RocketChat + jitsi via token auth

Hi all,
i’m trying to integrate rocketchat and jitsi via jwt.

RocketChat version 2.1.0 running on CentOS Linux release 7.7.1908 64 bit

Jitsi version 1.0.3577-1 running on a Debian GNU/Linux 9.11 (stretch)

Every time i try to open a video chat i get an Autentication failed.

prosody.log show:

Oct 08 17:15:54 mod_bosh info New BOSH session, assigned it sid ‘db770fc0-c65b-4823-b836-7b354b30871b’
Oct 08 17:15:54 general warn Error verifying token err:not-allowed, reason:token required

I’m out of ideas

Regards

Matteo

Attached logs and conf files

Rocketchat conf:

Conf files (had to change . with _ )
/etc/prosody/conf.d/bbb_trasferimentoapplicativo.com.cfg_lua:
– Plugins path gets uncommented during jitsi-meet-tokens package install - that’s where token plugin is located
plugin_paths = { “/usr/share/jitsi-meet/prosody-plugins/” }

VirtualHost “bbb_trasferimentoapplicativo_com”
– enabled = false – Remove this line to enable this host
authentication = “token”
– Properties below are modified by jitsi-meet-tokens package config
– and authentication above is switched to “token”
app_id=“RocketChat”
app_secret="**"
– Assign this host a certificate for TLS, otherwise it would use the one
– set in the global section (if any).
– Note that old-style SSL on port 5223 only supports one certificate, and will always
– use the global one.
ssl = {
key = “/etc/prosody/certs/bbb_trasferimentoapplicativo_com_key”;
certificate = “/etc/prosody/certs/bbb_trasferimentoapplicativo_com_crt”;
}
– we need bosh
modules_enabled = {
“bosh”;
“pubsub”;
“ping”; – Enable mod_ping
}

    c2s_require_encryption = false

Component “conference_bbb_trasferimentoapplicativo_com” “muc”
storage = “null”
modules_enabled = { “token_verification” }
admins = { “focus@auth-bbb-trasferimentoapplicativo-com” }

Component “jitsi-videobridge.bbb-trasferimentoapplicativo-com”
component_secret = “**”

VirtualHost “auth-bbb-trasferimentoapplicativo-com”
ssl = {
key = “/etc/prosody/certs/auth-bbb-trasferimentoapplicativo-com-key”;
certificate = “/etc/prosody/certs/auth-bbb-trasferimentoapplicativo-com-crt”;
}
authentication = “internal_plain”

Component “focus-bbb-trasferimentoapplicativo-com”
component_secret = “**”

bbb-trasferimentoapplicativo-com-config.js
/* eslint-disable no-unused-vars, no-var /
var config = {
hosts: {
domain: ‘bbb-trasferimentoapplicativo-com’,
muc: ‘conference-bbb-trasferimentoapplicativo-com’
},
testing: {
enableFirefoxSimulcast: false,
p2pTestMode: false
},
disableSuspendVideo: true,
desktopSharingChromeExtId: null,
desktopSharingChromeSources: [ ‘screen’, ‘window’, ‘tab’ ],
desktopSharingChromeMinExtVersion: ‘0.1’,
channelLastN: -1,
enableWelcomePage: true,
enableUserRolesBasedOnToken: false,
p2p: {
enabled: true,
stunServers: [
{ urls: ‘stun:stun.l.google.com:19302’ },
{ urls: ‘stun:stun1.l.google.com:19302’ },
{ urls: ‘stun:stun2.l.google.com:19302’ }
],
preferH264: true
},
analytics: {
},
deploymentInfo: {
}
/
*
_immediateReloadThreshold
autoRecord
autoRecordToken
debug
debugAudioLevels
deploymentInfo
dialInConfCodeUrl
dialInNumbersUrl
dialOutAuthUrl
dialOutCodesUrl
disableRemoteControl
displayJids
etherpad_base
externalConnectUrl
firefox_fake_device
googleApiApplicationClientID
iAmRecorder
iAmSipGateway
microsoftApiApplicationClientID
peopleSearchQueryTypes
peopleSearchUrl
requireDisplayName
tokenAuthUrl
/
/
*
_peerConnStatusOutOfLastNTimeout
_peerConnStatusRtcMuteTimeout
abTesting
avgRtpStatsN
callStatsConfIDNamespace
callStatsCustomScriptUrl
desktopSharingSources
disableAEC
disableAGC
disableAP
disableHPF
disableNS
enableLipSync
enableTalkWhileMuted
forceJVB121Ratio
hiddenDomain
ignoreStartMuted
nick
startBitrate
/
};
/
eslint-enable no-unused-vars, no-var */

Can you grab a jwt token generated? Maybe drop in jwt.io and inspect contents?

if i click on video chat here is the url:
https://bbb.trasferimentoapplicativo.com/RocketChatKTZeRE6buz3Nq2FSLDAmmrgQ2RX45fYPivf9cwTLdW2rQuiKEvG?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJSb2NrZXRDaGF0Iiwic3ViIjoiYmJiLnRyYXNmZXJpbWVudG9hcHBsaWNhdGl2by5jb20iLCJpYXQiOjE1NzA2MDkwMTgsIm5iZiI6MTU3MDYwOTAxOCwiZXhwIjoxNTcwNjEyNjE4LCJhdWQiOiJSb2NrZXRDaGF0Iiwicm9vbSI6IlJvY2tldENoYXRLVFplUkU2YnV6M05xMkZTTERBbW1yZ1EyUlg0NWZZUGl2Zjljd1RMZFcyclF1aUtFdkciLCJjb250ZXh0Ijp7InVzZXIiOnsibmFtZSI6Im1hdHRlbyIsImVtYWlsIjoiaW5mb0Bkb25peC5pdCIsImF2YXRhciI6Imh0dHBzOi8vcm9ja2V0LnRyYXNmZXJpbWVudG9hcHBsaWNhdGl2by5jb20vYXZhdGFyL21hdHRlbyIsImlkIjoiREFtbXJnUTJSWDQ1ZllQaXYifX19.IlRqqOz3UK790ZBCx982LovwAUs47lcB4VeRtwJzKmg

And the jwt.io output is :

installing jitsi-meet docker version solved the problem.

Regards

I’m facing the same problem, but already with jitsi-docker installed. What are the .env JWT_ settings to make it work?

https://github.com/jitsi/docker-jitsi-meet/blob/master/README.md#authentication-using-jwt-tokens This looks to be the configuration