Jitsi JWT Tokens authentication - Proactive Insights and Support For Open-Source Applications

This tutorial covers the details of configuring authentication using JWT tokens in Jitsi Meet.

Prerequisites:

Debian/Ubuntu VM

Jitsi Meet installed as a daemon

The problem with installing jitsi-meet-tokens is that libssl1.0-dev package is not available in Debian10, and has been replaced with libssl-dev. When installing jitsi-meet-tokens, luacrypto is installed as a dependency, and luacrypto does not work with libssl-dev.

The solution:

1. Install dependencies:

apt update
apt install git cmake luarocks libssl-dev liblua5.2

2. Install additional packages:

luarocks install basexx

3. Create a file called luajwtjitsi-1.3-7.rockspec with the following contents:

package = "luajwtjitsi"
version = "1.3-7"
>source = {
-- Use fork from ASolomatin which uses luaossl
url = "git://github.com/6bIBAET/luajwt/",
tag = "v1.7"
}
description = {
summary = "JSON Web Tokens for Lua",
detailed = "Very fast and compatible with pyjwt, php-jwt, ruby-jwt, node-jwt-simple and others",
homepage = "https://github.com/jitsi/luajwt/",
license = "MIT <http://opensource.org/licenses/MIT>"
}
dependencies = {
-- Prosody uses lua 5.2
"lua >= 5.2",
"luaossl >= 20190731-0",
-- Use exact version 2.1, see https://github.com/mpx/lua-cjson/issues/56
"lua-cjson = 2.1.0",
"lbase64 >= 20120807-3"
}
build = {
type = "builtin",
modules = {
luajwtjitsi = "luajwtjitsi.lua"
}
}

4. Install the file:

luarocks install luajwtjitsi-1.3-7.rockspec

5. Install jitsi-meet-tokens. You’ll be prompted to enter app_id and secret_key. You can use the following command to generate these:

hexdump -n 16 -e '4/4 "%08X" 1 "\n"' /dev/urandom

Install:

apt install jitsi-meet-tokens -y

6. Open /etc/prosody/conf.avail/$YOUR_DOMAIN.cfg.lua and search for your keys. Also make sure that module token_verification is enabled.

modules_enabled = ( "token_verification" )

Now you need to enter app_id and secret_key into your application.

In order to check whether the authentication is working manually:

1. Go to https://jwt.io/

2. Generate the following data:

HEADER:ALGORITHM & TOKEN TYPE
{
"alg": "HS256",
"typ": "JWT"
}

PAYLOAD:DATA
{
"aud": "jitsi",
"iss": "$YOUR_APP_ID",
"sub": "$YOUR_DOMAIN",
"room": "*"
}

VERIFY SIGNATURE
HMACSHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload),
$YOUR_SECRET_KEY
)

3. Go to YOURDOMAIN/YOUR_DOMAIN/YOURDOMAIN/YOUR_ROOM?jwt=$GENERATED_TOKEN

For a seamless, secure and supported deployment of Jitsi on the cloud marketplaces, provided by Hossted, click here.