[Solved]! Secure Room Token Authentication Failed!


#1

I have used this setting in prosody for the token:

and generated token using this:

I am getting Authentication Failed:

Why it is showing Authentication Failed? I’ve cross checked the config n values.


#2

To get more details, open Chrome’s ‘Network’ tab and try looking on the requests going to /http-bind. There should be the exact error message


#3

I would not able to find much except a response

Blockquote sid=‘5e066785-eaff-48a2-a949-b09b6655f245’ xmlns:stream=‘http://etherx.jabber.org/streams’ xmlns=‘http://jabber.org/protocol/httpbind’> <failure xmlns=‘urn:ietf:params:xml:ns:xmpp-sasl’ … token required</text</failure…


#4

That’s something.

How do you pass the token to jitsi-meet ?


Secure Rooms and Authentication
#5

exactly like this:

Jitsi-meet options

In order to start jitsi-meet conference with token you need to specify the token as URL param:

https://example.com/angrywhalesgrowhigh?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6Ikpva

#6

wait…

what’s the username and password to enter the room?

where can I find the values?


Secure Rooms and Authentication
#7

@Pawel_Domas Room has not been created yet. To create and enter the room I followed the procedure to paste the token in url


#8

JWT: token required the same issue I am facing. Using Bionic and tried prosody trunk 747 860 1074…


#9

Do you see the token passed in the request to /http-bind (looking at the Network tab) ? Maybe there’s a bug


#10

Yes. I have seen…token is passing there. @Pawel_Domas


#11

Also if I copy bosh http bind in url it shows “It works! …”


#12

The “It works!..” only shows that the bosh socket is accessible


#13

There’s problem with token not being read correctly on the Prosody side. Just like in the other issue you have referenced above. The first thing that comes to mind is wrong Prosody version.


#14

Yes…absolutely @Pawel_Domas…I confirmed with @damencho that jitsi using prosody 747 trusty …and that’s why I have downgrade the prosody trunk from 1074 bionic to 747 trusty. But still I am facing the same issue.

In network there are twice the instance when /http-bind hits:

  1. <stream:features xmlns='jabber:client'<c ver='qs0yPGRW0SldhLZWoUAL1LdDQ+0=' hash='sha-1' node='http://prosody.im' xmlns='http://jabber.org/protocol/caps'/<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'<mechanismANONYMOUS</mechanism</mechanisms</stream:features</body
  2. I already posted above TOKEN error.
    But now showing “Invalid signature” …I know why it is


#15

Can you tell me what is this used for and what have to do with these 2?

Do i need to put “secret” : " " in payload in this case?


#16

I’m trying this now and also getting the “token required” error response. I’ll let you know if I find what’s wrong


#18

So after downgrading to prosody-trunk_1nightly747-1~trusty_amd64.deb it started working for me.

About your last screenshot - yes, you need to specify the secret there, but without secret base64 encoded.


#19

oooh k …now I have changed and put secret in the input box and unchecked the secret base64 …
token is now
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb250ZXh0Ijp7InVzZXIiOnsiYXZhdGFyIjoiIiwibmFtZSI6InVzZXIgbmFtZSIsImVtYWlsIjoiY29udGFjdEB5b2dkaWFnbm9zdGljcy5jb20iLCJpZCI6InlkLTEyMzQtYWJjZCIsInNlY3JldCI6Imtvb2xpZDEyMyJ9fSwiYXVkIjoiKiIsImlzcyI6InlkLTEyMzQtYWJjZCIsInN1YiI6InRlbGVjb25mLnlvZ2RpYWdub3N0aWNzLmNvbSIsInJvb20iOiJhYmNkIiwiZXhwIjoxNTUyNjAwMDk5fQ.r46Zzw-uvZivuTVwIfWML6cDjwDbFmnmsFP8ZI4ggMw


#20

You don’t put the secret in your payload, but in that input you’ve marked with an arrow


#22

Finally Resolved by downgrading to 747 trusty and unchecked the base64 encode + putting the secret in the input field finally worked.

Also I mentioned the room name…Now i iwll try with “*”

Thank You @Pawel_Domas :slight_smile: