Tokens or other auth method configurations

I’m testing jitsi, and I’m confused on authentication and roles.

I installed it following

What I would like to achieve is that users can join conferences from my website using a link like “” and they are always admins.
Other people instead join using “” and they are never granted admin permissions.

Am I correct about using jwt tokens? Or is this configurable in other ways?

Also, I tryed to change enableUserRolesBasedOnToken to true, but when I do that dialout breaks.

here’s the log from the developer console in chrome:

app.bundle.min.js?v=2942:sourcemap:2 [react/features/invite/functions.js] <>: Error searching directory: SyntaxError: Unexpected token < in JSON at position 0
app.bundle.min.js?v=2942:sourcemap:2 [react/features/base/react/components/web/MultiSelectAutocomplete.js] <>: MultiSelectAutocomplete error in query SyntaxError: Unexpected token < in JSON at position 0

Thanks all…

Currently jwt cannot control moderator role. You can have the first to join to be moderator or enabling a module, all participants to be moderators, the same way is configured.
If you enable secure domain, the first to join in a conference will be asked for username and password and after the authenticated user joins, guests can enter the room without authentication. If a guests try entering before the authenticated user, the guest will need to wait till the authenticated enters and will be automatically connected.

Thanks, but I have a further question now:
secure domain:
It is possible to allow only authenticated users for creating new conference rooms
this is done by setting authentication = “internal_plain”

If I enable secure domain and have this scenario:
authenticated user creates a room, he is the moderator
guests join
authenticated user leaves
who is the moderator now?

Also, can I use secure domain with authentication = “token”?

If this was the only moderator in the room, there will be no more a moderator and only guests.


Maybe I’m starting to understand.
Between these options I would like to enable moderator rights for all users (if everyone is a moderator, no one is a moderator).
How do I install

This file is included in jitsi-meet-tokens, but If I enable the official repo for prosody and install jitsi-meet-tokens I get a whole new set of issues.
Is there a more straightforward documentation to install muc_allowners on top of the basic installation described in the quick-install document?

You need to put that file in a folder and uncomment and add that folder like this:

Make sure the prosody user can read it.

Then under you need to enable it like:

Component "" "muc"
modules_enabled = { "muc_allowners" }

Hey, I made a lua module that sets user’s moderator status based on a boolean in the jwt token, it might help you out (only a few months too late :slight_smile: ).


Hi Damencho
I would like to do that you explain here
if you can explain where i need to change

Thank you so much for this. Just what I needed!

@Niclas_von_Ahsen can you put in the documentation how to proceed with the docker install? I am not sure in what folder to place your module and what other configurations I may need. So far I could not enable it on docker install.

For anyone else who comes across this, I believe the statement “Currently jwt cannot control moderator role” is now false on account of Damian’s post in another forum.

I’m not so convinced :slight_smile:

Is my comment misleading? I can delete it if so! I’ve been on quite the adventure trying to get JWTs to work with guests going to the waiting room by default today, so I thought I would try to leave a trail where possible… :stuck_out_tongue:

Haha, well no, don’t worry.
You can validate jwt token so you can make sure someone authenticated that participant. In the open-source repo we have validation for accessing rooms ( mod_token_verification.lua).
But other than the allowners module there is nothing that sets the affiliation (moderator) based on token, allowners module do it for certain room names and tenants that are pre-configured in prosody (moderated tenant on

But there are custom modules that can do that for you, assign moderator based on token.

For for example it is that case - we have a module that assign the role based on some conditions.

1 Like

I was able to get everything working! Thank you much for your help, @damencho! I also replicated my steps in a clean instance to ensure that they would be roughly repeatable in the future without all of the unnecessary garbage that I had done while figuring this out.

If it would be helpful for the community, I would be happy to share my steps and config files. Do you think that would be helpful? Is there a good place/way for me to do that?

Our requirements are thus:

  1. Authenticate all users with JWTs issued by our own HTTP server
  2. Designate some users as moderators, others as non-moderators. These roles are governed by claims in the JWT using token_affiliation
  3. Automatically initialize the lobby feature when a moderator joins, and allow other moderators (or the first) to bypass the lobby when they join/rejoin

I think the community would appreciate that. People often come in here looking for solutions, I’m sure this would be useful. You can create it right here as a new thread.

You may create a new topic to share the solution, something like this

@emrah @Freddie @damencho I posted a tutorial here. Please let me know if you think I should make any edits. Thanks for all your hard work!

1 Like