Private WebConference Room Security with Limited Users


I have private lms app, I am planning to add jitsi meet to my LMS with the purpose that I can create “private room” and assign user as well as myself as a teacher inside the room.

I don’t want other people to join, nor they should be able to access my webconference room until unless there are verified from Server Side.

I see the API here - , but it doesn’t look like - I can apply restrictions to user based on API, also it is all JS so, you know, people can view from source or inspect element and share with other people to join with the password (if it is set).

Does jitsi meet my requirement as per above case?


1 Like

Hi and welcome.

You need to create your deployment and configure it to use jwt tokens. Then y our serverside app can generate tokens in which you can specify the room they are valid for.

JWT can not be trustable either - If people share their jwt token, there could be 1 token that being used by 100 of them.

That’s why tokens have expiration.

Any other alternative then JWT?

JWT tokens are not trustable sources - is there any server side password/token based redirect like BigBlueButton?

If you say so. Your server is signing the token with a private key and you are checking it using the public key, I don’t see that as something you cannot trust.

There is no per room validation, anybody that is authenticated can access all rooms.