Working JWT but not working JWT now

Hi

I cloned the dev branch and set up the compose stuff with .env so I could try the JWT stuff. A week ago I set all this up and it has been working fine, well until I stopped docker compose and started them again now I am getting You have been disconnected... when I enter a room wtih jwt full url.

Like this was working fine as is with the samples below now it does not :frowning: I tried docker-compose up --force-recreate with no luck and I did not change anything in the config or in .env since I set all this up properly.

# Enable authentication.                                                                                                                                                                                         
  ENABLE_AUTH=1                                                                                                                                                                                                    
                                                                                                                                                                                                                   
  # Enable guest access.                                                                                                                                                                                           
  ENABLE_GUESTS=1                                                                                                                                                                                                  
                                                                                                                                                                                                                   
  # Select authentication type: internal, jwt or ldap                                                                                                                                                              
  #AUTH_TYPE=internal                                                                                                                                                                                              
  AUTH_TYPE=jwt             
jvb_1      | JVB 2019-07-09 00:33:14.993 INFO: [20] org.jitsi.videobridge.health.Health.log() Performed a successful health check in 36ms. Sticky failure: false                                                  
jvb_1      | JVB 2019-07-09 00:33:16.085 INFO: [16] org.jitsi.xmpp.mucclient.MucClientManager.log() Setting a presence extension: net.java.sip.communicator.impl.protocol.jabber.extensions.colibri.ColibriStatsExtension@8e60159
jvb_1      | JVB 2019-07-09 00:33:21.087 INFO: [16] org.jitsi.xmpp.mucclient.MucClientManager.log() Setting a presence extension: net.java.sip.communicator.impl.protocol.jabber.extensions.colibri.ColibriStatsExtension@7401d724
web_1      | 192.168.48.1 - - [09/Jul/2019:00:33:22 -0500] "GET /ROOM?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb250ZXh0Ijp7InVzZXIiOnsiYXZhdGFyIjoiaHR0cHM6Ly9yb2JvaGFzaC5vcmcvam9obi1kb2UiLCJuYW1lIjoiSm9obiBEb2UiLCJlbWFpbCI6Impkb2VAZXhhbXBsZS5jb20ifX0sImF1ZCI6Ing5MF9JbnNhbl9NZWV0X1VwIiwiaXNzIjoieDkwX0luc2FuX01lZXRfVXAiLCJzdWIiOiJtZWV0LmppdHNpIiwicm9vbSI6IkV2QWhhbGlzaSJ9.ZyTDGJNP38dcjY2bZ8Zt_pJgI_dRD0u62-jXveEt084 HTTP/1.1" 200 11109 "https://MYDOMAIN/ROOM?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb250ZXh0Ijp7InVzZXIiOnsiYXZhdGFyIjoiaHR0cHM6Ly9yb2JvaGFzaC5vcmcvam9obi1kb2UiLCJuYW1lIjoiSm9obiBEb2UiLCJlbWFpbCI6Impkb2VAZXhhbXBsZS5jb20ifX0sImF1ZCI6Ing5MF9JbnNhbl9NZWV0X1VwIiwiaXNzIjoieDkwX0luc2FuX01lZXRfVXAiLCJzdWIiOiJtZWV0LmppdHNpIiwicm9vbSI6IkV2QWhhbGlzaSJ9.ZyTDGJNP38dcjY2bZ8Zt_pJgI_dRD0u62-jXveEt084" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36"
prosody_1  | mod_bosh                                  info     New BOSH session, assigned it sid 'ec927741-f795-4298-9de7-a638ca9b1b48'                                                                          
prosody_1  | boshec927741-f795-4298-9de7-a638ca9b1b48  warn     No available SASL mechanisms, verify that the configured authentication module is working                                                         
web_1      | 192.168.48.1 - - [09/Jul/2019:00:33:23 -0500] "POST /http-bind?room=ROOM&token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb250ZXh0Ijp7InVzZXIiOnsiYXZhdGFyIjoiaHR0cHM6Ly9yb2JvaGFzaC5vcmcvam9obi1kb2UiLCJuYW1lIjoiSm9obiBEb2UiLCJlbWFpbCI6Impkb2VAZXhhbXBsZS5jb20ifX0sImF1ZCI6Ing5MF9JbnNhbl9NZWV0X1VwIiwiaXNzIjoieDkwX0luc2FuX01lZXRfVXAiLCJzdWIiOiJtZWV0LmppdHNpIiwicm9vbSI6IkV2QWhhbGlzaSJ9.ZyTDGJNP38dcjY2bZ8Zt_pJgI_dRD0u62-jXveEt084 HTTP/1.1" 200 451 "https://MYDOMAIN/ROOM?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb250ZXh0Ijp7InVzZXIiOnsiYXZhdGFyIjoiaHR0cHM6Ly9yb2JvaGFzaC5vcmcvam9obi1kb2UiLCJuYW1lIjoiSm9obiBEb2UiLCJlbWFpbCI6Impkb2VAZXhhbXBsZS5jb20ifX0sImF1ZCI6Ing5MF9JbnNhbl9NZWV0X1VwIiwiaXNzIjoieDkwX0luc2FuX01lZXRfVXAiLCJzdWIiOiJtZWV0LmppdHNpIiwicm9vbSI6IkV2QWhhbGlzaSJ9.ZyTDGJNP38dcjY2bZ8Zt_pJgI_dRD0u62-jXveEt084" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36"                                         

Try rebuilding the images and re-creating the config volume.

Thanks, that did not work :frowning: I am getting authentication faiiled now

I recreated jwt tokens with for β€œ*” and I still cant access any toom, old or new:(

Is it possible to tell anything about the issue from this partial log? I captured from when the page load happens.

I omitted the tokens.

https://paste.debian.net/hidden/ec4c2aec/

edit:

It seems like the generated jitsi-meet.cfg.lua does not reflect the .env see

prosody/conf.d/jitsi-meet.cfg.lua

VirtualHost "meet.jitsi"                                                                                                                                                                                           
                                                                                                                                                                                                                   
    authentication = "internal_plain"                                                                                                                                                                              
                                                                                                                                                                                                                   
    ssl = {                                                                                                                                                                                                        
        key = "/config/certs/meet.jitsi.key";                                                                                                                                                                      
        certificate = "/config/certs/meet.jitsi.crt";                                                                                                                                                              
    }                                

I have a previous version of this particular generated file and that one definetely has

authentication = "token"

Maybe a bug introduced recently in dev branch?

Copying the old version over to the newly generated one gets rid of the auth error but then I am back to No available SASL mechanisms, verify that the configured authentication module is working

You must remove the CONFIG directory every time you edit the .env file, so it’s re-created. Please do that and let us know how it goes.

That is exactly what I did. And the jitsi-meet.cfg.lua I pasted was from the new one.

What I am saying is that the newly generated prosody/conf.d/jitsi-meet.cfg.lua (after I removed the whole config directory) defaults to authentication = "internal_plain" whether .env is using jwt or not

The prosody/conf.d/jitsi-meet.cfg.lua from the previous CONFIG folder had the correct auth method

Just to make sure I redid my steps. I stoped the containers. I deleted the CONFIG folder. The I restarted docker-compose , please see the resulting prosody/conf.d/jitsi-meet.cfg.lua

/DRIVE/jitsimeetdev/prosody/conf.d# cat jitsi-meet.cfg.lua 


admins = { "focus@auth.meet.jitsi" }
plugin_paths = { "/prosody-plugins-custom" }
http_default_host = "meet.jitsi"

VirtualHost "meet.jitsi"
    
    authentication = "internal_plain"
    
    ssl = {
        key = "/config/certs/meet.jitsi.key";
        certificate = "/config/certs/meet.jitsi.crt";
    }
    modules_enabled = {
        "bosh";
        "pubsub";
        "ping";
        
    }

Here is the relevant .env


CONFIG=/DRIVE/jitsimeetdev

# Enable authentication.                                                                                                                                                                                         
  ENABLE_AUTH=1                                                                                                                                                                                                    
                                                                                                                                                                                                                   
  # Enable guest access.                                                                                                                                                                                           
  ENABLE_GUESTS=1                                                                                                                                                                                                  
                                                                                                                                                                                                                   
  # Select authentication type: internal, jwt or ldap                                                                                                                                                              
  #AUTH_TYPE=internal                                                                                                                                                                                              
  AUTH_TYPE=jwt                                                                                                                                                                                                    
                                                                                                                                                                                                                   
  # JWT auuthentication                                                                                                                                                                                            
  #                                                                                                                                                                                                                
                                                                                                                                                                                                                   
  # Application identifier.                                                                                                                                                                                        
  JWT_APP_ID=ID

I will clone the dev repo and start from scratch later.

Remember you need to rebuild the images with make