[SOLVED] How to create room with jwt in authentication token mode?

Hi,

Anyone can help me to solve my problem? I want to config jitsi with JWT token to create or join room.
If user doesn’t use JWT to create room, will be appear login
Screen Shot 2020-06-23 at 12.49.05
But I’m stuck 3 days to config this.

there is my config

VirtualHost “meetstage.mydomain.com
– enabled = false – Remove this line to enable this host
app_id = “xxxx”; – application identifier
app_secret = “xxxx”; – application secret known only to your token
authentication = “token”
admins = {
videobridge2.meetstage.mydomain.com
}
– Properties below are modified by jitsi-meet-tokens package config
– and authentication above is switched to “token”
–app_id=“example_app_id”
–app_secret=“example_app_secret”
– Assign this host a certificate for TLS, otherwise it would use the one
– set in the global section (if any).
– Note that old-style SSL on port 5223 only supports one certificate, and will always
– use the global one.
ssl = {
key = “/var/lib/prosody/meet.mydomain.com.key”;
certificate = “/var/lib/prosody/meet.mydomain.com.crt”;
}
– we need bosh
conference_duration_component = “conference_duration.meetstage.mydomain.com”
modules_enabled = {
“bosh”;
“pubsub”;
“muc_size”;
“presence_identity”;
“admin_telnet”;
“conference_duration”;
“ping”; – Enable mod_ping
}
c2s_require_encryption = false
Component “conference.meetstage.mydomain.com” “muc”
–storage = “none”
storage = “memory”
app_id = “xxxx”; – application identifier
app_secret = “xxxx”; – application secret known only to your token
modules_enabled = {
“token_verification”;
“muc_size”;
}

I using prosody
Prosody trunk nightly build 1222 (2020-01-28, a9c975a0f113)

If I try to create a room with jwt. I try to create jwt in jwt.io .

https://meetstage.mydomain.com/budianak?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJraWQiOiJqaXRzaVwvY3VzdG9tX2tleV9uYW1lIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJjb250ZXh0Ijp7InVzZXIiOnsibmFtZSI6IkN1c3RvbWVyIEdhbmphciIsImF2YXRhciI6Imh0dHBzOlwvXC9tLm1lZGlhLWFtYXpvbi5jb21cL2ltYWdlc1wvTVwvTVY1Qk5tTTFObVk0TjJRdE5tVmtPUzAwTWpNeUxXSTVaR1V0WVdZeE1EUmpZMk16TkRkaVhrRXlYa0ZxY0dkZVFYVnlNVEF3TURBd01BQEAuX1YxX1VZMjY4X0NSNDMsMCwxODIsMjY4X0FMXy5qcGciLCJlbWFpbCI6bnVsbH19fQ.Vse12b5OEiU8wAissrc-XMYIMyzvjbeGBujfjguFOwc

I got Authentication failed
Screen Shot 2020-06-23 at 12.28.06

How to fix the promblem Authentication failed?

Regards

Your jwt is not correct:

You had specified kid and RS256 but you had signed it with a shared secret not with a private key.

Hi @damencho

I was fix my jwt not correct. I use kid to generate token. But the token still failed. I got an error on prosody

Error verifying token err:not-allowed, reason:could not obtain public key

in my prosody config

app_id = "meetstage";
authentication = "token"
asap_key_server = "https://meetstage.mydomain.com/asap.pem";

If I open the link https://meetstage.mydomain.com/asap.pem, it wil be download file the public key. That expected?

What should I do to make the public key can be read on prosody?

Regards

Please, read the manual https://github.com/jitsi/lib-jitsi-meet/blob/master/doc/tokens.md first :slight_smile:
If you are using JWT with RS256, then your public key should be named as sha256(kid), ie. if your kid is rajapulau, then your public key should be named 0b791d646c355385f35d3b0b7f17d4838ebc44f6aa28e56a7abb99b2c99692b7.pem and in your asap_key_server should be URL, where it can be found, let’s say in your config it would be

asap_key_server = "https://meetstage.mydomain.com/";

When prosody is looking for public key it will try to download it from https://meetstage.mydomain.com/0b791d646c355385f35d3b0b7f17d4838ebc44f6aa28e56a7abb99b2c99692b7.pem

1 Like

Hi @nosmo

Thank you very much. It’s working now… This my first time using JWT RS256.

Thank you, you save my life about JWT in Jitsi

Hi @nosmo, I have tried the same thing but I am getting an error saying Error verifying token err:not-allowed, reason:could not obtain public key

root@1e3a5126532e:/# curl -i https://mydomain/publickey/22e20dd7e707d4ac2185335225496d59fde5b8445fa0817d904e2389471bec3f.pem
HTTP/2 200 
server: nginx/1.18.0 (Ubuntu)
date: Mon, 27 Jul 2020 12:19:28 GMT
content-type: text/html; charset=utf-8
content-length: 360
x-powered-by: Express
etag: W/"168-ZXCAFNhQfw4pHo5DeWiebJIOwaw"

MIIBCgKCAQEAtjEX+kvOIyWFouO2X7avsurz+/9srEg47U/Jtq5iAGeSl7wldtOBVp2gPOoe89KRRHz4wfvy470km9kr7+EEbTMgKnNoHN1oIyZMelxQoDSw7xmpfymSE//svfd72Jrw37jweM+KXGmtMp4h3BI2oZEHrw+cNVvy1fAGmjbolBQRtQFQvS2aIfAbQyYHaI4of+qNc8cRf4N311F5vZieuYrjCdd3R65r+SpJPyKaiIaPy+zXHEIznfXWrB5U/BGKWODFvZLHgnmy6/7OcmgbC01F1tSm+/r+/uc9m+BtNdu0GhU2hfCSURwa26+Ty/vwW80Y9Mm6bt/ajq6TAC/R0QIDAQAB

Do we need to send any response headers or does the response need to in any special format?

Full stack trace

|prosody_1  | runnervx_ZCRGf                                               debug|creating new coroutine|
|---|---|
|prosody_1  | bosh37c696b6-c2c7-400c-bf7d-cabc3d848180                     debug|Received[c2s_unauthed]: <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='ANONYMOUS'>|
|prosody_1  | meet.jitsi:auth_token                                        debug|Cache miss for key: HZyCHLJzbP97PpaEhh5r0qDWOQWle7gDtHk2wR-4K6o|
|prosody_1  | meet.jitsi:auth_token                                        debug|Fetching public key from: https://mydomain/publickey/22e20dd7e707d4ac2185335225496d59fde5b8445fa0817d904e2389471bec3f.pem|
|prosody_1  | http                                                         debug|Making HTTPS GET request '55f7835ea880' to https://mydomain/publickey/22e20dd7e707d4ac2185335225496d59fde5b8445fa0817d904e2389471bec3f.pem|
|prosody_1  | net.connect                                                  debug|[pending connection -x6zd-oS] Starting connection process|
|prosody_1  | net.connect                                                  debug|[pending connection -x6zd-oS] Checking for targets...|
|prosody_1  | adns                                                         debug|Records for evacloud.io not in cache, sending query (thread: 0x55f7835d5c00)...|
|prosody_1  | server_epoll                                                 debug|Watching FD 15 (dns, 53, 0.0.0.0, 0)|
|prosody_1  | adns                                                         debug|Sending DNS query to 127.0.0.11|
|prosody_1  | adns                                                         debug|Records for evacloud.io not in cache, sending query (thread: 0x55f783264e30)...|
|prosody_1  | adns                                                         debug|Sending DNS query to 127.0.0.11|
|prosody_1  | runnervx_ZCRGf                                               debug|changed state from ready to waiting|
|prosody_1  | mod_bosh                                                     debug|Session 37c696b6-c2c7-400c-bf7d-cabc3d848180 has 1 out of 1 requests open|
|prosody_1  | mod_bosh                                                     debug|and there are 0 things in the send_buffer:|
|prosody_1  | mod_bosh                                                     debug|Have nothing to say, so leaving request unanswered for now|
|prosody_1  | adns                                                         debug|Reply for evacloud.io (thread: 0x55f783264e30)|
|prosody_1  | server_epoll                                                 debug|Close FD 15 (dns, 53, 0.0.0.0, 0) now|
|prosody_1  | server_epoll                                                 debug|Unwatched FD 15 (dns, 53, 0.0.0.0, 0)|
|prosody_1  | adns                                                         debug|Reply for evacloud.io (thread: 0x55f7835d5c00)|
|prosody_1  | net.connect                                                  debug|[pending connection -x6zd-oS] Next target to try is 101.54.164.140:443|
|prosody_1  | server_epoll                                                 debug|Watching FD 15 (192.168.48.3, 37324)|
|prosody_1  | server_epoll                                                 debug|Prepare to start TLS on FD 15 (192.168.48.3, 37324)|
|prosody_1  | server_epoll                                                 debug|Start TLS on FD 15 (192.168.48.3, 37324) now|
|prosody_1  | server_epoll                                                 debug|Unwatched FD 15 (192.168.48.3, 37324)|
|prosody_1  | server_epoll                                                 debug|Watching FD 15 (192.168.48.3, 37324)|
|prosody_1  | server_epoll                                                 debug|TLS handshake on FD 15 (192.168.48.3, 37324) to wait until readable|
|prosody_1  | server_epoll                                                 debug|TLS handshake on FD 15 (192.168.48.3, 37324) complete|
|prosody_1  | net.connect                                                  debug|[pending connection -x6zd-oS] Connection attempt failed: closed|
|prosody_1  | net.connect                                                  debug|[pending connection -x6zd-oS] Checking for targets...|
|prosody_1  | net.connect                                                  debug|[pending connection -x6zd-oS] No more connection targets to try|
|prosody_1  | general                                                      warn|Error verifying token err:not-allowed, reason:could not obtain public key|
|prosody_1  | meet.jitsi:saslauth                                          debug|sasl reply: <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-allowed/><text>could not obtain public key</text></failure>|
|prosody_1  | mod_bosh                                                     debug|We have an open request, so sending on that|
|prosody_1  | mod_bosh                                                     debug|Request destroyed: table: 0x55f7835544b0|
|prosody_1  | bosh37c696b6-c2c7-400c-bf7d-cabc3d848180                     debug|BOSH session marked as inactive (for 60s)|
|prosody_1  | server_epoll                                                 debug|Close FD 14 (192.168.48.2, 34206, 192.168.48.3, 5280) after writing|
|prosody_1  | runnervx_ZCRGf                                               debug|changed state from waiting to ready|
|prosody_1  | server_epoll                                                 debug|Unwatched FD 15 (192.168.48.3, 37324)|

What could be the issue?

@dyapasrikanth What is your value of asap_key_server in prosody config file?
I checked that your public key is available (visible from internet, usually not a good thing), so it is probably just some misconfiguration on prosody side. If i can guess, your asap_key_server value doesn’t contain “…/publickey” which is present in your URI example.

I am using docker version of jitsi, of course at the end it is getting the key-value in prosody configuration like asap_key_server=https://mydomain/publickey.

I don’t think there is an issue with configuration but server responding on http/2 protocol. Does it matter ?? or anything else ??

I even tried with local IP address public key and I went into a weird issue. Thinking issue might be like I am accessing prosody & web with https but trying to get the public key on http. I am just guessing it. Thats the reason I am trying to access it from public domain (for now). Then I got actual issue like no public key found.

http/2 is irrelevant here… what version of jitsi-meet and especially prosody are you using? In one of prosody versions i found a strange bug which is now fixed…

I would exec into docker container and try curl you asap server with verbose output to see how does it behave with https (it shouldn’t be a problem, but usually certificates are missing in image) and if there are no errors…

if you can reach asap server via http (is that what you mean by public?) but can’t get certificates, i would check web server logs and see what is the problem here, probably configuration mismatch with uri and file location on server.

@dyapasrikanth check also your prosody logs…
for JWT authentication with public key is failing i posted some hint in that issue, maybe it will also resolve this problem…

Thank you @nosmo, now I am getting issue like

prosody_1  | server_epoll                                                 debug	New connection FD 14 (172.19.0.2, 36472, 172.19.0.3, 5280)
prosody_1  | server_epoll                                                 debug	Watching FD 14 (172.19.0.2, 36472, 172.19.0.3, 5280)
prosody_1  | http.server                                                  debug	Firing event: POST /http-bind
prosody_1  | mod_bosh                                                     debug	Handling new request table: 0x557730227ce0: <body rid="2674918031" sid="f94d6ea9-b5f8-46bc-83b3-cc760a61d2e6" xmlns="http://jabber.org/protocol/httpbind"><auth mechanism="ANONYMOUS" xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/></body>
prosody_1  | ----------
prosody_1  | mod_bosh                                                     debug	BOSH body open (sid: f94d6ea9-b5f8-46bc-83b3-cc760a61d2e6)
prosody_1  | boshf94d6ea9-b5f8-46bc-83b3-cc760a61d2e6                     debug	rid: 2674918031, sess: 2674918030, diff: 1
prosody_1  | mod_bosh                                                     debug	BOSH stanza received: <auth mechanism='ANONYMOUS' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
prosody_1  | 
prosody_1  | runnerA8QRkI_l                                               debug	creating new coroutine
prosody_1  | boshf94d6ea9-b5f8-46bc-83b3-cc760a61d2e6                     debug	Received[c2s_unauthed]: <auth mechanism='ANONYMOUS' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
prosody_1  | meet.jitsi:auth_token                                        debug	Cache hit for key: HZyCHLJzbP97PpaEhh5r0qDWOQWle7gDtHk2wR-4K6o
prosody_1  | general                                                      warn	Error verifying token err:not-allowed, reason:Not a public PEM key
prosody_1  | meet.jitsi:saslauth                                          debug	sasl reply: <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-allowed/><text>Not a public PEM key</text></failure>
prosody_1  | mod_bosh                                                     debug	We have an open request, so sending on that
prosody_1  | mod_bosh                                                     debug	Request destroyed: table: 0x55772fa682c0
prosody_1  | boshf94d6ea9-b5f8-46bc-83b3-cc760a61d2e6                     debug	BOSH session marked as inactive (for 60s)
prosody_1  | server_epoll                                                 debug	Close FD 14 (172.19.0.2, 36472, 172.19.0.3, 5280) after writing
prosody_1  | mod_bosh                                                     debug	Session f94d6ea9-b5f8-46bc-83b3-cc760a61d2e6 has 0 out of 1 requests open

The source code throwing this error.

My pem key looks like this.

-----BEGIN PUBLIC KEY-----
MIIBCgKCAQEAtjEX+kvOIyWFouO2X7avsurz+/9srEg47U/Jtq5iAGeSl7wldtOB
Vp2gPOoe89KRRHz4wfvy470km9kr7+EEbTMgKnNoHN1oIyZMelxQoDSw7xmpfymS
E//svfd72Jrw37jweM+KXGmtMp4h3BI2oZEHrw+cNVvy1fAGmjbolBQRtQFQvS2a
IfAbQyYHaI4of+qNc8cRf4N311F5vZieuYrjCdd3R65r+SpJPyKaiIaPy+zXHEIz
nfXWrB5U/BGKWODFvZLHgnmy6/7OcmgbC01F1tSm+/r+/uc9m+BtNdu0GhU2hfCS
URwa26+Ty/vwW80Y9Mm6bt/ajq6TAC/R0QIDAQAB
-----END PUBLIC KEY-----

Is anything wrong in my public key format ??

Never mind, looks like there is an issue with my public key.
its working after trying with different one.

Hi @damencho, I have setup JWT in jitsi, authentication page is coming, but when I am giving the JWT token it is showing authentication failed. I am generating JWT token using below details. Please help to get it working. Thanks in advance.

HEADER:ALGORITHM & TOKEN TYPE

{
“alg”: “HS256”,
“typ”: “JWT”
}
PAYLOAD:DATA

{
“aud”: “jitsi”,
“iss”: “20D55”, — this is app_id
“sub”: “172.20.7.224”,
“room”: “*”
}
VERIFY SIGNATURE

HMACSHA256(
base64UrlEncode(header) + “.” +
base64UrlEncode(payload),

806A9461C03ED8379FE02B8CC26B846F ----this is app_secret

)

Your sub is wrong, check the docs again. Try with *

“sub”:“172.20.7.224” because I do not have any domain so I am using the IP. My URL is https://172.20.7.224/NotableAuthorsEmbodySternly?jwt=mytoken.

In prosody log I am getting below error.
Error verifying token err:not-allowed, reason:Invalid signature

In browser console I am getting below error.
Logger.js:154 2020-09-12T15:08:55.241Z [connection.js] <a.o>: CONNECTION FAILED: connection.passwordRequired
o @ Logger.js:154
o @ connection.js:170
a.emit @ events.js:157
connectionHandler @ xmpp.js:359
_stropheConnectionCb @ XmppConnection.js:255
_changeConnectStatus @ strophe.umd.js:3011
_sasl_failure_cb @ strophe.umd.js:3740
run @ strophe.umd.js:1875
(anonymous) @ strophe.umd.js:3157
forEachChild @ strophe.umd.js:830
_dataRecv @ strophe.umd.js:3146
_onRequestStateChange @ strophe.umd.js:5012
XMLHttpRequest.send (async)
d @ strophe.umd.js:5123
_processRequest @ strophe.umd.js:5137
_throttledRequestHandler @ strophe.umd.js:5290
_onIdle @ strophe.umd.js:4901
_onIdle @ strophe.umd.js:3881
(anonymous) @ strophe.umd.js:5257
setTimeout (async)
_send @ strophe.umd.js:5256
send @ strophe.umd.js:2583
_attemptSASLAuth @ strophe.umd.js:3364
authenticate @ strophe.umd.js:3319
_connect_cb @ strophe.umd.js:3271
_onRequestStateChange @ strophe.umd.js:5012
XMLHttpRequest.send (async)
d @ strophe.umd.js:5123
_processRequest @ strophe.umd.js:5137
_throttledRequestHandler @ strophe.umd.js:5290
_connect @ strophe.umd.js:4586
connect @ strophe.umd.js:2368
_interceptConnectArgs @ strophe.stream-management.js:224
connect @ XmppConnection.js:223
_connect @ xmpp.js:401
connect @ xmpp.js:473
c.connect @ JitsiConnection.js:61
e @ connection.js:47
(anonymous) @ connection.js:182
d @ connection.js:107
h @ connection.js:212
K @ conference.js:189
createInitialLocalTracksAndConnect @ conference.js:637
init @ conference.js:775
async function (async)
init @ conference.js:756
(anonymous) @ actions.web.js:31
Promise.then (async)
(anonymous) @ actions.web.js:30
(anonymous) @ index.js:11
(anonymous) @ middleware.js:29
(anonymous) @ middleware.js:32
(anonymous) @ middleware.js:23
(anonymous) @ middleware.web.js:33
(anonymous) @ middleware.any.js:22
(anonymous) @ middleware.js:67
(anonymous) @ middleware.js:43
(anonymous) @ middleware.js:61
(anonymous) @ middleware.js:78
(anonymous) @ middleware.js:71
(anonymous) @ middleware.js:77
(anonymous) @ middleware.js:39
(anonymous) @ middleware.js:106
(anonymous) @ middleware.js:37
(anonymous) @ middleware.js:31
(anonymous) @ middleware.web.js:24
(anonymous) @ middleware.any.js:93
(anonymous) @ middleware.js:77
(anonymous) @ middleware.web.js:21
(anonymous) @ middleware.js:44
(anonymous) @ middleware.js:25
(anonymous) @ middleware.js:16
(anonymous) @ middleware.js:21
(anonymous) @ middleware.js:23
(anonymous) @ middleware.js:21
(anonymous) @ middleware.js:111
(anonymous) @ middleware.js:16
(anonymous) @ middleware.js:33
(anonymous) @ middleware.js:178
(anonymous) @ middleware.js:24
(anonymous) @ middleware.js:24
(anonymous) @ middleware.js:23
(anonymous) @ middleware.web.js:20
(anonymous) @ middleware.js:42
(anonymous) @ middleware.js:139
(anonymous) @ middleware.js:21
(anonymous) @ middleware.js:60
(anonymous) @ middleware.js:43
(anonymous) @ middleware.js:49
(anonymous) @ middleware.js:28
(anonymous) @ middleware.js:12
(anonymous) @ middleware.js:41
(anonymous) @ middleware.js:30
(anonymous) @ middleware.js:104
(anonymous) @ middleware.js:106
(anonymous) @ middleware.js:19
(anonymous) @ middleware.js:29
(anonymous) @ middleware.js:64
(anonymous) @ middleware.js:24
(anonymous) @ middleware.js:20
(anonymous) @ middleware.js:15
(anonymous) @ middleware.js:23
(anonymous) @ middleware.js:20
(anonymous) @ middleware.js:25
(anonymous) @ middleware.js:74
(anonymous) @ middleware.js:40
(anonymous) @ middleware.js:157
_start @ Conference.js:256
componentDidMount @ Conference.js:134
js @ react-dom.production.min.js:238
t.unstable_runWithPriority @ scheduler.production.min.js:20
pa @ react-dom.production.min.js:113
Es @ react-dom.production.min.js:230
ms @ react-dom.production.min.js:206
(anonymous) @ react-dom.production.min.js:114
t.unstable_runWithPriority @ scheduler.production.min.js:20
pa @ react-dom.production.min.js:113
ba @ react-dom.production.min.js:114
ga @ react-dom.production.min.js:113
ds @ react-dom.production.min.js:204
enqueueSetState @ react-dom.production.min.js:127
_.setState @ react.production.min.js:13
(anonymous) @ BaseApp.js:241
_navigate @ BaseApp.js:240
(anonymous) @ middleware.js:149
Promise.then (async)
(anonymous) @ middleware.js:149
(anonymous) @ middleware.js:169
(anonymous) @ middleware.js:26
(anonymous) @ middleware.js:32
(anonymous) @ middleware.js:23
(anonymous) @ middleware.web.js:33
(anonymous) @ middleware.any.js:22
(anonymous) @ middleware.js:67
(anonymous) @ middleware.js:43
(anonymous) @ middleware.js:61
(anonymous) @ middleware.js:78
(anonymous) @ middleware.js:71
(anonymous) @ middleware.js:77
(anonymous) @ middleware.js:147
(anonymous) @ middleware.js:35
(anonymous) @ middleware.js:106
(anonymous) @ middleware.js:37
(anonymous) @ middleware.js:31
(anonymous) @ middleware.web.js:24
(anonymous) @ middleware.any.js:93
(anonymous) @ middleware.js:77
(anonymous) @ middleware.web.js:21
(anonymous) @ middleware.js:44
(anonymous) @ middleware.js:25
(anonymous) @ middleware.js:16
(anonymous) @ middleware.js:21
(anonymous) @ middleware.js:23
(anonymous) @ middleware.js:21
(anonymous) @ middleware.js:111
(anonymous) @ middleware.js:16
(anonymous) @ middleware.js:33
(anonymous) @ middleware.js:178
(anonymous) @ middleware.js:24
(anonymous) @ middleware.js:24
(anonymous) @ middleware.js:23
(anonymous) @ middleware.web.js:20
(anonymous) @ middleware.js:42
(anonymous) @ middleware.js:139
(anonymous) @ middleware.js:21
(anonymous) @ middleware.js:232
(anonymous) @ middleware.js:45
(anonymous) @ middleware.js:43
(anonymous) @ middleware.js:49
(anonymous) @ middleware.js:28
(anonymous) @ middleware.js:12
(anonymous) @ middleware.js:41
(anonymous) @ middleware.js:30
(anonymous) @ middleware.js:513
(anonymous) @ middleware.js:97
(anonymous) @ middleware.js:96
(anonymous) @ middleware.js:19
(anonymous) @ middleware.js:29
(anonymous) @ middleware.js:64
(anonymous) @ middleware.js:24
(anonymous) @ middleware.js:20
(anonymous) @ middleware.js:15
(anonymous) @ middleware.js:23
(anonymous) @ middleware.js:20
(anonymous) @ middleware.js:25
(anonymous) @ middleware.js:74
(anonymous) @ middleware.js:40
(anonymous) @ middleware.js:157
dispatch @ redux.js:636
(anonymous) @ actions.js:136
async function (async)
(anonymous) @ actions.js:109
(anonymous) @ index.js:11
(anonymous) @ middleware.js:29
(anonymous) @ middleware.js:32
(anonymous) @ middleware.js:23
(anonymous) @ middleware.web.js:33
(anonymous) @ middleware.any.js:22
(anonymous) @ middleware.js:67
(anonymous) @ middleware.js:43
(anonymous) @ middleware.js:61
(anonymous) @ middleware.js:78
(anonymous) @ middleware.js:71
(anonymous) @ middleware.js:77
(anonymous) @ middleware.js:39
(anonymous) @ middleware.js:106
(anonymous) @ middleware.js:37
(anonymous) @ middleware.js:31
(anonymous) @ middleware.web.js:24
(anonymous) @ middleware.any.js:93
(anonymous) @ middleware.js:77
(anonymous) @ middleware.web.js:21
(anonymous) @ middleware.js:44
(anonymous) @ middleware.js:25
(anonymous) @ middleware.js:16
(anonymous) @ middleware.js:21
(anonymous) @ middleware.js:23
(anonymous) @ middleware.js:21
(anonymous) @ middleware.js:111
(anonymous) @ middleware.js:16
(anonymous) @ middleware.js:33
(anonymous) @ middleware.js:178
(anonymous) @ middleware.js:24
(anonymous) @ middleware.js:24
(anonymous) @ middleware.js:23
(anonymous) @ middleware.web.js:20
(anonymous) @ middleware.js:42
(anonymous) @ middleware.js:139
(anonymous) @ middleware.js:21
(anonymous) @ middleware.js:60
(anonymous) @ middleware.js:43
(anonymous) @ middleware.js:49
(anonymous) @ middleware.js:28
(anonymous) @ middleware.js:12
(anonymous) @ middleware.js:41
(anonymous) @ middleware.js:30
(anonymous) @ middleware.js:104
(anonymous) @ middleware.js:106
(anonymous) @ middleware.js:19
(anonymous) @ middleware.js:29
(anonymous) @ middleware.js:64
(anonymous) @ middleware.js:24
(anonymous) @ middleware.js:20
(anonymous) @ middleware.js:15
(anonymous) @ middleware.js:23
(anonymous) @ middleware.js:20
(anonymous) @ middleware.js:25
(anonymous) @ middleware.js:74
(anonymous) @ middleware.js:40
(anonymous) @ middleware.js:157
_openURL @ AbstractApp.js:113
(anonymous) @ AbstractApp.js:47
Promise.then (async)
componentDidMount @ AbstractApp.js:44
js @ react-dom.production.min.js:238
t.unstable_runWithPriority @ scheduler.production.min.js:20
pa @ react-dom.production.min.js:113
Es @ react-dom.production.min.js:230
ds @ react-dom.production.min.js:204
Vs @ react-dom.production.min.js:263
Ws @ react-dom.production.min.js:263
(anonymous) @ react-dom.production.min.js:272
ys @ react-dom.production.min.js:208
el @ react-dom.production.min.js:272
render @ react-dom.production.min.js:273
us.renderEntryPoint @ index.web.js:71
(anonymous) @ NotableAuthorsEmbodySternly?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJqaXRzaSIsImlzcyI6IjIwRDU1Iiwic3ViIjoiMTcyLjIwLjcuMjI0Iiwicm9vbSI6IioifQ.tdeAR1JwEDzDmWResIyG4SiZCsre6vu1X9h15FXzwcE:18
Show 202 more frames
Logger.js:154 2020-09-12T15:08:55.278Z [features/base/connection] connection.passwordRequired

Yep. The error is that the signing is not correct. Prosody cannot validate the token

Then how to resolve this, please let me know if there is anything wrong in token generation. As I told you I do not have any domain so I am using IP in the URL as well as in the sub.

Also I have done the set up using https://github.com/christiancuri/Docs/blob/master/Jitsi%20Meet%20Installation.md document. Please guide me to solve this.

How do you create your jwt token, what is the prosody settings dor the token?

I have created the the token using https://www.jsonwebtoken.io/ this website.
Also please refer below the prosody settings for token.
Prosody version:0.11.6

/etc/prosody/conf.avail/172.20.7.224.cfg.lua

plugin_paths = { “/usr/share/jitsi-meet/prosody-plugins/” }

asap_accepted_issuers = { “jitsi”, “some-other-issuer” }
asap_accepted_audiences = { “jitsi”, “some-other-audience” }

VirtualHost “172.20.7.224”
– enabled = false – Remove this line to enable this host
authentication = “token”
– Properties below are modified by jitsi-meet-tokens package config
– and authentication above is switched to “token”
app_id=“20D55”
app_secret=“806A9461C03ED8379FE02B8CC26B846F”
allow_empty_token = false;
modules_enabled = {
“bosh”;
“pubsub”;
“ping”; – Enable mod_ping
“speakerstats”;
“turncredentials”;
“conference_duration”;
“muc_lobby_rooms”;
“presence_identity”;
– other modules…
“conversejs”;
}
c2s_require_encryption = false

Component “conference.172.20.7.224” “muc”
storage = “memory”
modules_enabled = {
“muc_meeting_id”;
“muc_domain_mapper”;
“token_verification”;
}
admins = { “focus@auth.172.20.7.224” }
muc_room_locking = false
muc_room_default_public_jids = true

VirtualHost “guest.172.20.7.224”
authentication = “token”;
app_id = “20D55”;
app_secret = “806A9461C03ED8379FE02B8CC26B846F”;
c2s_require_encryption = true;
allow_empty_token = true;

Not sure … Something around signing …