12/14/2023 0 Comments Jitsi meet jwt authenticationKey = "/etc/prosody/certs/.key" Ĭertificate = "/etc/prosody/certs/.crt" Here’s my /etc/prosody/ (trimmed down a bit): admins = Ĭomponent "" So why are my tokens returning “invalid json” in prosody when I try to use them with Jitsi? That seems to suggest that the token being passed into luajwtjitsi isn’t what I add to my URLs, because what I’m adding is valid JWT, quoted as the documentation says to: Local decoded, err = jwt.decode(token, key, true) Local token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiIqIiwiaXNzIjoidXByb3NwciIsInN1YiI6ImNoYXQudXByb3Nwci5jb20iLCJyb$ So I can’t find anything wrong with luajwtjitsi itself, if I pass tokens into it manually it decodes them correctly without issue, for example: local jwt = require "luajwtjitsi" I feel like if I could find where the exact error is coming from I might be able to figure out what’s going on, e.g- maybe it’s not being decoded from base64 properly first?Ĭan anyone point me in the right direction? I just can’t seem to find the right error message anywhere. There’s a util/a file that seems like the obvious place for JSON decoding, but it’s not exactly the most readable code (and I’m not especially familiar with Lua to begin with) but there’s nothing obvious that stands out that should fail for my tokens it seems to ignore whitespace, handle strings properly, and none of my strings contain anything strange.īut it also doesn’t contain an “invalid json” error anywhere, nor does any file in the source that I can find, could it be somewhere else?įrom what I can find it looks like if the error were with any of my values then I’d be getting a more specific error about an invalid audience, issuer etc., so the fact that it’s invalid json means the error must be occurring earlier, I just can’t figure out where. So I’m still struggling to figure out why the token is producing an “invalid json” error I’ve tried searching the prosody source code but can’t even find where the error might be originating. This one was encoded with the secret 80385194037914f which I’ve used for testing, the production secret is longer. In case it helps you any, here’s a variant of the token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiIqIiwiaXNzIjoidXByb3NwciIsInN1YiI6ImNoYXQudXByb3Nwci5jb20iLCJyb29tIjoiTXlDb21wYW55Q2FiZW9CYXRoZ2F0ZSJ9.-4u64dx4JThu-8iczuwA5q67FAOvUwasNUQ_MjvS7qg Yup, I’ve tried using a much shorter secret as well in case there was some kind of limit but no difference either.ĭoes prosody require the JSON to have any specific amount of whitespace or such? It looks like PHP’s json_encode is compact by default (no new-lines, indentation etc.). By default assuming that we have full MUC then '' should be used here.īut looking at the reason Invalid json … are you using the same secret to encode the token? Unfortunately not I used as the guide seemed to imply the sub-domain part wasn’t required: 'sub' contains the name of the domain used when authenticating with this token. The value of sub should be looking at your config. I’m using HS256 (SHA256) as the signing algorithm.Ĭheck that iss int the token is the same value as the one setup in your prosody config as app_id. That’s as simple as I could make it, yet prosody still complains that it is invalid JSON anyone have any ideas why that might be? The JWT token verifies correctly using the debugger at jwt.io, here’s a sample URL with a token that I’ve generated: "4FRVpJZNF_i_UyS3M-HSJVBvUqWNve-PSh_yo" I’m generating my tokens in PHP, and while the class I’m using to do-so is fairly simple, so is the JWT standard it’s just a case of creating JSON ( json_encode of an object in PHP) then encoding as base64 without any padding. This would suggest that the JSON form of my token is in some way malformed, or is not encoded properly, but if I decode it myself it all seems correct to me. I’m trying to configure a Jitsi Meet setup to use JWT authentication I’ve followed the guide for setting up and everything appears to be installed and configured correctly (prosody-trunk build 747, jitsi-meet-tokens installs etc.), however prosody isn’t accepting the tokens that I create, reporting an error as follows: general warn Error verifying token err:not-allowed, reason:Invalid json
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |