Setup to use reservation system with tokens in docker

I am trying to set up my system so that:

  • There are no more than 5 (say) meetings at a time
  • Only users authorised (in an external program) may create meetings
  • Anyone can attend a meeting (I leave it up to the moderators to throw people off if they shouldn’t be there)

I am using the docker-compose image from https://github.com/jitsi/docker-jitsi-meet to start with.

I have altered the config files in ~/.jitsi-meet-cfg as follows:

prosody/conf.d/jitsi-meet.cfg.lua:

VirtualHost "meet.jitsi"
	authentication = "token"
	app_id = "BasecampGateway"
	app_secret = "401b09eab3c013d4ca54922bb802bec8fd5318192b0a75f201d8b3727429090fb337591abd3e44453b954555b7a0812e1081c39b740293f765eae731f5a65ed1"
	allow_empty_token = false
	ssl = {
		key = "/config/certs/meet.jitsi.key";
		certificate = "/config/certs/meet.jitsi.crt";
	}
	modules_enabled = {
		"bosh";
		"pubsub";
		"ping";
	}
	c2s_require_encryption = false

VirtualHost "guest.meet.jitsi"
	authentication = "token"
	app_id = "BasecampGateway"
	app_secret = "401b09eab3c013d4ca54922bb802bec8fd5318192b0a75f201d8b3727429090fb337591abd3e44453b954555b7a0812e1081c39b740293f765eae731f5a65ed1"
	allow_empty_token = true
	c2s_require_encryption = false

/jicofo/sip-communicator.properties:
org.jitsi.impl.reservation.rest.BASE_URL=http://192.168.1.6:8080

This is intended to give me toke auth and reservations at the same time.

My authorisation server redirects the user to http://xr.moorsbroadband.net:8000/test?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJCYXNlY2FtcEdhdGV3YXkiLCJyb29tIjoidGVzdCIsImV4cCI6MTU3MzEyNzMxOSwic3ViIjoibW9vcnNicm9hZGJhbmQubmV0IiwiYXVkIjoieHIubW9vcnNicm9hZGJhbmQubmV0IiwiY29udGV4dCI6eyJ1c2VyIjp7Im5hbWUiOiJOaWtraSBMb2NrZSIsImVtYWlsIjoibmlra2lAdGVzdC5jb20iLCJpZCI6Im5pa2tpIn19fQ.b-0Z6CLIEf7bjeqPaeFdMuux_ZjdRDiMtijKGgzQ2GM

The token contains:

iss=BasecampGateway
room=test
exp=1573127319
sub=moorsbroadband.net
aud=xr.moorsbroadband.net
context={
  "user": {
    "name": "Nikki Locke",
    "email": "nikki@test.com",
    "id": "nikki"
  }
}

The jitsi server then calls my reservation program with

name=test
mail_owner=ed1c2655-7a9f-4a3c-9ce4-42e9fef17e6a@meet.jitsi
start_time=2019-11-06T18:56:17.675Z
duration=-1

First question - why is the mail_owner not nikki@test.com?

The program returns

{"id":12345,"name":"test","mail_owner":"ed1c2655-7a9f-4a3c-9ce4-42e9fef17e6a@meet.jitsi","start_time":"2019-11-06T18:00:00.000Z","duration":3600}

The meeting is then open, with the correct credentials showing for the moderator, and other people can join.

I hope this may help someone else who may be trying to come up with the same kind of setup. I would be happy to supply sample C# code for the authorisation server, it it might be any help.

1 Like

I have no idea. Ping @Pawel_Domas (hoping you know why Jicofo is sending that value).