This tutorial covers the details of configuring authentication using JWT tokens in Jitsi Meet.
Prerequisites:
- Debian/Ubuntu VM
- Jitsi Meet installed as a daemon
The problem with installing jitsi-meet-tokens
is that libssl1.0-dev
package is not available in Debian10, and has been replaced with libssl-dev
. When installing jitsi-meet-tokens
, luacrypto
is installed as a dependency, and luacrypto
does not work with libssl-dev
.
The solution:
1. Install dependencies:
apt update
apt install git cmake luarocks libssl-dev liblua5.2
2. Install additional packages:
luarocks install basexx
3. Create a file called luajwtjitsi-1.3-7.rockspec
with the following contents:
package = "luajwtjitsi"
version = "1.3-7"
>source = {
-- Use fork from ASolomatin which uses luaossl
url = "git://github.com/6bIBAET/luajwt/",
tag = "v1.7"
}
description = {
summary = "JSON Web Tokens for Lua",
detailed = "Very fast and compatible with pyjwt, php-jwt, ruby-jwt, node-jwt-simple and others",
homepage = "https://github.com/jitsi/luajwt/",
license = "MIT <http://opensource.org/licenses/MIT>"
}
dependencies = {
-- Prosody uses lua 5.2
"lua >= 5.2",
"luaossl >= 20190731-0",
-- Use exact version 2.1, see https://github.com/mpx/lua-cjson/issues/56
"lua-cjson = 2.1.0",
"lbase64 >= 20120807-3"
}
build = {
type = "builtin",
modules = {
luajwtjitsi = "luajwtjitsi.lua"
}
}
4. Install the file:
luarocks install luajwtjitsi-1.3-7.rockspec
5. Install jitsi-meet-tokens
. You’ll be prompted to enter app_id
and secret_key
. You can use the following command to generate these:
hexdump -n 16 -e '4/4 "%08X" 1 "\n"' /dev/urandom
Install:
apt install jitsi-meet-tokens -y
6. Open /etc/prosody/conf.avail/$YOUR_DOMAIN.cfg.lua
and search for your keys. Also make sure that module token_verification
is enabled.
modules_enabled = ( "token_verification" )
Now you need to enter app_id
and secret_key
into your application.
In order to check whether the authentication is working manually:
1. Go to https://jwt.io/
2. Generate the following data:
HEADER:ALGORITHM & TOKEN TYPE
{
"alg": "HS256",
"typ": "JWT"
}
PAYLOAD:DATA
{
"aud": "jitsi",
"iss": "$YOUR_APP_ID",
"sub": "$YOUR_DOMAIN",
"room": "*"
}
VERIFY SIGNATURE
HMACSHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload),
$YOUR_SECRET_KEY
)
3. Go to YOURDOMAIN/YOUR_DOMAIN/YOURD​OMAIN/YOUR_ROOM?jwt=$GENERATED_TOKEN
For a seamless, secure and supported deployment of Jitsi on the cloud marketplaces, provided by Hossted, click here.