"Sorry, you are not allowed to be here" when join the meeting

When user joins the meeting, the page shows “Sorry, you are not allowed to be here”.

Upon investigation, we found that the problem is caused by the string match between the room name passed through the JWT and in the options field of JitsiMeetExternalAPI.

How does Jitsi compares the strings?

For example, if the room name passed through JWT is “how%20to%20be%20a%20doctor” and in options is “how to be a doctor”, then Jitsi would allow join (I assume Jitsi thinks it’s a match?). However, if the room name passed through in JWT is “how%20to%20be%20a%20doctor%3F” and in options is “how to be a doctor?”, then Jitsi won’t allow joinning.

Can someone advise how Jitsi is comparing the strings? What encoding?

The name of the room should not be percent encoded in the JWT.

I’m wondering if there’s more to you troubles that JWT matching names.

If I understand the nginx routing correctly, ? (along with /&:'") are not valid chars for rooms and it should not even reach prosody.

My understanding is:

  1. If you visit https://meet.domain.com/how%20to%20be%20a%20doctor%3F then it will not match any routes and you should end up with a 404. We can see with on meet.jit.so too – https://meet.jit.si/how%20to%20be%20a%20doctor%3F
  2. If you visit https://meet.domain.com/how to be a doctor? without manually encoding the URL, then the spaces are auto-encoded to %20 but the ? will be treated as the delimiter for querystrings and will not be treated as part of the path, hence prosody only sees “how%20to%20be%20a%20doctor” which is why it does not match your JWT token.

Does this match your observation?

The config looks like this, where the room name has a question mark.
window.onload = () => {
const domain = ‘8x8.vc’;
const options = {
roomName: “how to be a doctor?”,
parentNode: document.querySelector(‘#jaas-container’),

And in JWT, I turned off the regex match and passed in this:
“user”: {
“hidden-from-recorder”: false,
“moderator”: false,
“name”: “attendee”,
“id”: “auth0|63271d3f829906eec91820000”,
“avatar”: “”,
“email”: “…”,
“room”: {
“regex”: false
“room”: “how%20to%20be%20a%20doctor%3F”

And I get the error mentioned above.

Can you advise how to use special characters in room names in config and JWT?

I think the same limitations apply whether you load the URL directly or use the roomName option in IFrame API – ? is not a valid char for room names. Everything from ? onwards will be ignored if it is unescaped, or you get a 404 error if you use %3F.

I don’t think you’ll get very far with adding support for ? in room names since the XMPP protocol explicitly disallows it – XEP-0029: Definition of Jabber Identifiers (JIDs)

If your goal is to show a nicer subject in the meeting, you can actually set a meeting subject that is different from your room name. Since you’re using IFrame API, this is easily done using the localSubject command to set it locally for each participant, or set it globally using subject (with limitation that it can only be run by a moderator user).

Here’s a quick demo: JSFiddle

Thanks Shawn. I’m setting the subject field instead.