JSON Web Token (JWT) is an open standard (RFC 7519) that specifies a compact and self-contained method which can be used for securely sharing information between two parties by authenticating user access.

Once a user is logged in, each future request will contain the JWT, allowing the user to access services and resources that are accessible with that token.

JWT based authentication with Jitsi Meet requires your business application to generate a JSON Web Token when you schedule a meeting that can be sent (attached with the meeting URL and generated token) to the user in order to have a secure audio and video conferencing. Users can join the meeting by simply clicking on the link and join the meeting without waiting at the meeting lobby to be authorized by the Moderator without manually providing any other username or password. This way no zoom bombing sort of users can also join even though they would know the meeting URL as there is a username and password individually protecting your meetings.

The procedure will be as follows:

Image1

Enabling jwt authentication with jitsi meet

Step 1: Uninstall old Lua dependencies

  • Lua5.1
  • Liblua5.1-0
  • Liblua5.1-dev
  • Luarocks

Step 2: Updating Sources

  • path: /etc/apt/sources.list
  • Add the following line
deb http://security.ubuntu.com/ubuntu bionic-security main)

Step 3: Download packages information from configured source

 sudo apt-get -y update

Step 4: Install Lua Dependencies

  • Git
  • Unzip
  • Lus5.2
  • Liblua5.2-0
  • Liblua5.2-dev
  • Luarocks
  • Libss11.0-dev

Step 5: install lua cJson

 luarocks install luacrypt
mkdir -p /tmp/src)
cd /tmp/src
git clone https://github.com/mpx/lua-cjson.git
cd lua-cjson
sed -i 's/lua_objlen/lua_rawlen/g' lua_cjson.c
sed -i 's|$(PREFIX)/include|/usr/include/lua5.2|g' Makefile
luarocks make
luarocks install luajwtjits

Step 6: Install basexx

 luarocks install basexx

Step 7 : Installing token plugin

 apt-get install jitsi-meet-tokens

Step 8 : Configure prosody

  • Open /etc/prosody/conf.avail/YOUR_DOMAIN.cfg.lua
  • Under your domain configuration change authentication to "token" and provide application ID, secret
    VirtualHost "jitmeet.your_domain.com"
    authentication = "token";
    app_id = "your_app_id";
    app_secret = "your_app_secret";
    allow_empty_token = false;

After JWT installation you may ask for a username and password when you are going to initiate a meeting.

Image2

By generating JWT and sending it with your meeting URL as a post request it will allow you to initiate a meeting. It can be checked as follows

Testing

Generate a JSON Web Token

For testing your Jitsi with JWT installation you will need a token

Generate your JWT with your domain name, app id and app secret (You can get those parameters from your prosody configuration file) by login https://jwt.io/

  • HEADER: ALGORITHM & TOKEN TYPE are included
    Leave it as it is

  • PAYLOAD: DATA is included. Most of the information consists of the payload section. Token data such as user name, date of token generation or expiry date, user's rights on the application pass through payload
    To generate the payload section following parameters should be replaced with your client and application data.

    Client data:
    - avatar - add the URL of your client avatar
    - name - name of your client
    - email - email of your client
    
    
    Application data:
    - iss - Your app_id (can be copied from prosody configuration file)
    - sub - your xmpp domain  (can be copied from prosody configuration file)
    - exp - your token expiration date in unix timestamp standard
    
{
  "context": {
    "user": {
      "avatar": "your_client_avatar_url",
      "name": "your_client_name",
      "email": "your_client_email"
    }
  },
  "moderator": true,
  "aud": "jitsi",
  "iss": "your_app_id",
  "sub": "jitmeet.your_domain.com",
  "room": "*",
  "exp": 1643498815
}
  • VERIFY SIGNATURE

    Add your app secret here

Check your access with JWT

Now initiate a meeting on Jitsi Meet by sending the generated token with the meeting URL:

https://YOUR_DOMAIN/jwt_test_room?jwt=YOUR_TOKEN

Having trouble setting up JWT tokens for your setup? please contact us via hello@meetrix.io or the contact us

Reach us for more services

Updated:

Leave a Comment