docker-jitsi-meet icon indicating copy to clipboard operation
docker-jitsi-meet copied to clipboard

Published 20 hours ago verified publisher icon jitsi

JWT authentication not kept across rooms

Open cs35-owncloud opened this issue 4 years ago • 11 comments
trafficstars

Hello everyone,

I'm using the whole docker Jitsi environment on several servers with the stable-4857 and JWT authentication. It's working fine, we can generate the JWT token from Rocket.Chat to create rooms on Jitsi. Some of our users like to create a room coming from Rocket.Chat, the Jitsi room gets named after the Rocket.Chat room and then they hang up and create a new room in Jitsi with a convenient name for them. My point is that once they came from Rocket.Chat the JWT token is working on Jitsi all the time (until its expiration), from the welcome page or when changing directly the URL with a new room name.

I've been testing stable-6173 and the behavior is quite different. Users can still create a room from Rocket.Chat to Jitsi with the same name, but once they hang up, it's impossible to create a new room, the JWT token doesn't seem to be kept and the Jitsi popup jumps to ask fro credentials.

The Rocket.Chat token is not limited to a room name, I set it to use wildcard.

Is this a new feature of Jitsi ? Is there any way to keep the authentication on Jitsi with the JWT token (obviously until its expiration) ? If not, is it possible to have both the JWT token authentication and internal one so I can create some accounts ?

Feel free to ask for details, my explanations might be confusing. Thanks.

cs35-owncloud avatar Oct 14 '21 15:10 cs35-owncloud

Have you tried setting the ENABLE_AUTO_LOGIN env variable in jicofo?

saghul avatar Oct 14 '21 23:10 saghul

Hello @saghul,

thanks for your answer, I tried but no matter what, once I hang up, I can't create a room, the JWT token doesn't seem to be kept. Here's my .env configuration.

cs35-owncloud avatar Oct 15 '21 07:10 cs35-owncloud

I realized defaults to on, which means you should've gotten a session id that allows you to remain authenticated for a period of time, without a token. Maybe we have broken something there.

saghul avatar Oct 15 '21 07:10 saghul

I think so too that something is broken. At first I only changed the Docker Jitsi version to stable-6173 and the JWT Token wasn't working as expected anymore. I tried changing few parameters in Jitsi or Rocket.Chat to generate the token, but still, authentication didn't last. Do you need extra informations to fix it ? Thanks.

cs35-owncloud avatar Oct 15 '21 07:10 cs35-owncloud

I'll try to reproduce this.

saghul avatar Oct 15 '21 08:10 saghul

Thanks a lot @saghul

cs35-owncloud avatar Oct 15 '21 09:10 cs35-owncloud

Hello,

I just tried the new Jitsi version 6433, I thought that the issue about jicofo f748484 jicofo: add enable-auto-login config option could have fixed the JWT token problem, but it doesn't seem to change the behavior.

cs35-owncloud avatar Oct 22 '21 07:10 cs35-owncloud

I haven't had the time to look into this one yet.

saghul avatar Oct 22 '21 08:10 saghul

No problem, I just thought that the missing auto login in jicofo could have fixed this issue by itself.

cs35-owncloud avatar Oct 22 '21 11:10 cs35-owncloud

Hello, did you have some spare time to look at this issue ? Thanks.

cs35-owncloud avatar Dec 03 '21 07:12 cs35-owncloud

No, sorry.

saghul avatar Dec 03 '21 07:12 saghul