Setup to use reservation system with tokens in docker

Nikki_Locke · November 7, 2019, 2:02pm

I am trying to set up my system so that:

There are no more than 5 (say) meetings at a time
Only users authorised (in an external program) may create meetings
Anyone can attend a meeting (I leave it up to the moderators to throw people off if they shouldn’t be there)

I am using the docker-compose image from https://github.com/jitsi/docker-jitsi-meet to start with.

I have altered the config files in ~/.jitsi-meet-cfg as follows:

prosody/conf.d/jitsi-meet.cfg.lua:

VirtualHost "meet.jitsi"
	authentication = "token"
	app_id = "BasecampGateway"
	app_secret = "401b09eab3c013d4ca54922bb802bec8fd5318192b0a75f201d8b3727429090fb337591abd3e44453b954555b7a0812e1081c39b740293f765eae731f5a65ed1"
	allow_empty_token = false
	ssl = {
		key = "/config/certs/meet.jitsi.key";
		certificate = "/config/certs/meet.jitsi.crt";
	}
	modules_enabled = {
		"bosh";
		"pubsub";
		"ping";
	}
	c2s_require_encryption = false

VirtualHost "guest.meet.jitsi"
	authentication = "token"
	app_id = "BasecampGateway"
	app_secret = "401b09eab3c013d4ca54922bb802bec8fd5318192b0a75f201d8b3727429090fb337591abd3e44453b954555b7a0812e1081c39b740293f765eae731f5a65ed1"
	allow_empty_token = true
	c2s_require_encryption = false

/jicofo/sip-communicator.properties:
org.jitsi.impl.reservation.rest.BASE_URL=http://192.168.1.6:8080

This is intended to give me toke auth and reservations at the same time.

My authorisation server redirects the user to http://xr.moorsbroadband.net:8000/test?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJCYXNlY2FtcEdhdGV3YXkiLCJyb29tIjoidGVzdCIsImV4cCI6MTU3MzEyNzMxOSwic3ViIjoibW9vcnNicm9hZGJhbmQubmV0IiwiYXVkIjoieHIubW9vcnNicm9hZGJhbmQubmV0IiwiY29udGV4dCI6eyJ1c2VyIjp7Im5hbWUiOiJOaWtraSBMb2NrZSIsImVtYWlsIjoibmlra2lAdGVzdC5jb20iLCJpZCI6Im5pa2tpIn19fQ.b-0Z6CLIEf7bjeqPaeFdMuux_ZjdRDiMtijKGgzQ2GM

The token contains:

iss=BasecampGateway
room=test
exp=1573127319
sub=moorsbroadband.net
aud=xr.moorsbroadband.net
context={
  "user": {
    "name": "Nikki Locke",
    "email": "nikki@test.com",
    "id": "nikki"
  }
}

The jitsi server then calls my reservation program with

name=test
mail_owner=ed1c2655-7a9f-4a3c-9ce4-42e9fef17e6a@meet.jitsi
start_time=2019-11-06T18:56:17.675Z
duration=-1

First question - why is the mail_owner not nikki@test.com?

The program returns

{"id":12345,"name":"test","mail_owner":"ed1c2655-7a9f-4a3c-9ce4-42e9fef17e6a@meet.jitsi","start_time":"2019-11-06T18:00:00.000Z","duration":3600}

The meeting is then open, with the correct credentials showing for the moderator, and other people can join.

I hope this may help someone else who may be trying to come up with the same kind of setup. I would be happy to supply sample C# code for the authorisation server, it it might be any help.

saghul · November 8, 2019, 10:05am

I have no idea. Ping @Pawel_Domas (hoping you know why Jicofo is sending that value).

Kumar_Kk · May 3, 2020, 9:19am

could you please help with sample authorisation server code…iam looking for similar solution.

Johan_Lundqvist · May 8, 2020, 1:44pm

I have the same issue with mail_owner being set to an UUID@meet.jitsi, and not the e-mail provided in JWT. Nor do it use the ID set in JWT payload. In the doc https://github.com/jitsi/lib-jitsi-meet/blob/master/doc/tokens.md#payload it says that both “email” and “id” are valid, but where do they go?
Since the reservation system don’t recieve some email-address/ID/UUID that connects the user with the conference, it rejects it. Is this a bug, or am I missing something?