Not allowed in rooms after upgrade to 7577

Hi.
After upgrading to 7577 I can’t get into any rooms in Jitsi any more, I just get “You are not allowed to be here!”. Everything works fine when rolling back to 7439. I’m using jtw token authentication. In the Prosody container log I get this:

prosody_1 | muc.meet.jitsi:token_verification error Token eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjb250ZXh0Ijp7InVzZXIiOnsiaWQiOiJyZWRhY3RlZCIsImVtYWlsIjoicmVkYWN0ZWQiLCJhZmZpbGlhdGlvbiI6bnVsbCwibmFtZSI6IkRhbmllbCBNYWxtZ3JlbiIsImF2YXRhciI6bnVsbH0sImdyb3VwIjpudWxsfSwiYXVkIjoiaml0c2kiLCJpc3MiOiJqaXRzaSIsInN1YiI6ImppdHNpX3Rlc3RfYXBwX2lkIiwicm9vbSI6IioiLCJpYXQiOjE2NjAxMzEyNzEsImV4cCI6MTY2MDIxNzY3MX0.JGaMHRalHIrLxoFdMA6FONwJXqYwv2k1bwKmZeaHMpg not allowed to join: whatever@muc.meet.jitsi/5a792dc6

(I redacted my id and mail in the jwt above, but other than that it’s intact. It contains the correct aud, iss and sub and rooms is set to *)

Your sub is wrong:
From lib-jitsi-meet/tokens.md at master · jitsi/lib-jitsi-meet · GitHub

'sub' contains EITHER the lowercase name of the tenant (for a conference like TENANT1/ROOM with would be 'tenant1') OR the lowercase name of the domain used when authenticating with this token (for a conference like /ROOM). By default assuming that we have full MUC 'conference1@muc.server.net' then 'server.net' should be used here. Alternately, a '*' may be provided, allowing access to rooms in all tenants within the domain or all domains within the server.

You’re quite correct, why didn’t I see that. It worked in 7439, guess the check for correct sub must have been fixed in 7577. Thanks!