[SOLVED] How to create room with jwt in authentication token mode?

Hi I have integrated with JWT and it was running also properly but today when i entered into room i got message “Authentication failed”.When i checked the error log i found in prosody log i.e:-“General warn Error verifing token error not-allowed reason:not acceptable by exp”.Please help me regrading this.

exp is the expire time. Seems that the token is expired. Create a new one

Okay . Thank you.

@emrah
jwt token integration failed with this error

Oct 01 18:04:06 modulemanager error Error initializing module ‘token_verification’ on ‘conference.meet.raleaa.com’: /usr/lib/prosody/util/startup.lua:199: module ‘basexx’ not found:Failed loading module basexx in LuaRocks rock basexx 0.4.1-1
no field package.preload[‘basexx’]
no file ‘/usr/lib/prosody/basexx.lua’
no file ‘/usr/local/share/lua/5.2/basexx.lua’
no file ‘/usr/local/share/lua/5.2/basexx/init.lua’
no file ‘/usr/local/lib/lua/5.2/basexx.lua’
no file ‘/usr/local/lib/lua/5.2/basexx/init.lua’
no file ‘/usr/share/lua/5.2/basexx.lua’
no file ‘/usr/share/lua/5.2/basexx/init.lua’
no file ‘/var/lib/prosody/.luarocks/share/lua/5.2/basexx.lua’
no file ‘/var/lib/prosody/.luarocks/share/lua/5.2/basexx/init.lua’
no file ‘/usr/lib/prosody/basexx.so’
no file ‘/usr/local/lib/lua/5.2/basexx.so’
no file ‘/usr/lib/x86_64-linux-gnu/lua/5.2/basexx.so’
no file ‘/usr/lib/lua/5.2/basexx.so’
no file ‘/usr/local/lib/lua/5.2/loadall.so’
no file ‘/var/lib/prosody/.luarocks/lib/lua/5.2/basexx.so’
stack traceback:
[C]: in function ‘_real_require’
/usr/lib/prosody/util/startup.lua:199: in function ‘require’
/usr/share/jitsi-meet/prosody-plugins/token/util.lib.lua:4: in main chunk
(…tail calls…)
…re/jitsi-meet/prosody-plugins/mod_token_verification.lua:24: in main chunk
[C]: in function ‘xpcall’
/usr/lib/prosody/core/modulemanager.lua:183: in function ‘do_load_module’
/usr/lib/prosody/core/modulemanager.lua:261: in function ‘load’
/usr/lib/prosody/core/modulemanager.lua:83: in function ‘?’
/usr/lib/prosody/util/events.lua:79: in function </usr/lib/prosody/util/events.lua:75>
(…tail calls…)
/usr/lib/prosody/core/hostmanager.lua:108: in function ‘activate’
/usr/lib/prosody/core/hostmanager.lua:58: in function ‘?’
/usr/lib/prosody/util/events.lua:79: in function </usr/lib/prosody/util/events.lua:75>
(…tail calls…)
/usr/lib/prosody/util/startup.lua:391: in function ‘prepare_to_start’
/usr/lib/prosody/util/startup.lua:613: in function ‘f’
/usr/lib/prosody/util/async.lua:139: in function ‘func’
/usr/lib/prosody/util/async.lua:127: in function </usr/lib/prosody/util/async.lua:125>

Installation issue… Check this post if this is a Debian Buster server

@emrah

I have installed those plugin and restarted services, removed log files.

Getting same error, please check

prosody.log (11.2 KB)

Probably your luarocks is installing the libs for lua5.1 where you are running lua5.2, check my other replay to your post.

@damencho

Thank you, module issue resolved as per reference link.

Getting another error now

|Oct 01 20:04:23 focus.meet.raleaa.com:component|info|External component successfully authenticated|
|—|---|—|
|Oct 01 20:05:12 conference.meet.raleaa.com:muc_domain_mapper|warn|Session filters applied|
|Oct 01 20:05:12 mod_bosh|info|New BOSH session, assigned it sid ‘49220ae5-1615-495a-b13f-d3d1e3ee397b’|
|Oct 01 20:05:12 general|warn|Error verifying token err:not-allowed, reason:token required|
|Oct 01 20:07:17 mod_bosh|info|Client tried to use sid ‘49220ae5-1615-495a-b13f-d3d1e3ee397b’ which we don’t know about|
|Oct 01 20:08:02 conference.meet.raleaa.com:muc_domain_mapper|warn|Session filters applied|
|Oct 01 20:08:02 mod_bosh|info|New BOSH session, assigned it sid ‘4efccc43-57d9-41bc-81f3-0d9b314d6549’|
|Oct 01 20:08:02 general|warn|Error verifying token err:not-allowed, reason:token required|

Frontend console error:

How are you passing the token?

@damencho

jwt token format used like this

https://meet.raleaa.com/test?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb250ZXh0Ijp7InVzZXIiOnsibmFtZSI6InJhamVzaCIsImVtYWlsIjoicmFqZXNoQGV4YW1wbGUuY29tIiwiaWQiOiJhYmNkOmExYjJjMy1kNGU1ZjYtMGFiYzEtMjNkZS1hYmNkZWYwMWZlZGNiYSJ9fSwiYXVkIjoiaml0c2kiLCJpc3MiOiIxM0NGRSIsInN1YiI6Im1lZXQucmFsZWFhLmNvbSIsInJvb20iOiIqIiwiZXhwIjoxNTAwMDA2OTIzfQ.7LukVg9dIGYY_hzqfsrhUoeL2PB9mEkK2eXPJwGPaqw

@damencho

Refereeing this link

Any configuration i need to update for this.

Sharing Jicofo logo

Jicofo 2020-10-01 21:06:33.647 SEVERE: [362] org.jivesoftware.whack.ExternalComponentManager.error()

java.net.SocketException: Broken pipe (Write failed)

at java.net.SocketOutputStream.socketWrite0(Native Method)

at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:111)

at java.net.SocketOutputStream.write(SocketOutputStream.java:155)

at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)

at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291)

at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295)

at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141)

at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229)

at java.io.BufferedWriter.flush(BufferedWriter.java:254)

at org.dom4j.io.XMLWriter.flush(XMLWriter.java:272)

at org.jivesoftware.whack.ExternalComponent.send(ExternalComponent.java:371)

at org.jivesoftware.whack.ExternalComponentManager.sendPacket(ExternalComponentManager.java:269)

at org.xmpp.component.AbstractComponent.send(AbstractComponent.java:925)

at org.jitsi.xmpp.component.ComponentBase.access$400(ComponentBase.java:36)

at org.jitsi.xmpp.component.ComponentBase$PingTask.run(ComponentBase.java:577)

at java.util.TimerThread.mainLoop(Timer.java:555)

at java.util.TimerThread.run(Timer.java:505)

Jicofo 2020-10-01 21:06:38.658 SEVERE: [385] org.jitsi.xmpp.component.ComponentBase.log() Ping timeout for ID: kcxva-3241

Jicofo 2020-10-01 21:06:46.636 SEVERE: [380] org.jitsi.impl.protocol.xmpp.XmppProtocolProvider.log() XMPP reconnection failed: No response received within reply timeout. Timeout was 15000ms (~15s). While waiting for establishing TLS

Jicofo 2020-10-01 21:06:46.637 WARNING: [383] org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener() Connection XMPPTCPConnection[focus@auth.meet.raleaa.com/focus17169012708] (0) closed with error

java.io.EOFException: input contained no data

at org.xmlpull.mxp1.MXParser.fillBuf(MXParser.java:3003)

at org.xmlpull.mxp1.MXParser.more(MXParser.java:3046)

at org.xmlpull.mxp1.MXParser.parseProlog(MXParser.java:1410)

at org.xmlpull.mxp1.MXParser.nextImpl(MXParser.java:1395)

at org.xmlpull.mxp1.MXParser.next(MXParser.java:1093)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1248)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)

at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)

at java.lang.Thread.run(Thread.java:748)

Jicofo 2020-10-01 21:06:46.638 SEVERE: [383] org.jitsi.impl.protocol.xmpp.XmppProtocolProvider.log() XMPP connection closed on error: input contained no data

Jicofo 2020-10-01 21:06:47.637 INFO: [380] org.jitsi.impl.protocol.xmpp.XmppProtocolProvider.log() XMPP reconnecting in: 1

Jicofo 2020-10-01 21:06:48.637 INFO: [380] org.jitsi.impl.protocol.xmpp.XmppProtocolProvider.log() XMPP reconnecting in: 0

Jicofo 2020-10-01 21:06:48.637 INFO: [380] org.jitsi.impl.protocol.xmpp.XmppProtocolProvider.log() XMPP reconnecting in: 0

Jicofo 2020-10-01 21:06:48.765 INFO: [380] org.jitsi.jicofo.ProtocolProviderHandler.log() XmppProtocolProvider(focus@auth.meet.raleaa.com/focus17169012708 (Jabber)): RegistrationStateChangeEvent[ oldState=Unregistered; newState=RegistrationState=Registered; reasonCode=-1; reason=null]

Jicofo 2020-10-01 21:06:48.782 INFO: [380] org.jitsi.jicofo.xmpp.BaseBrewery.log() Joined brewery room: JvbBrewery@internal.auth.meet.raleaa.com

Jicofo 2020-10-01 21:06:48.783 INFO: [29] org.jitsi.jicofo.xmpp.BaseBrewery.log() Added brewery instance: jvbbrewery@internal.auth.meet.raleaa.com/740bb53e-3dc9-44a0-b766-0a310b5c8994

Jicofo 2020-10-01 21:06:48.783 INFO: [29] org.jitsi.jicofo.bridge.BridgeSelector.log() Added new videobridge: Bridge[jid=jvbbrewery@internal.auth.meet.raleaa.com/740bb53e-3dc9-44a0-b766-0a310b5c8994, relayId=null, region=null, stress=0.00]

Jicofo 2020-10-01 21:06:48.783 INFO: [29] org.jitsi.jicofo.bridge.JvbDoctor.log() Scheduled health-check task for: jvbbrewery@internal.auth.meet.raleaa.com/740bb53e-3dc9-44a0-b766-0a310b5c8994

Jicofo 2020-10-01 21:06:48.787 WARNING: [380] org.jitsi.impl.protocol.xmpp.OpSetSimpleCapsImpl.log() Failed to discover features for speakerstats.meet.raleaa.com: XMPP error reply received from speakerstats.meet.raleaa.com: XMPPError: service-unavailable - cancel

Jicofo 2020-10-01 21:06:48.788 WARNING: [380] org.jitsi.impl.protocol.xmpp.OpSetSimpleCapsImpl.log() Failed to discover features for conferenceduration.meet.raleaa.com: XMPP error reply received from conferenceduration.meet.raleaa.com: XMPPError: service-unavailable - cancel

Jicofo 2020-10-01 21:06:48.790 INFO: [380] org.jitsi.jicofo.ComponentsDiscovery.log() New component discovered: guest.meet.raleaa.com, Prosody(0.11.5,Linux)

Jicofo 2020-10-01 21:06:48.798 INFO: [380] org.jitsi.jicofo.ComponentsDiscovery.log() New component discovered: focus.meet.raleaa.com, null

Jicofo 2020-10-01 21:06:48.799 INFO: [380] org.jitsi.jicofo.ComponentsDiscovery.log() New component discovered: auth.meet.raleaa.com, Prosody(0.11.5,Linux)

Jicofo 2020-10-01 21:06:48.799 INFO: [380] org.jitsi.jicofo.JitsiMeetServices.log() Detected XMPP server version: Prosody(0.11.5,Linux)

Jicofo 2020-10-01 21:06:48.800 INFO: [380] org.jitsi.jicofo.ComponentsDiscovery.log() New component discovered: conference.meet.raleaa.com, null

Jicofo 2020-10-01 21:06:48.801 INFO: [380] org.jitsi.jicofo.ComponentsDiscovery.log() New component discovered: lobby.meet.raleaa.com, null

Jicofo 2020-10-01 21:06:48.801 INFO: [380] org.jitsi.jicofo.ComponentsDiscovery.log() Service rediscovery disabled

Jicofo 2020-10-01 21:06:48.801 INFO: [380] org.jitsi.jicofo.FocusManager.log() XMPP provider reg state: RegistrationState=Registered

Are you using nginx with default nginx config? Someone is dropping the jwt on the way.

Not sure, how can i verify.

@damencho

Thank you so much for your kind support.

Token now working perfectly.

@damencho @emrah

When configure token in live it is not working, please help me.

Prosody log

Oct 03 14:00:57 c2s5627830006d0 info Client disconnected: closed
Oct 03 14:01:01 conference.online.connectz.ca:muc_domain_mapper warn Session filters applied
Oct 03 14:01:01 c2s5627834c1650 info Client connected
Oct 03 14:01:02 conference.online.connectz.ca:muc_domain_mapper warn Session filters applied
Oct 03 14:01:02 c2s562783077a20 info Client connected
Oct 03 14:01:04 c2s562783077a20 info Stream encrypted (TLSv1.3 with TLS_AES_256_GCM_SHA384)
Oct 03 14:01:04 c2s562783077a20 info Authenticated as jvb@auth.online.connectz.ca
Oct 03 14:01:04 c2s5627834c1650 info Stream encrypted (TLSv1.3 with TLS_AES_256_GCM_SHA384)
Oct 03 14:01:05 c2s5627834c1650 info Authenticated as focus@auth.online.connectz.ca
Oct 03 14:01:05 focus.online.connectz.ca:component warn Component not connected, bouncing error for:
Oct 03 14:01:11 conference.online.connectz.ca:muc_domain_mapper warn Session filters applied
Oct 03 14:01:11 mod_bosh info New BOSH session, assigned it sid ‘3b4374fe-c9f8-4dae-b4f8-95191637fd5a’
Oct 03 14:01:11 bosh3b4374fe-c9f8-4dae-b4f8-95191637fd5a warn No available SASL mechanisms, verify that the configured authentication module is working
Oct 03 14:01:35 bosh3b4374fe-c9f8-4dae-b4f8-95191637fd5a info BOSH client disconnected

Browser Log

Logger.js:154 2020-10-03T14:09:03.791Z [modules/xmpp/strophe.util.js] <Object.r.Strophe.log>: Strophe: Server did not yet offer a supported authentication mechanism. Sending a blank poll request.

I have tried to integrate same in Live server , but it not working. Please help.

Prosody Log

Oct 02 21:46:52 boshfb0a9092-3ab7-4aab-81e7-d58cdf54fa0a info BOSH client disconnected
Oct 03 06:52:36 conference.:muc_domain_mapper warn Session filters applied
Oct 03 06:52:36 mod_bosh info New BOSH session, assigned it sid ‘5fa6f72f-507f-450a-b9ce-dac910256146’
Oct 03 06:52:36 bosh5fa6f72f-507f-450a-b9ce-dac910256146 warn No available SASL mechanisms, verify that the configured authentication module is working
Oct 03 06:53:27 c2s560fa8e8af10 info Client disconnected: closed
Oct 03 06:53:32 conference.:muc_domain_mapper warn Session filters applied
Oct 03 06:53:32 c2s560fa8f1d170 info Client connected
Oct 03 06:53:33 c2s560fa8f1d170 info Stream encrypted (TLSv1.3 with TLS_AES_256_GCM_SHA384)
Oct 03 06:53:33 c2s560fa8f1d170 info Authenticated as jvb@auth.

Browser console Log

2020-10-03T07:03:00.451Z [modules/xmpp/strophe.util.js] <Object.r.Strophe.log>: Strophe: Server did not yet offer a supported authentication mechanism. Sending a blank poll request.
o @ Logger.js:154
r.Strophe.log @ strophe.util.js:77
warn @ strophe.umd.js:1382
_no_auth_received @ strophe.umd.js:4823
_connect_cb @ strophe.umd.js:3245
_onRequestStateChange @ strophe.umd.js:5012
XMLHttpRequest.send (async)
d @ strophe.umd.js:5123
_processRequest @ strophe.umd.js:5137
_throttledRequestHandler @ strophe.umd.js:5290
_no_auth_received @ strophe.umd.js:4835
_connect_cb @ strophe.umd.js:3245
_onRequestStateChange @ strophe.umd.js:5012
XMLHttpRequest.send (async)
d @ strophe.umd.js:5123
_processRequest @ strophe.umd.js:5137
_throttledRequestHandler @ strophe.umd.js:5290
_no_auth_received @ strophe.umd.js:4835
_connect_cb @ strophe.umd.js:3245
_onRequestStateChange @ strophe.umd.js:5012
Logger.js:154 2020-10-03T07:04:00.732Z [modules/xmpp/strophe.util.js] <Object.r.Strophe.log>: Strophe: Server did not yet offer a supported authentication mechanism. Sending a blank poll request.

hi bro @rajapulau . i have same problem. how you can fix it? thank you for sharing

Hi,
I would like to know what format prosody is expecting coz I am getting same errror “JWT Error :could not obtain public key” while I am trying JWT based authentication. below are some importatnt prosody configurations in docker -

JWT_APP_ID=VC-auth

allow_empty_token = false

Application secret known only to your token generator

JWT_APP_SECRET=TJIzMMw8V3f5lCzqnWqR9fpBJ7fxu6Ka

// public key server
JWT_ASAP_KEYSERVER = http://localhost:8089/Appointment/

// keycloak server
JWT_ACCEPTED_ISSUERS=http://localhost:8585/realms/VC

JWT_AUTH_TYPE=token

JWT_TOKEN_AUTH_MODULE=token_verification

here is my debugged JWT from jwt.io -
header –
{
“alg”: “RS256”,
“typ”: “JWT”,
“kid”: “-QRFvY3DcgXqnMgJtBq6ynvh5G7gmbF4D4GIggT7GZg”
}

payload –
{
“exp”: 1659598174,
“iat”: 1659597874,
“auth_time”: 1659596828,
“jti”: “b88695a8-4c65-44e2-a77f-da214f8b78c6”,
“iss”: “http://localhost:8585/realms/VC”,
“aud”: “VC-auth”,
“sub”: “06d4016e-fc21-40ac-af84-c83dade84dff”,
“typ”: “Bearer”,
“azp”: “VC-auth”,
“nonce”: “07126d18-1240-4526-8cd5-be5dc6105e85”,
“session_state”: “35c4ec37-85d2-4404-90a6-0117ec6eb283”,
“acr”: “0”,
“allowed-origins”: [
https://127.0.0.1:8081
],
“realm_access”: {
“roles”: [
“Doctor”
]
},
“scope”: “openid email profile”,
“sid”: “35c4ec37-85d2-4404-90a6-0117ec6eb283”,
“email_verified”: true,
“nbf”: 0,
“context”: {
“user”: {
“moderator”: “true”,
“name”: “abhishek”,
“avatar”: “https://www.gravatar.com/avatar/72f52dea674e64c945298407f3f61886”,
“id”: “06d4016e-fc21-40ac-af84-c83dade84dff”,
“email”: “abhishek.vijayvargiya@gmail.com
}
},
“name”: “Abhishek Vijayvargiya”,
“preferred_username”: “abhishek”,
“given_name”: “Abhishek”,
“family_name”: “Vijayvargiya”,
“email”: “abhishek.vijayvargiya@gmail.com”,
“picture”: “https://www.gravatar.com/avatar/72f52dea674e64c945298407f3f61886”,
“room”: “*”
}

I am getting this result in postman while trying to get public key from keyserver -

I am not able to understand where I am doing it wrong.