Question on JWT token for all partitipants but only 1 moderator

I have setup and successfully implemented JWT token authentication.
Currently I am exploring on using JWT token authentication for all participants.
However, I noticed as long as using JWT token, the participant automatically becomes the moderator.
Participant-A using JWT token, room created, Participant-A is moderator now.
Participant-B joined the room without token, Participant-B is non-moderator and normal user.
Participant-C joined the room with JWT token, Participant-C is moderator also.

May I know how to configure so that only specific participant is moderator (from above example who is Participant-C is the moderator), while other participant is just normal user ?

In order to force all user using JWT token, I configure domain with authentication = "token" and other necessary config which I able to force everyone to present token, but how to make so that not everyone is moderator ?

You can use the token_moderation plugin or token_affiliation plugin to set in the JWT whether the participant should have the moderator role.


wow !
many thanks for your quick suggestion, let me take a look.

I am using your plugin, token_affiliation
But still not working, still everyone who using token is still moderator.
I change the log level to info and monitor the log and see that log are correct.

Jul 05 19:11:35 c2s55ffe63c3df0 info    Authenticated as
Jul 05 19:11:38  info    skip affiliation,
Jul 05 19:11:38  info    affiliation: member
Jul 05 19:12:09 c2s55ffe635f0f0 info    Client connected
Jul 05 19:12:09 c2s55ffe635f0f0 info    Authenticated as
Jul 05 19:12:11  info    affiliation: member

In my jicofo.conf, I have already disable auto owner.

jicofo {
  conference: {
    enable-auto-owner: false
  xmpp: {
    client: {
      client-proxy: ""
    trusted-domains: [ "" ]
  bridge: {
    brewery-jid: ""

My JWT Token

  "aud": "jitsi",
  "context": {
    "user": {
      "name": "Test",
      "affiliation": "member"
  "iss": "jitsi",
  "nbf": 1640966400,
  "exp": 4102415999,
  "room": "test",
  "sub": "*"

May I know what else am I missing here ?

Maybe you enabled the external JWT authentication for jicofo.

Is there a sip file in /etc/jitsi/jicofo/?

1 Like

my only has this line

You can delete this file and restart the services.

1 Like

Tested ok now, if you dont mind, could you please explain for my understanding why ?

When the external authentication is enabled for jicofo, it overwrites the affilliation set by prosody. You don’t need it.

And maybe, the external JWT auth will be deleted in the future

1 Like