Token Authentication with restricted admin


So I started out implementing a secure domain as this meant an admin with a username and password was the only person that could start a conference. I then implemented Token authentication. How do I restrict the starting of a conference to specific users? At the moment anyone joining with a valid token becomes admin. I’d like to restrict this so that anyone with a valid token can join (specific) room, but only named users can administer and start the conference in the room.


My intention is to embed rooms on another website, so I wonder if I can use the external API to achieve some of this?


Yes, you can use the API to embed conference experience on another website. Currently, there is no option to control who is the moderator in a meeting, it is the first one to join or all in case of jwt. In case of the secure domain, only the authenticated users that create the room are moderators.


Thanks Damian.

I want to use the token as I my user are logged on to the (closed community) website, and I can pre-populate there details into the room from their website profile.

If I embed the conference for certain users with configOverwrite & interfaceConfigOverwrite over-rides (eg muting them when they join if they are not ‘admins’) but different ones for other users (eg, not muting audio for ‘admins’) will Jitsi apply the overrides of the first user to all subsequent users, or will each be applied individually?


You can use in configOverwrite:

    startWithAudioMuted: true,
    startWithVideoMuted: true,

These are per session so admins will go with false values and user with true.


This is awesome! Is there a way to disable shortcuts? So I can remove the video and audio buttons (for some rooms I want ‘users’ to just view webcast style). Unfortunately they can still press ‘m’ or ‘v’ to unmute video or audio. Also how is there a way to stop the ‘Moderator rights granted’ pop up?

Here’s my user api code (in case anyone wants to do something similar):

	var domain = "";
	var options = {
		roomName: "JitsiMeetAPIExample",
		width: "80%",
		height: "80%",
		parentNode: document.querySelector('#meet'),
		jwt: "<jwt_token>",
		noSsl: false,
		configOverwrite: {
			fileRecordingsEnabled: false,
			liveStreamingEnabled: false,
			startWithAudioMuted: true,
			startWithVideoMuted: true
		interfaceConfigOverwrite: {
				'fullscreen', 'hangup', 'chat', 'videoquality', 'filmstrip', 'feedback', 'stats'
			SETTINGS_SECTIONS: [ 'devices', 'language' ]
	var api = new JitsiMeetExternalAPI(domain, options);


There is no option to stop notifications, or shortcuts.
There is one special mode we use for jibri (recordings and streamings), you can try it whether it works for your case set iAmRecorder: true in your configOverwrite and see whether that works for you. I see that for iAmRecorder we hide the notifications, but mind that more stuff can be hidden :slight_smile: