Hi all,
i’m trying to integrate rocketchat and jitsi via jwt.
RocketChat version 2.1.0 running on CentOS Linux release 7.7.1908 64 bit
Jitsi version 1.0.3577-1 running on a Debian GNU/Linux 9.11 (stretch)
Every time i try to open a video chat i get an Autentication failed.
prosody.log show:
| Oct 08 17:15:54 mod_bosh | info | New BOSH session, assigned it sid ‘db770fc0-c65b-4823-b836-7b354b30871b’ |
|---|---|---|
| Oct 08 17:15:54 general | warn | Error verifying token err:not-allowed, reason:token required |
I’m out of ideas
Regards
Matteo
Attached logs and conf files
Rocketchat conf:
Conf files (had to change . with _ )
/etc/prosody/conf.d/bbb_trasferimentoapplicativo.com.cfg_lua:
– Plugins path gets uncommented during jitsi-meet-tokens package install - that’s where token plugin is located
plugin_paths = { “/usr/share/jitsi-meet/prosody-plugins/” }
VirtualHost “bbb_trasferimentoapplicativo_com”
– enabled = false – Remove this line to enable this host
authentication = “token”
– Properties below are modified by jitsi-meet-tokens package config
– and authentication above is switched to “token”
app_id=“RocketChat”
app_secret="**"
– Assign this host a certificate for TLS, otherwise it would use the one
– set in the global section (if any).
– Note that old-style SSL on port 5223 only supports one certificate, and will always
– use the global one.
ssl = {
key = “/etc/prosody/certs/bbb_trasferimentoapplicativo_com_key”;
certificate = “/etc/prosody/certs/bbb_trasferimentoapplicativo_com_crt”;
}
– we need bosh
modules_enabled = {
“bosh”;
“pubsub”;
“ping”; – Enable mod_ping
}
c2s_require_encryption = false
Component “conference_bbb_trasferimentoapplicativo_com” “muc”
storage = “null”
modules_enabled = { “token_verification” }
admins = { “focus@auth-bbb-trasferimentoapplicativo-com” }
Component “jitsi-videobridge.bbb-trasferimentoapplicativo-com”
component_secret = “**”
VirtualHost “auth-bbb-trasferimentoapplicativo-com”
ssl = {
key = “/etc/prosody/certs/auth-bbb-trasferimentoapplicativo-com-key”;
certificate = “/etc/prosody/certs/auth-bbb-trasferimentoapplicativo-com-crt”;
}
authentication = “internal_plain”
Component “focus-bbb-trasferimentoapplicativo-com”
component_secret = “**”
bbb-trasferimentoapplicativo-com-config.js
/* eslint-disable no-unused-vars, no-var /
var config = {
hosts: {
domain: ‘bbb-trasferimentoapplicativo-com’,
muc: ‘conference-bbb-trasferimentoapplicativo-com’
},
testing: {
enableFirefoxSimulcast: false,
p2pTestMode: false
},
disableSuspendVideo: true,
desktopSharingChromeExtId: null,
desktopSharingChromeSources: [ ‘screen’, ‘window’, ‘tab’ ],
desktopSharingChromeMinExtVersion: ‘0.1’,
channelLastN: -1,
enableWelcomePage: true,
enableUserRolesBasedOnToken: false,
p2p: {
enabled: true,
stunServers: [
{ urls: ‘stun:stun.l.google.com:19302’ },
{ urls: ‘stun:stun1.l.google.com:19302’ },
{ urls: ‘stun:stun2.l.google.com:19302’ }
],
preferH264: true
},
analytics: {
},
deploymentInfo: {
}
/*
_immediateReloadThreshold
autoRecord
autoRecordToken
debug
debugAudioLevels
deploymentInfo
dialInConfCodeUrl
dialInNumbersUrl
dialOutAuthUrl
dialOutCodesUrl
disableRemoteControl
displayJids
etherpad_base
externalConnectUrl
firefox_fake_device
googleApiApplicationClientID
iAmRecorder
iAmSipGateway
microsoftApiApplicationClientID
peopleSearchQueryTypes
peopleSearchUrl
requireDisplayName
tokenAuthUrl
/
/*
_peerConnStatusOutOfLastNTimeout
_peerConnStatusRtcMuteTimeout
abTesting
avgRtpStatsN
callStatsConfIDNamespace
callStatsCustomScriptUrl
desktopSharingSources
disableAEC
disableAGC
disableAP
disableHPF
disableNS
enableLipSync
enableTalkWhileMuted
forceJVB121Ratio
hiddenDomain
ignoreStartMuted
nick
startBitrate
/
};
/ eslint-enable no-unused-vars, no-var */
