Reputation: 3962
Jitsi Meet - Allow only JWT token authentication and get rid of user and password authentication
On my Jitsi Meet Prodody config file: ~/.jitsi-meet-cfg/prosody/config/conf.d
I have the following configuration:
admins = {
"[email protected]",
"[email protected]"
}
plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom" }
http_default_host = "meet.jitsi"
VirtualHost "meet.jitsi"
authentication = "token"
app_id = "this-is-my-app-id"
app_secret = "FF0AE1DEC0F36167A100CF0C234CF4A5"
allow_empty_token = false
ssl = {
key = "/config/certs/meet.jitsi.key";
certificate = "/config/certs/meet.jitsi.crt";
}
modules_enabled = {
"bosh";
"pubsub";
"ping";
"speakerstats";
"conference_duration";
}
speakerstats_component = "speakerstats.meet.jitsi"
conference_duration_component = "conferenceduration.meet.jitsi"
c2s_require_encryption = false
VirtualHost "auth.meet.jitsi"
ssl = {
key = "/config/certs/auth.meet.jitsi.key";
certificate = "/config/certs/auth.meet.jitsi.crt";
}
authentication = "internal_hashed"
VirtualHost "recorder.meet.jitsi"
modules_enabled = {
"ping";
}
authentication = "internal_hashed"
Component "internal-muc.meet.jitsi" "muc"
storage = "memory"
modules_enabled = {
"ping";
}
muc_room_locking = false
muc_room_default_public_jids = true
Component "muc.meet.jitsi" "muc"
storage = "memory"
modules_enabled = {
"muc_meeting_id";
"token_verification";
}
muc_room_cache_size = 1000
muc_room_locking = false
muc_room_default_public_jids = true
Component "focus.meet.jitsi"
component_secret = "1380629bfbc47acef63de093bcf231ec"
Component "speakerstats.meet.jitsi" "speakerstats_component"
muc_component = "muc.meet.jitsi"
Component "conferenceduration.meet.jitsi" "conference_duration_component"
muc_component = "muc.meet.jitsi"
With that I'm able to authenticate via jwt token.
But if I don't specify any token, for example:
https://jitsi.mydummyserver.com/test
Then I get the following prompt asking for user and password:
Is there any way to only allow token authentication and get rid of that prompt at all?
Thanks!
Upvotes: 3
Views: 5808
Answers (1)
Reputation: 40
You can set an endpoint for token generation on tokenAuthUrl in /etc/jitsi/meet/<fqdn>-config.js file.
tokenAuthUrl is currently undocumented. You can check pull request for tokenAuthUrl here
If you want to completely redirect if the meeting URL doesn't contain a JWT token, then you can write a simple Nginx or Apache rules in server configuration.
Since the meeting URL is in https://meet.example.com?jwt=<token> format,
the Nginx configuration rule will be like
location / {
set $url 1;
if ($arg_jwt = ''){
set $url 0;
}
if ($url = 1){
return 301 https://$host$request_uri;
}
return 301 https://example.com;
}
This will redirect to example.com if the meeting URL doesn't contain a JWT query parameter & even if the user tries to bypass Nginx rule by appending a jwt auery parameter at the end of the meeting URL, the access will be denied since, the JWT is invalid.
Upvotes: 1
Related Questions
- Generating JWT tokens
- Quarkus - support 2 types of jwt auth
- Open ID Connect with JWT Bearer Token Grant Type
- How to generate JWT token for the Jitsi payload
- JWT with user password in key
- Adding authentication to Jitsi Meet
- How to skip or remove password field in simplejwt token authentication in django rest framework?
- openid connect 2.0 and setting authentication JWT in http only cookie
- Authentication with JWT Lumen without password
- Authentication with JWT and JSONAPI