Dear Guys,
I read a lot and I undertood that there is a plugin for the jitsi to check the token validity based on the set parameters. I understood that many things username etc I can pass via the token objects, but who generates the token for me?
The generating token is beyond the scope of Jitsi. You should implement your own solution to generate tokens.
Something I cant understand about this token.
For example if I have a room name: test_room001
I can create the room if use a jwt token for it right?
After the room is ready how can the guests come? They also need the token or they just need the room id? If they need token how they will get it?
If you’ve configured your deployment to allow guests, they don’t need a token to join the meeting/room.
Ok I see now but with this token functionality I lost the capability to someone crate a room with username password.
So as I saw here somewhere there is no option for token and username password authetication at the same time.
Do you have idea what can I do? The goal is to be able the token to work and able to make room with username password.
brn
If username/password is OK for you, why do you need the token authentication?
because there are devices which need to login automatically into the meeting.
Just imagine there is a meeting someone created it. And a device like raspberry pi with a tv and camera and microphone connected to it needs to login with this meeting without any interaction. I can do it with token only. But the ability to create the room is need to be possible via username and password.
I checked now I can create a meeting with token I can login the meeting with token but guests cannot login just with token. just with the http://mydomain.xx/roomname they can’t join the meeting.
What I made wrong?
You may enable the token authentication and you may use eparto.net for username/password login.
If you want to install your own setup, see galaxy
Can you share your prosody config?
plugin_paths = { “/usr/share/jitsi-meet/prosody-plugins/” }
– domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = “jitsi.mydomain.com”;
external_service_secret = “KcymorU1R98Hj0tX”;
external_services = {
{ type = “stun”, host = “jitsi.mydomain.com”, port = 3478 },
{ type = “turn”, host = “jitsi.mydomain.com”, port = 3478, transport = “udp”, secret = true, ttl = 86400, algorithm = “turn” },
{ type = “turns”, host = “jitsi.mydomain.com”, port = 5349, transport = “tcp”, secret = true, ttl = 86400, algorithm = “turn” }
};
cross_domain_bosh = false;
consider_bosh_secure = true;
– https_ports = { }; – Remove this line to prevent listening on port 5284
– by default prosody 0.12 sends cors headers, if you want to disable it uncomment the following (the config is available on 0.12.1)
–http_cors_override = {
– bosh = {
– enabled = false;
– };
– websocket = {
– enabled = false;
– };
–}
– Mozilla SSL Configuration Generator
ssl = {
protocol = “tlsv1_2+”;
ciphers = “ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384”
}
unlimited_jids = {
“focus@auth.jitsi.mydomain.com”,
“jvb@auth.jitsi.mydomain.com”
}
VirtualHost “jitsi.mydomain.com”
authentication = “token” – do not delete me
– Properties below are modified by jitsi-meet-tokens package config
– and authentication above is switched to “token”
app_id=“3245ID”
app_secret=“ADCDERDULU76”
– Assign this host a certificate for TLS, otherwise it would use the one
– set in the global section (if any).
– Note that old-style SSL on port 5223 only supports one certificate, and will always
– use the global one.
ssl = {
key = “/etc/prosody/certs/jitsi.mydomain.com.key”;
certificate = “/etc/prosody/certs/jitsi.mydomain.com.crt”;
}
av_moderation_component = “avmoderation.jitsi.mydomain.com”
speakerstats_component = “speakerstats.jitsi.mydomain.com”
conference_duration_component = “conferenceduration.jitsi.mydomain.com”
end_conference_component = “endconference.jitsi.mydomain.com”
– we need bosh
modules_enabled = {
“bosh”;
“pubsub”;
“ping”; – Enable mod_ping
“speakerstats”;
“external_services”;
“conference_duration”;
“end_conference”;
“muc_lobby_rooms”;
“muc_breakout_rooms”;
“av_moderation”;
“room_metadata”;
}
c2s_require_encryption = false
lobby_muc = “lobby.jitsi.mydomain.com”
breakout_rooms_muc = “breakout.jitsi.mydomain.com”
room_metadata_component = “metadata.jitsi.mydomain.com”
main_muc = “conference.jitsi.mydomain.com”
– muc_lobby_whitelist = { “recorder.jitsi.mydomain.com” } – Here we can whitelist jibri to enter lobby enabled rooms
Component “conference.jitsi.mydomain.com” “muc”
restrict_room_creation = true
storage = “memory”
modules_enabled = {
“muc_meeting_id”;
“muc_domain_mapper”;
“polls”;
“token_verification”;
“muc_rate_limit”;
}
admins = { “focus@auth.jitsi.mydomain.com” }
muc_room_locking = false
muc_room_default_public_jids = true
Component “breakout.jitsi.mydomain.com” “muc”
restrict_room_creation = true
storage = “memory”
modules_enabled = {
“muc_meeting_id”;
“muc_domain_mapper”;
“muc_rate_limit”;
“polls”;
}
admins = { “focus@auth.jitsi.mydomain.com” }
muc_room_locking = false
muc_room_default_public_jids = true
– internal muc component
Component “internal.auth.jitsi.mydomain.com” “muc”
storage = “memory”
modules_enabled = {
“ping”;
}
admins = { “focus@auth.jitsi.mydomain.com”, “jvb@auth.jitsi.mydomain.com” }
muc_room_locking = false
muc_room_default_public_jids = true
VirtualHost “auth.jitsi.mydomain.com”
ssl = {
key = “/etc/prosody/certs/auth.jitsi.mydomain.com.key”;
certificate = “/etc/prosody/certs/auth.jitsi.mydomain.com.crt”;
}
modules_enabled = {
“limits_exception”;
}
authentication = “internal_hashed”
– Proxy to jicofo’s user JID, so that it doesn’t have to register as a component.
Component “focus.jitsi.mydomain.com” “client_proxy”
target_address = “focus@auth.jitsi.mydomain.com”
Component “speakerstats.jitsi.mydomain.com” “speakerstats_component”
muc_component = “conference.jitsi.mydomain.com”
Component “conferenceduration.jitsi.mydomain.com” “conference_duration_component”
muc_component = “conference.jitsi.mydomain.com”
Component “endconference.jitsi.mydomain.com” “end_conference”
muc_component = “conference.jitsi.mydomain.com”
Component “avmoderation.jitsi.mydomain.com” “av_moderation_component”
muc_component = “conference.jitsi.mydomain.com”
Component “lobby.jitsi.mydomain.com” “muc”
storage = “memory”
restrict_room_creation = true
muc_room_locking = false
muc_room_default_public_jids = true
modules_enabled = {
“muc_rate_limit”;
“polls”;
}
Component “metadata.jitsi.mydomain.com” “room_metadata_component”
muc_component = “conference.jitsi.mydomain.com”
breakout_rooms_component = “breakout.jitsi.mydomain.com”
VirtualHost “guest.jitsi.mydomain.com”
authentication = “anonymous”
c2s_require_encryption = false
here it is.
Actually this is not what I expected but it works if
allow_empty_token=true
is added after
app_secret=...
What do you expected?
My expectation is that the client joins the room even they have no token when allow_empty_token is set but this is not the case when guest virtualhost is enabled.
I need that for the room creation need authentication with token, because with token we can make only the room creation and jump into the room without any mouse or keyboard interaction. Once this room created guests need to be able to join with just the room name without token.
In this case is my config ok?
You need to add
allow_empty_token=true
into the main virtual host right?
Yes, after app_secret…