How can I implement the jwt token prosody plugin in my Docker self-hosted Jitsi server for my Android application?

1.9k views Asked by At

I am trying to develop an Android application which integrates Jitsi for video conferencing. Normally, a room name is chosen and a room is created. However, anyone that knows or guesses the room name can join the call. In order to prevent this, I want to put a jwt token for conference rooms. I found a link that explains jwt token process for jitsi-meet.

The link is this: https://github.com/jitsi/lib-jitsi-meet/blob/master/doc/tokens.md In this link I do not understand about three concepts:

Manual plugin configuration Modify your Prosody config with these three steps:

\1. Adjust plugin_paths to contain the path pointing to jitsi meet Prosody plugins location. That's where plugins are copied on jitsi-meet-token package install. This should be included in global config section(possibly at the beginning of your host config file).

plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }
Also optionally set the global settings for key authorization. Both these options default to the '*' parameter which means accept any issuer or audience string in incoming tokens

asap_accepted_issuers = { "jitsi", "some-other-issuer" }
asap_accepted_audiences = { "jitsi", "some-other-audience" }
\2. Under you domain config change authentication to "token" and provide application ID, secret and optionally token lifetime:

VirtualHost "jitmeet.example.com"
    authentication = "token";
    app_id = "example_app_id";             -- application identifier
    app_secret = "example_app_secret";     -- application secret known only to your token
                                           -- generator and the plugin
    allow_empty_token = false;             -- tokens are verified only if they are supplied by the client
Alternately instead of using a shared secret you can set an asap_key_server to the base URL where valid/accepted public keys can be found by taking a sha256() of the 'kid' field in the JWT token header, and appending .pem to the end

VirtualHost "jitmeet.example.com"
    authentication = "token";
    app_id = "example_app_id";                                  -- application identifier
    asap_key_server = "https://keyserver.example.com/asap";     -- URL for public keyserver storing keys by kid
    allow_empty_token = false;                                  -- tokens are verified only if they are supplied
\3. Enable room name token verification plugin in your MUC component config section:

Component "conference.jitmeet.example.com" "muc"
    modules_enabled = { "token_verification" }

In these three instructions, the words "host config file", "domain config file" and "MUC component config section". What are these? I do not know where to do these cahnges.

1

There are 1 answers

0
Progressify On

I think my reply arrives a little bit late, but I try the same to give my contribution :)

If you have installed Jitsi in "classic" way (without docker):

  • host config file: /etc/prosody/prosody.cfg.lua
  • domain config file: /etc/prosody/conf.d/<your_domain_name>.cfg.lua
  • MUC component config section: always in /etc/prosody/conf.d/<your_domain_name>.cfg.lua search the section that starts with Component "conference.<your_domain_name>" "muc"

I hope you have resolved your doubts :)