jitsi-admin icon indicating copy to clipboard operation
jitsi-admin copied to clipboard

Published 20 hours ago verified publisher icon H2-invent

question about the jitsi-admin API

Open dvision1979 opened this issue 2 years ago • 5 comments

Hi @holema,

Long time, no see. Everything ok?

I have a burning question: How can I obtain a JWT token from the API, or any other way, so that I can programmatically authenticate from another app against Jitsi iframe.

I need to also have access to the Jitsi iframe API, that's why I need the above.

EDIT: And yes, of-course I got a license, so that I can use the API. :)

dvision1979 avatar Aug 13 '22 13:08 dvision1979

Hello @danionescu2007 ,

It`s all good, we are working an some great new features of the jitsi-admin. I created your API-Key ;)

Up to now, there is no posibillity to get the JWT from the api. This can be an interesting feature but there are some security questions. Should we create a seperate API-endpont or should we add it to normal room-informations? I`m not sure what is the best solution.

The second question: I`m not sure what the reason for this use case is: If you build your own jitsi-iframe application with the JWT we can provide we api, you have full access to the Jitsi-Iframe API. In the jitsi-admin this is not possible, because we already consume the jitsi-iframe api.

holema avatar Aug 14 '22 08:08 holema

I just realized that is not that esay to giv you the JWT. The Problem is, that the JWT includes the name of the user, who wants to join the meeting. This name is not known up to now. And I dont`t think we should provide a moderator JWT with tha name of the organisator to almost everyone. This could lead to a security breach.

holema avatar Aug 14 '22 08:08 holema

Hi @holema and thanks for the answer.

There was only one question :)

Considering all the things all together, IMHO there should be a special api against which one should authenticate with API key along with the username and the password. This would ensure that some third party will never find out anything but what they already know ;). What do you think about this idea?

dvision1979 avatar Aug 14 '22 16:08 dvision1979

Hello @danionescu2007,

The authentication with username is not that easy, because we use the keycloak. so the client has to authenticate against the keycloak and then against the jitsi-admin. This is only possible via a seperate JWT.

For what exacly do you need the JWT. Is the user who will consome the meeting registered at the jitsi-admin too, or is the user an anonymous user.

holema avatar Aug 14 '22 17:08 holema

Hi @holema

The users are registered in jitsi-admin and need to authenticate to jitsi-server from another app. I don't want to give access to the users to jitsi-admin, give them only the JWT. This way I can administer time slots etc and they can get authorized as moderators in jitsi-server. Thanks.

dvision1979 avatar Aug 14 '22 19:08 dvision1979

closed because of inactivity

holema avatar May 28 '23 08:05 holema