Jitsi Meet - Allow only JWT token authentication and get rid of user and password authentication

Question

On my Jitsi Meet Prodody config file: ~/.jitsi-meet-cfg/prosody/config/conf.d

I have the following configuration:

admins = {
  "[email protected]",
  "[email protected]"
}

plugin_paths = { "/prosody-plugins/", "/prosody-plugins-custom" }
http_default_host = "meet.jitsi"

VirtualHost "meet.jitsi"

authentication = "token"
app_id = "this-is-my-app-id"
app_secret = "FF0AE1DEC0F36167A100CF0C234CF4A5"
allow_empty_token = false

ssl = {
  key = "/config/certs/meet.jitsi.key";
  certificate = "/config/certs/meet.jitsi.crt";
}
modules_enabled = {
  "bosh";
  "pubsub";
  "ping";
  "speakerstats";
  "conference_duration";
}

speakerstats_component = "speakerstats.meet.jitsi"
conference_duration_component = "conferenceduration.meet.jitsi"

c2s_require_encryption = false

VirtualHost "auth.meet.jitsi"
ssl = {
  key = "/config/certs/auth.meet.jitsi.key";
  certificate = "/config/certs/auth.meet.jitsi.crt";
}
authentication = "internal_hashed"

VirtualHost "recorder.meet.jitsi"
modules_enabled = {
  "ping";
}
authentication = "internal_hashed"

Component "internal-muc.meet.jitsi" "muc"
storage = "memory"
modules_enabled = {
  "ping";
}
muc_room_locking = false
muc_room_default_public_jids = true

Component "muc.meet.jitsi" "muc"
storage = "memory"
modules_enabled = {
  "muc_meeting_id";
  "token_verification";
}
muc_room_cache_size = 1000
muc_room_locking = false
muc_room_default_public_jids = true

Component "focus.meet.jitsi"
component_secret = "1380629bfbc47acef63de093bcf231ec"

Component "speakerstats.meet.jitsi" "speakerstats_component"
muc_component = "muc.meet.jitsi"

Component "conferenceduration.meet.jitsi" "conference_duration_component"
muc_component = "muc.meet.jitsi"

With that I'm able to authenticate via jwt token.

But if I don't specify any token, for example:

https://jitsi.mydummyserver.com/test

Then I get the following prompt asking for user and password:

Is there any way to only allow token authentication and get rid of that prompt at all?

Thanks!

Answer 1

You can set an endpoint for token generation on tokenAuthUrl in /etc/jitsi/meet/<fqdn>-config.js file.

tokenAuthUrl is currently undocumented. You can check pull request for tokenAuthUrl here

If you want to completely redirect if the meeting URL doesn't contain a JWT token, then you can write a simple Nginx or Apache rules in server configuration.

Since the meeting URL is in https://meet.example.com?jwt=<token> format, the Nginx configuration rule will be like

location / {

    set $url 1;    

    if ($arg_jwt = ''){
        set $url 0;
    }   

    if ($url = 1){
        return 301 https://$host$request_uri;
    }

    return 301 https://example.com;
 
}

This will redirect to example.com if the meeting URL doesn't contain a JWT query parameter & even if the user tries to bypass Nginx rule by appending a jwt auery parameter at the end of the meeting URL, the access will be denied since, the JWT is invalid.