[SOLVED] How to create room with jwt in authentication token mode?

Hi,

Anyone can help me to solve my problem? I want to config jitsi with JWT token to create or join room.
If user doesn’t use JWT to create room, will be appear login
Screen Shot 2020-06-23 at 12.49.05
But I’m stuck 3 days to config this.

there is my config

VirtualHost “meetstage.mydomain.com
– enabled = false – Remove this line to enable this host
app_id = “xxxx”; – application identifier
app_secret = “xxxx”; – application secret known only to your token
authentication = “token”
admins = {
videobridge2.meetstage.mydomain.com
}
– Properties below are modified by jitsi-meet-tokens package config
– and authentication above is switched to “token”
–app_id=“example_app_id”
–app_secret=“example_app_secret”
– Assign this host a certificate for TLS, otherwise it would use the one
– set in the global section (if any).
– Note that old-style SSL on port 5223 only supports one certificate, and will always
– use the global one.
ssl = {
key = “/var/lib/prosody/meet.mydomain.com.key”;
certificate = “/var/lib/prosody/meet.mydomain.com.crt”;
}
– we need bosh
conference_duration_component = “conference_duration.meetstage.mydomain.com”
modules_enabled = {
“bosh”;
“pubsub”;
“muc_size”;
“presence_identity”;
“admin_telnet”;
“conference_duration”;
“ping”; – Enable mod_ping
}
c2s_require_encryption = false
Component “conference.meetstage.mydomain.com” “muc”
–storage = “none”
storage = “memory”
app_id = “xxxx”; – application identifier
app_secret = “xxxx”; – application secret known only to your token
modules_enabled = {
“token_verification”;
“muc_size”;
}

I using prosody
Prosody trunk nightly build 1222 (2020-01-28, a9c975a0f113)

If I try to create a room with jwt. I try to create jwt in jwt.io .

https://meetstage.mydomain.com/budianak?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJraWQiOiJqaXRzaVwvY3VzdG9tX2tleV9uYW1lIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJjb250ZXh0Ijp7InVzZXIiOnsibmFtZSI6IkN1c3RvbWVyIEdhbmphciIsImF2YXRhciI6Imh0dHBzOlwvXC9tLm1lZGlhLWFtYXpvbi5jb21cL2ltYWdlc1wvTVwvTVY1Qk5tTTFObVk0TjJRdE5tVmtPUzAwTWpNeUxXSTVaR1V0WVdZeE1EUmpZMk16TkRkaVhrRXlYa0ZxY0dkZVFYVnlNVEF3TURBd01BQEAuX1YxX1VZMjY4X0NSNDMsMCwxODIsMjY4X0FMXy5qcGciLCJlbWFpbCI6bnVsbH19fQ.Vse12b5OEiU8wAissrc-XMYIMyzvjbeGBujfjguFOwc

I got Authentication failed
Screen Shot 2020-06-23 at 12.28.06

How to fix the promblem Authentication failed?

Regards

Your jwt is not correct:

You had specified kid and RS256 but you had signed it with a shared secret not with a private key.

Hi @damencho

I was fix my jwt not correct. I use kid to generate token. But the token still failed. I got an error on prosody

Error verifying token err:not-allowed, reason:could not obtain public key

in my prosody config

app_id = "meetstage";
authentication = "token"
asap_key_server = "https://meetstage.mydomain.com/asap.pem";

If I open the link https://meetstage.mydomain.com/asap.pem, it wil be download file the public key. That expected?

What should I do to make the public key can be read on prosody?

Regards

Please, read the manual https://github.com/jitsi/lib-jitsi-meet/blob/master/doc/tokens.md first :slight_smile:
If you are using JWT with RS256, then your public key should be named as sha256(kid), ie. if your kid is rajapulau, then your public key should be named 0b791d646c355385f35d3b0b7f17d4838ebc44f6aa28e56a7abb99b2c99692b7.pem and in your asap_key_server should be URL, where it can be found, let’s say in your config it would be

asap_key_server = "https://meetstage.mydomain.com/";

When prosody is looking for public key it will try to download it from https://meetstage.mydomain.com/0b791d646c355385f35d3b0b7f17d4838ebc44f6aa28e56a7abb99b2c99692b7.pem

1 Like

Hi @nosmo

Thank you very much. It’s working now… This my first time using JWT RS256.

Thank you, you save my life about JWT in Jitsi