Token authentication working with prosody 747 but not with latest version. Ubuntu 18.04

I presume there must be some benefit to using latest prosody? I can’t get token auth working with it. 747 version works fine. Here are my install steps if anyone can give me some pointers:
Even tried today with the JVB2 stable packages, same problem. Presume I’m missing a config change that is required by latest prosody. Nothing in error logs, just get this in the prosody.log:

Mar 28 04:05:35 general warn Error verifying token err:not-allowed, reason:token required

https://pastebin.com/LGN8nVfn stable jitsi (with JVB2), 747 nightly prosody, works!
https://pastebin.com/eTSnENqJ stable jitsi (with JVB2), latest nightly prosody, does not authenticate.

JWT needs Prosody > 0.11 or 747

Check your Prosody version with
dpkg -s prosody | grep Version

Why do you use latest prosody trunk, but not 0.11 stable?
https://prosody.im/download/package_repository

And always install prosody before installing jitsi-meet, there are updates we do on the config when installing. Actually you are installing token package after prosody at least that should work, check this: https://github.com/jitsi/jitsi-meet/blob/master/debian/jitsi-meet-tokens.postinst#L77

Not sure what goes wrong, but install first prosody 0.11, then configure the rest required by token then install jitsi-meet, check it works. Then install token and see whether it works.
We are using prosody 0.11 and token in production and it works.

Thanks for your help Damian. Working now.
Problem was the jitsi_meet_token postinst script was not doing anything as the search for --plugin_paths failed as it was already commented in and I was not aware of the required change:

sed -i ‘s/module:hook/module:hook_global/g’ /usr/share/jitsi-meet/prosody-plugins/mod_auth_token.lua

Still requires install of libssl_1.0-dev prior to luarocks install luacrypto, and had to do a source change to lua-cjson to avoid compilation error, changing lua_objlen to lua_rawlen.
Details here if it helps anyone: https://pastebin.com/eTSnENqJ

3 Likes

Hi @laurence,
Thanks for your extensive guide, unfortunately I still can’t get prosody to start correctly after executing the steps. prosody.log:
modulemanager error Error initializing module 'token_verification' on 'xxx': /usr/lib/prosody/util/startup.lua:199: module 'luajwtjitsi' not found:Failed loading module luajwtjitsi in LuaRocks rock luajwtjitsi 1.3-7
no field package.preload['luajwtjitsi'] no file '/usr/lib/prosody/luajwtjitsi.lua' no file '/usr/local/share/lua/5.2/luajwtjitsi.lua' no file '/usr/local/share/lua/5.2/luajwtjitsi/init.lua' no file '/usr/local/lib/lua/5.2/luajwtjitsi.lua' no file '/usr/local/lib/lua/5.2/luajwtjitsi/init.lua' no file '/usr/share/lua/5.2/luajwtjitsi.lua' no file '/usr/share/lua/5.2/luajwtjitsi/init.lua' no file '/var/lib/prosody/.luarocks/share/lua/5.2/luajwtjitsi.lua' no file '/var/lib/prosody/.luarocks/share/lua/5.2/luajwtjitsi/init.lua' no file '/usr/lib/prosody/luajwtjitsi.so' no file '/usr/local/lib/lua/5.2/luajwtjitsi.so' no file '/usr/lib/x86_64-linux-gnu/lua/5.2/luajwtjitsi.so' no file '/usr/lib/lua/5.2/luajwtjitsi.so' no file '/usr/local/lib/lua/5.2/loadall.so' no file '/var/lib/prosody/.luarocks/lib/lua/5.2/luajwtjitsi.so'

The lua modules are installed in /usr/local/share/lua/5.1
$:/usr/local/share/lua/5.1# ls:
basexx.lua cjson json2lua.lua lua2json.lua luajwtjitsi_1_3_7-luajwtjitsi.lua luajwtjitsi.lua

I need to install lua5.1 to get the luajwtjitsi, luacrypto and basexx modules to install correctly, otherwise I get errors as
Missing dependencies for lbase64 20120820-1:
lua ~> 5.1 (5.2-1 provided by VM)
Which lua versions are installed on your working prosody 11 setup?

Managed to fix my ‘lua5.2 luajwtjitsi not found issue’ by removing lua5.2
apt-get purge lua5.2
Then repeating the steps to compile lua_cjson.c with lua_rawlen, but keeping the Makefile as is without /usr/include/lua5.2 include

Next I installed jitsi-meet-tokens again
apt purge jitsi-meet-tokens
apt install jitsi-meet-tokens

Then I fetched the latest mod_auth_token from https://github.com/jitsi/jitsi-meet/blob/master/resources/prosody-plugins/mod_auth_token.lua and overwrite /usr/share/jitsi-meet/prosody-plugins/mod_auth_token.lua (probably needed because a ran the sed -i 's/module:hook/module:hook_global/g' /usr/share/jitsi-meet/prosody-plugins/mod_auth_token.lua too many times).
And finally restart all services (prosody, jisti-videobridge2, jicofo) and token authorization works again :slight_smile:

Hey, can you please share config of prosody and jitsi meet. Also installed versions as well. I want to compare what I have my end.

Cheers

I’ve made no changed to the default configs at all, besides described as the default changes for getting jitsi meet tokens to work; Patching Prosody https://github.com/jitsi/lib-jitsi-meet/blob/master/doc/tokens.md#patching-prosody
Lua v5.1, Prosody trunk nightly build 1263, jitsi-meet 2.0.4468-1, videobridge 2.1-183-gdbddd169-1, jicofo 1.0-549-1

I created the following doc to install Jitsi Meet (with new JVB2) and Jitsi-meet-tokens in ubuntu 18.04, it’s working perfectly

Jitsi Installation Doc

1 Like

Thank you!

Currently my prosody version is 11.02 somthing . my question is how to install prosody 747 version

ii prosody-trunk 1nightly1263-1~bionic amd64 Lightweight Jabber/XMPP server

The newer version of Prosody supports token authentication. Trunk 747 is quite dated now. Why do you want to downgrade?

If you are running into issues with token, the other day I read detailed instructions on github on how to do it. Someone posted in this forum.

i follow your document for installation. and also switched on ubuntu 18.04 , but now i am getting this exception in prosody log , Error verifying token err:not-allowed, reason:Invalid signature

can you please help me how to create token and test my server …i will be very thankful

You are making progress and heading in the right direction. From the error it looks like something is amiss with the secret, audience, issuer, etc.

Ensure that all the required pieces for JWT are setup correctly.

Bro i checked it 100 times but still give that error , i want to share my token and prosody config file so find out what is the exact issue.

it is prosody configuration cfg.lua.txt (3.3 KB) and
and this is my token My token.txt (450 Bytes) , please help i have to deliver it tonight.

You are using wrong secret to sign your jwt is what I suspect.
The secret in prosody config and the one you use to sign does not match.

can you provide more detail , what should i used ?