jitsi-openid icon indicating copy to clipboard operation
jitsi-openid copied to clipboard

Published 20 hours ago verified publisher icon MarcelCoding

Problems with Jitsi 7577

Open DanielMalmgren opened this issue 2 years ago • 3 comments

Hi. You haven't by any chance tested jitsi-openid with Jitsi 7577? After upgrading I just get "You are not allowed to be here!" when I try to enter any room. In the Prosody log I get the following

prosody_1 | muc.meet.jitsi:token_verification error Token eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjb250ZXh0Ijp7InVzZXIiOnsiaWQiOiJyZWRhY3RlZCIsImVtYWlsIjoicmVkYWN0ZWQiLCJhZmZpbGlhdGlvbiI6bnVsbCwibmFtZSI6IkRhbmllbCBNYWxtZ3JlbiIsImF2YXRhciI6bnVsbH0sImdyb3VwIjpudWxsfSwiYXVkIjoiaml0c2kiLCJpc3MiOiJqaXRzaSIsInN1YiI6ImppdHNpX3Rlc3RfYXBwX2lkIiwicm9vbSI6IioiLCJpYXQiOjE2NjAxMzEyNzEsImV4cCI6MTY2MDIxNzY3MX0.JGaMHRalHIrLxoFdMA6FONwJXqYwv2k1bwKmZeaHMpg not allowed to join: [email protected]/5a792dc6

Everything works fine when rolling back to 7439, so I guess something happened between those versions.

DanielMalmgren avatar Aug 10 '22 12:08 DanielMalmgren

Ok, asked in the Jitsi community as well (here) and the sub was the problem. I had the JITSI_SUB set to the same as the JWT_APP_ID according to the readme, but it seems to be wrong. I set it to simply "*" now and it works. So it looks to me the problem is within your readme?

Also look at https://github.com/jitsi/lib-jitsi-meet/blob/master/doc/tokens.md#token-structure

DanielMalmgren avatar Aug 10 '22 12:08 DanielMalmgren

Hi, I myself don't actually run a jitsi. (I am planning) This project was initially developed for a friend of mine. My friend is a bit slow when it comes to keeping software up to date.

Did I understand it correctly? The sub should be the domain of jitsi? (If yes, this error wouldn't be discovered by my friend because we all always use the domain as the client id)

I don't quite understand the part of the documentation. I took the information from above from the provided example: https://github.com/jitsi/lib-jitsi-meet/blob/master/doc/tokens.md#payload

MarcelCoding avatar Aug 10 '22 15:08 MarcelCoding

I have to admit I don't really understand it either... I don't understand the meaning of JWT_APP_ID at all, I have just had it set to some test default value and everything has worked fine. But now I tried changing it to my hostname and setting your JITSI_SUB to the same and it didn't work either. So actually the only value that I have succeeded in using for JITSI_SUB after upgrading to 7577 is "*". Which works fine for me but I'm not sure if it means I'm introducing some security problem...

DanielMalmgren avatar Aug 10 '22 16:08 DanielMalmgren