What I would like to achieve is that users can join conferences from my website using a link like “https://example.com/room1?jwt_or_other_auth=somevalue” and they are always admins.
Other people instead join using “https://example.com/room1” and they are never granted admin permissions.
Am I correct about using jwt tokens? Or is this configurable in other ways?
Also, I tryed to change enableUserRolesBasedOnToken to true, but when I do that dialout breaks.
here’s the log from the developer console in chrome:
app.bundle.min.js?v=2942:sourcemap:2 [react/features/invite/functions.js] <>: Error searching directory: SyntaxError: Unexpected token < in JSON at position 0
app.bundle.min.js?v=2942:sourcemap:2 [react/features/base/react/components/web/MultiSelectAutocomplete.js] <>: MultiSelectAutocomplete error in query SyntaxError: Unexpected token < in JSON at position 0
Currently jwt cannot control moderator role. You can have the first to join to be moderator or enabling a module, all participants to be moderators, the same way meet.jit.si is configured.
If you enable secure domain https://github.com/jitsi/jicofo#secure-domain, the first to join in a conference will be asked for username and password and after the authenticated user joins, guests can enter the room without authentication. If a guests try entering before the authenticated user, the guest will need to wait till the authenticated enters and will be automatically connected.
This file is included in jitsi-meet-tokens, but If I enable the official repo for prosody and install jitsi-meet-tokens I get a whole new set of issues.
Is there a more straightforward documentation to install muc_allowners on top of the basic installation described in the quick-install document?
@Niclas_von_Ahsen can you put in the documentation how to proceed with the docker install? I am not sure in what folder to place your module and what other configurations I may need. So far I could not enable it on docker install.
Is my comment misleading? I can delete it if so! I’ve been on quite the adventure trying to get JWTs to work with guests going to the waiting room by default today, so I thought I would try to leave a trail where possible…
Haha, well no, don’t worry.
You can validate jwt token so you can make sure someone authenticated that participant. In the open-source repo we have validation for accessing rooms ( mod_token_verification.lua).
But other than the allowners module there is nothing that sets the affiliation (moderator) based on token, allowners module do it for certain room names and tenants that are pre-configured in prosody (moderated tenant on meet.jit.si).
But there are custom modules that can do that for you, assign moderator based on token.
For 8x8.vc for example it is that case - we have a module that assign the role based on some conditions.
I was able to get everything working! Thank you much for your help, @damencho! I also replicated my steps in a clean instance to ensure that they would be roughly repeatable in the future without all of the unnecessary garbage that I had done while figuring this out.
If it would be helpful for the community, I would be happy to share my steps and config files. Do you think that would be helpful? Is there a good place/way for me to do that?
Our requirements are thus:
Authenticate all users with JWTs issued by our own HTTP server
Designate some users as moderators, others as non-moderators. These roles are governed by claims in the JWT using token_affiliation
Automatically initialize the lobby feature when a moderator joins, and allow other moderators (or the first) to bypass the lobby when they join/rejoin