I am trying to set up my system so that:
- There are no more than 5 (say) meetings at a time
- Only users authorised (in an external program) may create meetings
- Anyone can attend a meeting (I leave it up to the moderators to throw people off if they shouldn’t be there)
I am using the docker-compose image from https://github.com/jitsi/docker-jitsi-meet to start with.
I have altered the config files in ~/.jitsi-meet-cfg as follows:
prosody/conf.d/jitsi-meet.cfg.lua:
VirtualHost "meet.jitsi"
authentication = "token"
app_id = "BasecampGateway"
app_secret = "401b09eab3c013d4ca54922bb802bec8fd5318192b0a75f201d8b3727429090fb337591abd3e44453b954555b7a0812e1081c39b740293f765eae731f5a65ed1"
allow_empty_token = false
ssl = {
key = "/config/certs/meet.jitsi.key";
certificate = "/config/certs/meet.jitsi.crt";
}
modules_enabled = {
"bosh";
"pubsub";
"ping";
}
c2s_require_encryption = false
VirtualHost "guest.meet.jitsi"
authentication = "token"
app_id = "BasecampGateway"
app_secret = "401b09eab3c013d4ca54922bb802bec8fd5318192b0a75f201d8b3727429090fb337591abd3e44453b954555b7a0812e1081c39b740293f765eae731f5a65ed1"
allow_empty_token = true
c2s_require_encryption = false
/jicofo/sip-communicator.properties:
org.jitsi.impl.reservation.rest.BASE_URL=http://192.168.1.6:8080
This is intended to give me toke auth and reservations at the same time.
My authorisation server redirects the user to http://xr.moorsbroadband.net:8000/test?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJCYXNlY2FtcEdhdGV3YXkiLCJyb29tIjoidGVzdCIsImV4cCI6MTU3MzEyNzMxOSwic3ViIjoibW9vcnNicm9hZGJhbmQubmV0IiwiYXVkIjoieHIubW9vcnNicm9hZGJhbmQubmV0IiwiY29udGV4dCI6eyJ1c2VyIjp7Im5hbWUiOiJOaWtraSBMb2NrZSIsImVtYWlsIjoibmlra2lAdGVzdC5jb20iLCJpZCI6Im5pa2tpIn19fQ.b-0Z6CLIEf7bjeqPaeFdMuux_ZjdRDiMtijKGgzQ2GM
The token contains:
iss=BasecampGateway
room=test
exp=1573127319
sub=moorsbroadband.net
aud=xr.moorsbroadband.net
context={
"user": {
"name": "Nikki Locke",
"email": "nikki@test.com",
"id": "nikki"
}
}
The jitsi server then calls my reservation program with
name=test
mail_owner=ed1c2655-7a9f-4a3c-9ce4-42e9fef17e6a@meet.jitsi
start_time=2019-11-06T18:56:17.675Z
duration=-1
First question - why is the mail_owner not nikki@test.com?
The program returns
{"id":12345,"name":"test","mail_owner":"ed1c2655-7a9f-4a3c-9ce4-42e9fef17e6a@meet.jitsi","start_time":"2019-11-06T18:00:00.000Z","duration":3600}
The meeting is then open, with the correct credentials showing for the moderator, and other people can join.
I hope this may help someone else who may be trying to come up with the same kind of setup. I would be happy to supply sample C# code for the authorisation server, it it might be any help.