customize authError.html as you wish. Its path is

/usr/share/jitsi-meet/static/authError.html

@emrah Any suggestion on how we can get the room creation event ?

no idea