jitsi-meet: token_verification error after update

Description:

If I upgrade a JWT enabled Jitsi installation on Ubuntu 20.04.4 LTS from

  • ii jitsi-meet 2.0.7439-1 all WebRTC JavaScript video conferences
  • ii jitsi-meet-prosody 1.0.6260-1 all Prosody configuration for Jitsi Meet
  • ii jitsi-meet-tokens 1.0.6260-1 all Prosody token authentication plugin for Jitsi Meet
  • ii jitsi-meet-web 1.0.6260-1 all WebRTC JavaScript video conferences
  • ii jitsi-meet-web-config 1.0.6260-1 all Configuration for web serving of Jitsi Meet
  • ii jitsi-videobridge2 2.2-9-g8cded16e-1 all WebRTC compatible Selective Forwarding Unit (SFU)
  • hi prosody 0.11.13-1~focal1 amd64 Lightweight Jabber/XMPP server

to the current version 2.0.7577, JWT authentication is no longer working. In the Prosody log, I see this type of error:

token_verification error Token eyJ0eXAi..... not allowed to join

I did not update Prosody to 0.12.X, as this was not working before.

Do I need to update any config settings?

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Reactions: 3
  • Comments: 16 (6 by maintainers)

Most upvoted comments

You can set enable_domain_verification = false and it will work.

This is duplicate of https://github.com/jitsi/jitsi-meet/issues/11999 I will try to look at it next week.

The mix of jwt and guest domain was bever intended to work together. If that is the case it can be broken at anytime. While refactoring the authentication logic as a whole, we will take in mind this usecase and will offer a solution for it.

+3
damencho on Aug 19, 2022

We have a setup, where moderators with tokens should be allowed to create rooms, but guest should only be allowed to join existing rooms.

This was deeply discussed here: https://community.jitsi.org/t/jwt-tokens-and-guest-access/18119

The solution with the guest VirtualHost seemed to be the only solution for this case, which worked perfectly for us for years now.

What could be the breaking change in the last update?

Thanks so much!

+2
kiliankoller on Aug 6, 2022

OK, I solved the problem for the moderator. The requirements for the token seen to have changed with this update. I used this tool https://jitok.emrah.com/ for debugging.

Although, guest are still not able to join the open conference without a token, even though this block exists:

VirtualHost "guest.###HOSTNAME###" authentication = "token"; app_id="###HOSTNAME###" app_secret="###TOKEN_SECRET###" c2s_require_encryption = true; allow_empty_token = true;

This ist the error in the log: token_verification error token nil not allowed to join

+1
kiliankoller on Aug 6, 2022
Read more comments on GitHub
← jitsi-meet: Syntax error: word unexpected (expecting "in") when i run ./android/scripts/release-sdk.sh /tmp/repo
jitsi-meet: Too many open files, jvb becomes unavailable after some time →