Session.auth_token is null

module:hook(“muc-occupant-pre-join”, function (event)
local session = event.origin;
local token = session.auth_token; – Here the token is nil
– I would like to do some extra check with the token other than luajwtjitsi provides.

end);

The other thread about using token with lobby room didn’t give me any clue. Is it because the token only brought in after join the room ?

What version of prosody do you use and are you using websockets or bosh? You have on that host enabled authentication token?

prosody/unknown,now 0.11.7-1~bionic4 amd64 [installed]

I’m using BOSH

/var/log/prosody/prosody.log
info	BOSH client disconnected: session close

and in the host configuration, authentication is enabled.

VirtualHost "mydomain.com"
authentication = "token"
...

Component "conference.mydomain.com" "muc"
modules_enabled = {
    "muc_meeting_id";
    "muc_domain_mapper";
    "token_verification";
    "muc_mycustom"; <---
}

Trying to write a mod_muc_mycustom.lua to check session.auth_token.

Hum … that is strange … Here is where the token is checked … https://github.com/jitsi/jitsi-meet/blob/99ac60ed741b4bdd811660b41b4ec2b7df358433/resources/prosody-plugins/mod_auth_token.lua#L90 you can check is that code hit … So you can debug it, also turning in debug logs also helps

use debug log to check and i might have found the first the event got fired is from focus@auth.mydomain.com which should be passed it through. Am i correct ?

/var/log/prosody.log

http.server     debug   Firing event: POST /http-bind
token_verification        debug Session token: nil, session room: nil
Will verify token for user: focus@auth.mydomain.com....(cut)
...    
muc_mycustom        debug   session.auth_token is nil <=== actually from focus@auth.mydomain.com so pass it through or ignore it..
token_verification	debug	pre join: MUC room ...
token_verification        debug   Session token: ewogICJ0eXAiOiAiS...(cut)
muc_mycustom        debug   session.auth_token got token = ewogICJ0eXAiOiAiS...(cut) <=== got token here is the actual user session.

yep