Integration of JWT with Jitsi

Integration of JWT with Jitsi

Introduction

Security of data on the internet has been a prevalent concern in recent years, as with increased advancements comes the increased risk of privacy breaches. Jitsi, an open-source video conferencing platform, is renowned for its security measures and often used to conduct meetings of a sensitive nature as a result. This is possible because of the JWT integration in place. This article aims to break down the steps you can take to integrate JWT into Jitsi on your own servers.

Before moving into the integration of JWT with Jitsi, you need to have a working Jitsi setup. If you do not have it already, you can read about it here or we can help you. Kindly email hello@meetrix.io for further details.

What is JWT and why use it with Jitsi

JSON Web Token - referred to in mainstream as JWT - is a dense, URL-safe means of representing the transfer of claims between two parties. It's commonly used for authentication and authorization purposes. JWT can be used to monitor access to video conferences on Jitsi as well as implement custom roles and permissions. It also enforces authentication upon users for a more streamlined and secure experience. You can engage in the following steps in order to integrate JWT with Jitsi:

How to integrate JWT with Jitsi

For your convenience, “jitsi-meet.example.com” will be used as the domain throughout this blog. Please replace it with your domain and make changes accordingly.
  1. Change prosody config file in path: /etc/prosody/conf.d/jitsi-meet.example.com.cfg.lua
  • Add app_id and app_secret and save them.
VirtualHost "jitsi-meet.example.com"
    authentication = "token";
    app_id = "your_app_id";
    app_secret = "your_app_secret";
    allow_empty_token = false;
  • Add/uncomment token verification plugin inside the modules enabled in Component section .
Component "conference.jitsi-meet.example.com" "muc"
  modules_enabled = {
    "token_verification";
  }

2. Restart service.

sudo systemctl restart prosody.service

Generate a JWT token


Go to https://jwt.io

You will find three segments HEADER, PAYLOAD and VERIFY SIGNATURE

HEADER: ALGORITHM & TOKEN TYPE are included. Leave it as it is.

PAYLOAD: Contains information about the entity and additional metadata. Below is an example of a payload.

{
  "context": { 
    "user": {	
      "avatar": "your_client_avatar_url",
      "name": "your_client_name",
      "email": "your_client_email",
      "moderator": true
    }
  },
  "aud": "jitsi",
  "iss": "your_app_id",
  "sub": "jitsi-meet.example.com",
  "room": "*",
  "nbf": 1691498815,
  "exp": 1692498815
}

Client data:
- avatar - add the URL of your client avatar
- name - name of your client
- email - email of your client

Application data:
- iss - Your app_id (Added in prosody configuration file
- sub - Your xmpp domain (ex: jitsi-meet.example.com)
- exp - Your token expiration date in unix timestamp standard
- aud   -  Specifies the intended recipient of the token (the audience).
- nbf  - The time before which the token is not valid in unix timestamp standard.
- room - Which rooms will be allowed by the token ('*' will make this token suitable for all the rooms)
- moderator - Whether to give moderator privilege or not to the user

VERIFY SIGNATURE: Add your app_secret here

Test the meeting

Copy the generated token (TOKEN) from https://jwt.io

Now initiate a meeting on Jitsi Meet by sending the generated TOKEN with the meeting URL:  https://jitsi-meet.example.com/roomName?jwt=TOKEN

Conclusion

This process is uncomplicated and results in an added layer of security to your meetings on Jitsi, which increases authenticity as well as ensures the safety of the data shared within meetings. JWT is among some of the most optimal security tools available in the market. Others that can be integrated into Jitsi include Secure Domain, Single Sign On and LDAP. Your meetings on Jitsi are only a few straightforward steps away from being fully secured.

Discover Seamless Meetings with >>>
Meetrix