Roles with JWT

Hi.
I’ve installed jitsi docker and i’m running it with JWT.
I’ve read somewhere that everyone that enters in a room successfully (with a token) are moderators. Is that true?
Can i change this, on the jwt itself or with any Prosody modules?
I just want the role “moderator” for whom creates the room and the rest are “participants”.

Thank you very much.

I believe the default behaviour in a self-hosted jitsi setup is that the first person who joins will be moderator.

A JWT-authenticated user does not automatically get moderator rights unless you’ve installed a prosody module to make it so.

If is the default behaviour, am i doing something wrong?

For prosody modules i just installed ‘mod_turncredentials’ & ‘mod_time_restricted’, the others installed are default.
I have ENABLE_AUTH = 1, AUTH_TYPE=jwt, ENABLE_GUESTS=0

Everyone who can enter a room is a moderators per default.

You may have enabled muc_allowners

In fact i have mod_muc_allowners.lua but it is not enabled.

Sorry, are you saying that i must enable the muc_allowners or that i enabled the module?

Thanks.

I’m saying that you must disable muc_allowners

hmm ok. i don’t have it enabled.

Sorry, but i continue with the same problem. I don’t have that module enabled and it happens everytime user enters
2021-08-19T08:11:54.207Z [conference.js] <a.>: My role changed, new role: moderator

Like i said before i have :
ENABLE_AUTH = 1, AUTH_TYPE=jwt, ENABLE_GUESTS=0, JWT_ALLOW_EMPTY=0,ENABLE_LOBBY=0
ENABLE_WELCOME_PAGE=0

and JWT_TOKEN_AUTH_MODULE is “token_verification”

And for testing i’m using the same browser for 3 users with the same token.

Thank you

Jicofo grant moderator role to all the authenticated user (JWT logined user).

You may try token affiliation plugin by @emrah . This plugin grant moderator role based JWT payload.

Note: Token affiliation plugin breaks Wait for the host to arrive dialog.

This is wrong. “Wait for the host to arrive” is not for JWT authentication and it doesn’t work when JWT authentication is enabled. Not related with token affiliation module…

To be precise,
Documentation in that token affiliation instruct to remove/comment line org.jitsi.jicofo.auth.URL=

If you remove that line, you don’t get Wait for the host dialog in the Jitsi meet instance.

Wait for the host dialog is shown to the non-authenticated users when they create/join a room without the authenticated user in the room. This is only happening when u enable guest access to your Jitsi meet instance.

If you mean to define a virtualhost block for guests in prosody conf, this part is not for JWT authentication. It’s for secure domain setup (internal_hash etc). Guest access is controlled using allow_empty_token when JWT is enabled.

It’s possible to get strange results when mixing different authentication mechanisms but it’s not recommended

I have defined virtual host block for guests and assigned true to allow_empty_token under main virtual host block.