Token authentication working with prosody 747 but not with latest version. Ubuntu 18.04

but from your solution i went to cyberchef where i sign token with my secret key.

That depends on how you’ve setup your system.

First try to disable token authentication completely and see if your Jitsi platform works with 2 and more people in a meeting.

Hi Mike, I just created an account here to say thank you for this. I spent so many hours last night trying to get token auth working on a debian instance, and in a short time this morning I have instead spun up a new Ubuntu 18.04 and sucessfuly setup Token auth.

Thanks again!

Hi all,

I have followed the document and this has helped a lot, how ever now I am stuck. I started getting this error

general warn Error verifying token err:not-allowed, reason:token required

After adding some log statements in the /usr/share/jitsi-meet/prosody-plugins/mod_auth_token.lua, I see that the token is not being parsed

May 04 07:42:54 conference.beta.example.com:muc_domain_mapper warn Session filters applied
May 04 07:42:54 mod_bosh info New BOSH session, assigned it sid ‘b5751b9f-add1-439f-be92-45ba0c96b614’
May 04 07:42:54 general info params key - value – [name] [room]
May 04 07:42:54 general info params key - value – [value] [myroom11]
May 04 07:42:54 general info My token:
May 04 07:42:54 general warn Error verifying token err:not-allowed, reason:token required

I added below lines in the mod_auth_token.lua

    for index, data in ipairs(params) do
        print(index)

        for key, value in pairs(data) do
            log("info", "params key - value -- ", key, value)
        end
    end
    log("info", "My token:%s", session.auth_token);

Can someone help me out in this. I have verified that the APP_ID, APP_SECRET are correct on both ends (prosody and JWT creation)

I am using external API with and creating token using PyJWT.

Thanks for the help in advance.

Regards,
M

Adding a bit more logging shows that /http-bind never received my JWT token.

May 04 09:40:00 mod_bosh info Client tried to use sid ‘f2c95b63-a43f-4810-ae8c-b795bca994a8’ which we don’t know about
May 04 09:40:00 conference.beta.example.com:muc_domain_mapper warn Session filters applied
May 04 09:40:00 mod_bosh info New BOSH session, assigned it sid ‘dfdaf9dd-7e9e-4aa9-81e7-af94b1ba1ea9’
May 04 09:40:00 general info Full session [bosh_responses] [table: 0x55ddb4b12950]
May 04 09:40:00 general info Full session [secure] [true]
May 04 09:40:00 general info Full session [close] [function(mod_bosh.lua:222)]
May 04 09:40:00 general info Full session [conn] [table: 0x55ddb4953790]
May 04 09:40:00 general info Full session [filter] [function(filters.lua:21)]
May 04 09:40:00 general info Full session [ip] [127.0.0.1]
May 04 09:40:00 general info Full session [type] [c2s_unauthed]
May 04 09:40:00 general info Full session [thread] [table: 0x55ddb4b13530]
May 04 09:40:00 general info Full session [filters] [table: 0x55ddb4b13840]
May 04 09:40:00 general info Full session [streamid] [dfdaf9dd-7e9e-4aa9-81e7-af94b1ba1ea9]
May 04 09:40:00 general info Full session [log] [function(logger.lua:27)]
May 04 09:40:00 general info Full session [notopen] [true]
May 04 09:40:00 general info Full session [requests] [table: 0x55ddb4b12ad0]
May 04 09:40:00 general info Full session [bosh_wait] [60]
May 04 09:40:00 general info Full session [dispatch_stanza] [function(stanza_router.lua:53)]
May 04 09:40:00 general info Full session [reset_stream] [function(mod_bosh.lua:219)]
May 04 09:40:00 general info Full session [send_buffer] [table: 0x55ddb4b12b10]
May 04 09:40:00 general info Full session [bosh_max_inactive] [60]
May 04 09:40:00 general info Full session [sid] [dfdaf9dd-7e9e-4aa9-81e7-af94b1ba1ea9]
May 04 09:40:00 general info Full session [host] [beta.example.com]
May 04 09:40:00 general info Full session [bosh_version] [1.6]
May 04 09:40:00 general info Full session [rid] [3025670884]
May 04 09:40:00 general info Full request [url] [table: 0x55ddb4b0def0]
May 04 09:40:00 general info Full request [httpversion] [1.0]
May 04 09:40:00 general info Full request [headers] [table: 0x55ddb4b0dfd0]
May 04 09:40:00 general info Full request [body] []
May 04 09:40:00 general info Full request [path] [/http-bind]
May 04 09:40:00 general info Full request [conn] [table: 0x55ddb4953790]
May 04 09:40:00 general info Full request [ip] [127.0.0.1]
May 04 09:40:00 general info Full request [method] [POST]
May 04 09:40:00 general info ----------------
May 04 09:40:00 general info Request URL [path] [/http-bind]
May 04 09:40:00 general info Request URL [query] [room=alpharoom321]
May 04 09:40:00 general info My token:
May 04 09:40:01 general warn Error verifying token err:not-allowed, reason:token required

“Version: 0.10.0-1build1” seems to be the latest stable. Does that mean stable does not support jwt yet ?

Latest stable from prosody is 0.11

I want to share you a solution using docker jitsi meet

I see an apt-get install showing prosody is already the newest version (0.10.0-1build1). This is based on deb https://download.jitsi.org stable/

Jitsi JWT does not work with Prosody 0.10

Need 0.11 or higher

https://prosody.im/download/
Latest version:

0.11.5

You can add their repo if your distro still doesn’t have it: https://prosody.im/download/package_repository

Hi Mike,
I tried your installation doc, but it seems, that jigasi will not be installed.

While trying to restart the jigasi service i receive the following error
Failed to restart jigasi.service: Unit jigasi.service not found.

At the tail -f -n 350 /var/log/jitsi/jicofo.log I see
Jicofo 2020-05-24 18:53:09.056 SEVERE: [29] org.jitsi.meet.ComponentMain.log() java.net.SocketTimeoutException: connect timed out, host:jitsi.domain.at, port:5347

at the prosodyn log
focus.jitsi.domain.at:component warn Component not connected, bouncing error for:

Do you have any idea?
Kind regards
Thomas