[SOLVED] How to create room with jwt in authentication token mode?


Anyone can help me to solve my problem? I want to config jitsi with JWT token to create or join room.
If user doesn’t use JWT to create room, will be appear login
Screen Shot 2020-06-23 at 12.49.05
But I’m stuck 3 days to config this.

there is my config

VirtualHost “meetstage.mydomain.com
– enabled = false – Remove this line to enable this host
app_id = “xxxx”; – application identifier
app_secret = “xxxx”; – application secret known only to your token
authentication = “token”
admins = {
– Properties below are modified by jitsi-meet-tokens package config
– and authentication above is switched to “token”
– Assign this host a certificate for TLS, otherwise it would use the one
– set in the global section (if any).
– Note that old-style SSL on port 5223 only supports one certificate, and will always
– use the global one.
ssl = {
key = “/var/lib/prosody/meet.mydomain.com.key”;
certificate = “/var/lib/prosody/meet.mydomain.com.crt”;
– we need bosh
conference_duration_component = “conference_duration.meetstage.mydomain.com”
modules_enabled = {
“ping”; – Enable mod_ping
c2s_require_encryption = false
Component “conference.meetstage.mydomain.com” “muc”
–storage = “none”
storage = “memory”
app_id = “xxxx”; – application identifier
app_secret = “xxxx”; – application secret known only to your token
modules_enabled = {

I using prosody
Prosody trunk nightly build 1222 (2020-01-28, a9c975a0f113)

If I try to create a room with jwt. I try to create jwt in jwt.io .


I got Authentication failed
Screen Shot 2020-06-23 at 12.28.06

How to fix the promblem Authentication failed?


Your jwt is not correct:

You had specified kid and RS256 but you had signed it with a shared secret not with a private key.

Hi @damencho

I was fix my jwt not correct. I use kid to generate token. But the token still failed. I got an error on prosody

Error verifying token err:not-allowed, reason:could not obtain public key

in my prosody config

app_id = "meetstage";
authentication = "token"
asap_key_server = "https://meetstage.mydomain.com/asap.pem";

If I open the link https://meetstage.mydomain.com/asap.pem, it wil be download file the public key. That expected?

What should I do to make the public key can be read on prosody?


Please, read the manual https://github.com/jitsi/lib-jitsi-meet/blob/master/doc/tokens.md first :slight_smile:
If you are using JWT with RS256, then your public key should be named as sha256(kid), ie. if your kid is rajapulau, then your public key should be named 0b791d646c355385f35d3b0b7f17d4838ebc44f6aa28e56a7abb99b2c99692b7.pem and in your asap_key_server should be URL, where it can be found, let’s say in your config it would be

asap_key_server = "https://meetstage.mydomain.com/";

When prosody is looking for public key it will try to download it from https://meetstage.mydomain.com/0b791d646c355385f35d3b0b7f17d4838ebc44f6aa28e56a7abb99b2c99692b7.pem

1 Like

Hi @nosmo

Thank you very much. It’s working now… This my first time using JWT RS256.

Thank you, you save my life about JWT in Jitsi