Vertical solutions and authentication

I successfully enabled internal authentication, and it works as intended. However, what I really need is app-level authentication, as I wish to control user access and privileges through a custom web app’s UI. I don’t want/need user-level authentication at the Jitsi library level.

Of course, I could use a single prosody user, but the credentials would have to be stored somewhere and would be easily discoverable because the library is client-side.

Is there any way to have a single, secure, non-discoverable login at the app level? A one-time setup / configuration step would be acceptable.

Thanks for any pointers!

My plan is to incorporate video conferencing into a CMS. The CMS has full support for user accounts and authentication, and I’d like to manage Jitsi access via the CMS. Is there a way to authenticate the CMS with Jitsi and then control access for individual users via the CMS itself?

This seems to be key for leveraging the API to develop a vertical solution that uses video conferencing as a component. If one wants to add value to an existing platform or service by incorporating video conferencing, what’s the recommended best practice?

Managing individual users within prosody seems needlessly complicated if the platform already offers user management and access control. The Jitsi Meet API (lib-jitsi-meet.min.js) offers the functionality needed, but there seems to be no way to authenticate server-side with prosody. Is that correct, or am I missing something? Is it on the roadmap?

For example, what if one wanted to develop a talview-like service. Video conferencing is just one component of such a service, and it would need to be tightly integrated with the rest of the platform. Obviously, prosody wouldn’t be used to manage user accounts if the platform itself already has user management. It seems what’s needed is a way for the platform to authenticate with Jitsi/prosody so that it can manage the video conferencing on behalf of the logged-in user.

Has anyone developed a web platform using Jitsi as opposed to just using its out-of-the-box UI and functionality for one-off video conferencing? Any ideas on how to approach this?

I had been avoiding using JWT because the docs stated they would not work with websockets. However, @damencho has indicated that is not true; so it seems JWT might be the way forward.