Security of data on the internet has been a prevalent concern in recent years, as with increased advancements comes the increased risk of privacy breaches. Jitsi, an open-source video conferencing platform, is renowned for its security measures and often used to conduct meetings of a sensitive nature as a result. This is possible because of the JWT integration in place. This article aims to break down the steps you can take to integrate JWT into Jitsi on your own servers.
Before moving into the integration of JWT with Jitsi, you need to have a working Jitsi setup. If you do not have it already, you can read about it here or we can help you. Kindly email email@example.com for further details.
What is JWT and why use it with Jitsi
JSON Web Token - referred to in mainstream as JWT - is a dense, URL-safe means of representing the transfer of claims between two parties. It's commonly used for authentication and authorization purposes. JWT can be used to monitor access to video conferences on Jitsi as well as implement custom roles and permissions. It also enforces authentication upon users for a more streamlined and secure experience. You can engage in the following steps in order to integrate JWT with Jitsi:
How to integrate JWT with Jitsi
For your convenience, “jitsi-meet.example.com” will be used as the domain throughout this blog. Please replace it with your domain and make changes accordingly.
- Change prosody config file in path: /etc/prosody/conf.d/jitsi-meet.example.com.cfg.lua
Add app_id and app_secret and save them.
authentication = "token";
app_id = "your_app_id";
app_secret = "your_app_secret";
allow_empty_token = false;
2. Change jicofo config file in path: /etc/jitsi/jicofo/jicofo.conf
3. Restart services.
sudo systemctl restart prosody.service
sudo systemctl restart jicofo.service
Generate a JWT token
Go to https://jwt.io
You will find three segments HEADER, PAYLOAD and VERIFY SIGNATURE
HEADER: ALGORITHM & TOKEN TYPE are included. Leave it as it is.
PAYLOAD: Contains information about the entity and additional metadata. Below is an example of a payload.
- avatar - add the URL of your client avatar
- name - name of your client
- email - email of your client
- iss - Your app_id (Added in prosody configuration file
- sub - Your xmpp domain (ex: jitsi-meet.example.com)
- exp - Your token expiration date in unix timestamp standard
- aud - Specifies the intended recipient of the token (the audience).
- nbf - The time before which the token is not valid in unix timestamp standard.
- room - Which rooms will be allowed by the token ('*' will make this token suitable for all the rooms)
- moderator - Whether to give moderator privilege or not to the user
VERIFY SIGNATURE: Add your app_secret here
Test the meeting
Copy the generated token (TOKEN) from https://jwt.io
Now initiate a meeting on Jitsi Meet by sending the generated TOKEN with the meeting URL: https://jitsi-meet.example.com/roomName?jwt=TOKEN
This process is uncomplicated and results in an added layer of security to your meetings on Jitsi, which increases authenticity as well as ensures the safety of the data shared within meetings. JWT is among some of the most optimal security tools available in the market. Others that can be integrated into Jitsi include Secure Domain, Single Sign On and LDAP. Your meetings on Jitsi are only a few straightforward steps away from being fully secured.