Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[NEW] Jitsi meet room access via a token #12259

Conversation

alonelion1987
Copy link
Contributor

Hello team!

closes #7611

This solves the problem with external JWT- authorization. If the application Jitsi-Meet is configured on your server with mandatory authorization through JWT- tokens, then in your RocketChat, in the settings, you can specify your domain, enable JWT- authorization, specify the application identifier ("iss") and the secret key application. When creating a videoconference in your RocketChat through Jitsi, a one-hour token will be created with the context of this authorized user in your RocketChat and authorized in your Jitsi-Meet app. You can read more about JWT- authorization here https://github.com/jitsi/lib-jitsi-meet/blob/master/doc/tokens.md.

1538557130558

In the admin panel, in the Video conferencing tab, the "Enable JWT-authorization" section and two fields appear. In order to create the correct token, you need a special application identifier and a secret which is needed to verify the signature (you get these two parameters when you configure your server Jitsi to authenticate through tokens).

Thus, you can specify your server Jitsi ("domain" field) and these special parameters in order to create only your own truly closed conference!

Copy link

@pokrak pokrak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can not wait for this functionality. It is very important to me

@tassoevan tassoevan requested review from rodrigok and ggazzo December 7, 2018 18:52
@sebathi
Copy link

sebathi commented Jan 18, 2019

It will be nice to have this implemented! Thanks for your great work!!

strima added a commit to strima/Rocket.Chat that referenced this pull request Feb 12, 2019
@julienmoinard
Copy link

It will be nice to have this implemented because I need this too 👍
Thanks a lot for your nice work!!

@kristjankullerkann
Copy link
Contributor

👍

@geekgonecrazy
Copy link
Contributor

Do you know if jitsi’s mobile applications support this? We actually as of today have jitsi working inside of both iOS app and Android. This seems like a great and very simple way to control access to jitsi rooms on top of the obscure url

@engelgabriel engelgabriel added this to the 1.1.0 milestone Apr 2, 2019
@engelgabriel engelgabriel requested a review from Hudell April 2, 2019 19:30
@geekgonecrazy
Copy link
Contributor

@rafaelks what would make this easiest for mobile? Would it be easier if could request meeting url and it came to you fully built with jwt? From what I can tell right now are manually putting the url together

@rafaelks
Copy link
Contributor

rafaelks commented Apr 9, 2019

@rafaelks what would make this easiest for mobile? Would it be easier if could request meeting url and it came to you fully built with jwt? From what I can tell right now are manually putting the url together

@geekgonecrazy We are currently building the URL client-side, and we can keep doing that, but I know we have some ideas to generate a URL on an API call and use this result in all clients.

@geekgonecrazy
Copy link
Contributor

but I know we have some ideas to generate a URL on an API call and use this result in all clients.

@rafaelks exactly thats why I wonder if this would be best way to move this forward. Provide an endpoint mobile and web can both call to get the jitsi url and it can construct the url for you.

@geekgonecrazy
Copy link
Contributor

geekgonecrazy commented Apr 9, 2019

Ok fixed the major conflicts on this PR, as well as added a setting to limit token to the room as an option. So that a token can be made valid only for the room it was generated.

Since Rocket.Chat generates the token and no end users have this key... If you force token validation on the jitsi side... they will be unable to go into a room they haven't been explicitly allowed access to.

So Rocket.Chat's room membership can be used as criteria to join a jitsi meeting

@SamuelMuloki
Copy link

SamuelMuloki commented May 14, 2019

@rodrigok Any updates on this pull request and when it will be merged??

@engelgabriel engelgabriel modified the milestones: 1.2.0, 1.3.0 Jul 10, 2019
@raziel900
Copy link

is this still alive please? Would be great for our environment

@geekgonecrazy geekgonecrazy force-pushed the jitsi-meet_login_credentials_issue_7611 branch from dd4d94e to 653d56b Compare July 27, 2019 02:22
@geekgonecrazy geekgonecrazy force-pushed the jitsi-meet_login_credentials_issue_7611 branch from 653d56b to f2a4697 Compare July 27, 2019 02:26
@geekgonecrazy geekgonecrazy changed the title [NEW] Jitsi meet login credentials issue (append token auth in jitsi videoconference) [NEW] Jitsi meet room access via a token Jul 28, 2019
@geekgonecrazy geekgonecrazy merged commit 2423511 into RocketChat:develop Aug 9, 2019
Kailash0311 pushed a commit to WideChat/Rocket.Chat that referenced this pull request Aug 21, 2019
* [NEW] Service Account Admin Settings and Configuration files added

* Service Account Creation dialog added

* [NEW] Service Account Creation method

* Service Account owner username update method added

* Fixed CLI errors

* Fixed CLI errors

* Service Account creation heading fixed

* Service Account broadcast room callback added

* Service Account creation method refactored

* Service Account Callback completed

* Typos fixed

* CLI errors fixed

* [NEW] Service Account one-tap login complete

* Callbacks modified

* Service Accounts directory tab added

* Refactored creation method and added tests

* CLI errors fixed

* CLI errors fixed

* Bugs fixed

* [NEW] Service Accounts Login method

* Typo fixed

* CLI errors fixed

* CLI errors fixed

* [New] Service Account directory feature

* CLI errors fixed

* UsernameExists meteor method fixed

* Sync commit

* [NEW] Service Account subscription method added

* [NEW] Service Account Broadcast Feature Added

* [NEW] Service Account Broadcast Feature Added

* [NEW] Service account subscription sidenav type

* Broadcast Room name change handled

* Lint errors fixed

* getLoginToken method refactored

* Console statements removed

* Sidebar header permission modified

* Merge branch service-accounts

* Added service account directory search translation key

* Subscribers count added

* [NEW] Service Account sidenav type

* [FIX] Not showing local app on App Details (RocketChat#14894)

* Bump version to 1.2.1

* Unread counter added in popver

* Get linked service account method added

* Partial rate limiter added

* Added unread counter

* Fixed CLI errors

* Broadcast feature added

* [FIX] Custom status displayed on room leader panel (RocketChat#14958)

* [FIX] LDAP login with customField sync (RocketChat#14808)

Closes RocketChat#14661

* [FIX] Prevent error on trying insert message with duplicated id (RocketChat#14945)

* [FIX] OTR key icon missing on messages (RocketChat#14953)

* [FIX] Method `getUsersOfRoom` not returning offline users if limit is not defined (RocketChat#14753)

* [IMPROVE] Remove too specific helpers isFirefox() and isChrome() (RocketChat#14963)

* [FIX] Jump to message missing in Starred Messages (RocketChat#14949)

* [IMPROVE] Update tabs markup (RocketChat#14964)

* [FIX] Loading indicator positioning (RocketChat#14968)

* Remove broken markup

* Recover lost class

* [FIX] load more messages (RocketChat#14967)

* [FIX] eternal loading file list (RocketChat#14952)

* [FIX] 50 custom emoji limit (RocketChat#14951)

* Bump jquery from 3.3.1 to 3.4.0 in /packages/rocketchat-livech… (RocketChat#14922)

Bumps [jquery](https://github.com/jquery/jquery) from 3.3.1 to 3.4.0.
- [Release notes](https://github.com/jquery/jquery/releases)
- [Commits](jquery/jquery@3.3.1...3.4.0)

Signed-off-by: dependabot[bot] <[email protected]>

* [FIX] Allow storing the navigation history of unregistered Livechat visitors (RocketChat#14970)

* Remove validations before storing visitor navigation history.

* Removed unused imports.

* Update GPG key

* [FIX] Wrong label order on room settings (RocketChat#14960)

* [FIX] Chrome doesn't load additional search results when botto… (RocketChat#14965)

* fix scroll

* fix review

* ops

* [IMPROVEMENT] patch to improve emoji render (RocketChat#14722)

* path to improve emoji render

* Apply suggestions from code review

Co-Authored-By: Tasso Evangelista <[email protected]>

* Regression: patch to improve emoji render (RocketChat#14980)

This reverts commit b395b50.

* [FIX] Users staying online after logout (RocketChat#14966)

* Remove unused dependency (lokijs) (RocketChat#14973)

* Bump juice version to 5.2.0 (RocketChat#14974)

* Bump node-rsa version to 1.0.5 (RocketChat#14976)

* Bump photoswipe version to 4.1.3 (RocketChat#14977)

* Remove unused Meteor dependency (yasinuslu:blaze-meta) (RocketChat#14971)

* Bump marked from 0.5.2 to 0.6.1 (RocketChat#14969)

* Bump marked from 0.5.2 to 0.6.1

Bumps [marked](https://github.com/markedjs/marked) from 0.5.2 to 0.6.1.
- [Release notes](https://github.com/markedjs/marked/releases)
- [Commits](markedjs/marked@v0.5.2...v0.6.1)

Signed-off-by: dependabot[bot] <[email protected]>

* Update package-lock

* [IMPROVE] Federation routes RocketChat#14972

* [IMPROVE] Extract federation config to its own file (RocketChat#14992)

* Revert "[IMPROVE] Federation routes RocketChat#14972"

* Extract federation config logic to its own file

* Service account configurable approval process

* Improve Docker compose readability (RocketChat#14457)

* [FIX] Not being able to mention users with "all" and "here" usernames - do not allow users register that usernames (RocketChat#14468)

* [FIX] Custom User Status throttled by rate limiter (RocketChat#15001)

* [FIX] CustomOauth Identity Step errors displayed in HTML format (RocketChat#15000)

* Service account message alert added

* Lint errors fixed

* fixed browseChannels method

* fixed browseChannels method

* Service Account Notification fixed

* [IMPROVE] Add flag to identify remote federation users (RocketChat#15004)

* added isRemote flag to users

* set isRemote on peers collection
* moved some finds to its models
* use new raw model

* Add more indeces and model methods

* [FIX] Always displaying jumbomojis when using "marked" markdown (RocketChat#14861)

* relocate some of wizard info to register (RocketChat#14884)

* [NEW] Webdav File Picker (RocketChat#14879)

* [FIX] Invite users auto complete cropping results (RocketChat#15020)

* [FIX] Edit permissions screen (RocketChat#14950)

* fix layout still missing js

* Change publication to REST call

* Add default fields to exclude

* Use fixed fields

* Deprecate publication instead of removing it

* ui fix

* fix review

* Deprecate publication instead of removing it

* Prevent adding invalid users to role

* New: Apps and integrations statistics (RocketChat#14878)

* Add Apps and integrations infos to statistics

* Add stats for integrations with script enabled

* [FIX] Livechat dashboard average and reaction time labels (RocketChat#14845)

* [FIX] Edit message with arrow up key if not last message (RocketChat#15021)

* [IMPROVE] Connectivity Services License Sync (RocketChat#15022)

* Add workspace sync to cron job to keep license, access token, and marketplace key in sync

* Always convert the sha256 password to lowercase on checking (RocketChat#14941)

* Convert the sha256 pass to lowercase always

* Change password case on save user profile as well

* [FIX] SVG uploads crashing process (RocketChat#15006)

* Update package.json with newer sharp dependency

Shall Fix RocketChat#14944 
The underlying issue seems to be in sharp versions <0.22.x

* Update package-lock

* Fix statistics error for apps on first load (RocketChat#15026)

* [NEW] Setting to configure custom authn context on SAML requests (RocketChat#14675)

* [NEW] Accept multiple redirect URIs on OAuth Apps (RocketChat#14935)

* [NEW] Settings to further customize GitLab OAuth (RocketChat#15014)

Co-Authored-By: Hajo Möller <[email protected]>

* Add missing French translation (RocketChat#15013)

Add Message_AllowConvertLongMessagesToAttachment translation

* [FIX] users.setStatus REST endpoint not allowing reset status message (RocketChat#14916)

* [NEW] Options to filter discussion and livechat on Admin > Rooms (RocketChat#15019)

* [FIX] Typo in german translation (RocketChat#14833)

* Wrong text when reporting a message (RocketChat#14515)

* [FIX] Message attachments not allowing float numbers (RocketChat#14412)

* Fix russian grammatical errors in i18n (RocketChat#14622)

* [NEW] Deprecate MongoDB version 3.2 (RocketChat#15025)

* [NEW] Subscription enabled marketplace (RocketChat#14948)

* Show the subscription apps different from regular purchase prices

* Update app download calls return a Buffer directly

* Add X-Apps-Engine-Version header to marketplace requests

* Add getActiveUserCount method to apps-engine user bridge

* Add distinction  for purchase type on apps list

* Fix the issues with displaying subscriptions

* Remove external federated users from active user count

* Fix usage of federation module

* Change app installation to validate license

* Change the bridges to correctly query the workspace public key

* Change marketplaceUrl to marketplace-beta

* Update Apps and Marketplace styles (temp)

* Update price column on Marketplace

* Update status column on Marketplace

* Fix Marketplace app list update

* Remove log from client orchestrator

* Refactor server orchestrator

* Change rest api for license validation

* Add popover to Marketplace app list

* Add card (subscription) icon

* Update active user count method

* Update appManage template (partial)

* Update appManage template

* Add missing i18n strings

* Add cron routine to update apps info

* Add options parameter to new methods on model Users

* Revert testing settings

* Bump Apps-Engine version

* [NEW] Show helpful error when oplog is missing (RocketChat#14954)

* Show helpful error when oplog is missing

* Remove unused files

* Bump version to 1.3.0-rc.0

* Service Account bugs fixed

* Service Account bugs fixed

* Login bug fixed

* Username exists error test for service account added

* Regression: Framework version shouldn't be applied to the request to get an app's versions (RocketChat#15039)

* Regression: fix code style, setup wizard error and profile page header (RocketChat#15041)

* Bump version to 1.3.0-rc.1

* Update Livechat widget (RocketChat#15046)

* Service Account logout fixed

* Bump version to 1.3.0-rc.2

* [FIX] Not sanitized message types (RocketChat#15054)

* Regression: Webdav File Picker search and fixed overflows (RocketChat#15027)

* fix multiple calls (RocketChat#15060)

* Regression: getSetupWizardParameters (RocketChat#15067)

* Bump version to 1.3.0-rc.3

* Regression: Apps and Marketplace UI issues (RocketChat#15045)

* Alert admins about apps on invalid state

* Implement ui for warning and error alerts in apps

* Open detail modal on viewing subscription info instead of the subscribe one.  Check license after close

* Implement ui for failed state of apps in detail screen

* Add failure alert support into appManage

* Show validation erros/warnings on app detail page

* Add status column to apps template

* Update uninstall modal

* Notify admins of disabled apps with valid licenses

* Regression: uninstall subscribed app modal (RocketChat#15077)

* Add option to change cancel button color on modal

* Avoid an extra modal when uninstalling subscribed app

* Regression: Marketplace app pricing plan description (RocketChat#15076)

Co-Authored-By: Diego Sampaio <[email protected]>

* Regression: displaying errors for apps not installed from Marketplace (RocketChat#15075)

* Regression: Improve apps bridges for HA setup (RocketChat#15080)

* Bump version to 1.3.0-rc.4

* Bump version to 1.3.0

* Bump version to 1.4.0-develop

* [BREAK] Replace tap:i18n to add support to 3-digit locales (RocketChat#15109)

* Remove tap-i18n source code

* Replace all references to new package rocketchat:tap-i18n

* Replace package francocatena:status by own template

* Add translations for status messages

Closes RocketChat#15090
Closes RocketChat#3712

* Add support to 3-digit locale

* [FIX] cachedcollection calling multiple times SYNC (RocketChat#15104)

* fixed cachedcollection calling multiple times

* fix tests

* fix review

* Improve url validation inside message object (RocketChat#15074)

* LingoHub based on develop (RocketChat#15115)

* LingoHub Update 🚀

Manual push by LingoHub User: Diego Sampaio.
Project: Rocket.Chat

Made with ❤️ by https://lingohub.com

* Add new step to build Docker image from PRs for production again (RocketChat#15124)

* Fix automated test for manual user activation (RocketChat#14978)

* Allow file upload paths on attachments URLs (RocketChat#15121)

* [FIX] Direct Message names not visible on Admin panel (RocketChat#15114)

* [FIX] Custom emoji limit table scroll (RocketChat#15119)

* [IMPROVE] Message tooltips as everyone else (RocketChat#15135)

* Regression: cachedCollection wrong callback parameters (RocketChat#15136)

* Update pt-BR.i18n.json (RocketChat#15083)

Fix wrong word.

* removed unwanted code (RocketChat#15078)

* [FIX] Remove new hidden file and fix for .env files for Snap (RocketChat#15120)

* [FIX] Prevent to create discussion with empty name (RocketChat#14507)

* [FIX] Threads contextual bar button visible even with threads disabled (RocketChat#14956)

* Update to version 2.0.0-develop (RocketChat#15142)

* Fix custom auth (RocketChat#15141)

* [NEW] Jitsi meet room access via a token (RocketChat#12259)

* closes RocketChat#7611 - append token auth in jitsi videoconference

* Ádd missing imports

* Fix imports and jws dep

* Add option to limit the token validity to the room that it was generated for

* use canAccessRoom for jitsi:generateAccessToken to prevent abuse

* fix diff in jitsi external api

* Make settings not public

* Add wreiske to catbot config (RocketChat#15147)

* [NEW] Integrate DEEPL translation service to RC core (RocketChat#12174)

* service extension for deepl

* Add translations

* Add lint-fix-command

* Adhere to new linting rules

* Hard code service enpoint URLs of providers
Having it as a setting increases complexity (user has to enter the URL by himself) without significant benefit.
If the URL changes, the code has to be adapted anyway

* Fix translation of attachment descriptions by DeepL

* Fix getSupportedLanguages by Google

* move renameSetting to Settings model

* Add migrations for rename settings

* update package.json

* Fix formatting to make consistent with the other code

* Add additional comments

* Use active provider for context menu translations

* Add invidual key for each providers

* Nothing to migrate

* Fix spelling in comment

* Replace TAPi18n library with rocketchat:tapi18n

* Use correct setting

* Remove GPG file (RocketChat#15146)

* Switch outdated roadmap to point to milestones (RocketChat#15156)

* LingoHub based on develop (RocketChat#15166)

* LingoHub Update 🚀

Manual push by LingoHub User: Diego Sampaio.
Project: Rocket.Chat

Made with ❤️ by https://lingohub.com

* Update latest Livechat widget version(1.1.3) (RocketChat#15154)

* Update the latest livechat widget version(1.1.2).

* Rename the latest release from 1.1.2 to 1.1.3

* [FIX] IE11 - callback createTreeWalker doesnt accept acceptNo… (RocketChat#15157)

* Update latest Livechat widget version to 1.1.4 (RocketChat#15173)

* [FIX] search messages scroll (RocketChat#15175)

* [FIX] Attachment download button behavior (RocketChat#15172)

* Update presence package (RocketChat#15178)

* [FIX] TabBar not loading template titles (RocketChat#15177)

* [NEW] Endpoint to fetch livechat rooms with several filters (RocketChat#15155)

* WIP: livechat endpoint to get all rooms with filters

* Created an endpoint to get all livechat rooms with filters

* Remove wrong expectation

* Move endpoint to another folder

* simplify operation

* [BREAK] remove old livechat client (RocketChat#15133)

* fix stylelint

* Broadcast rate limiter added

* Regression: remove livechat cache from circle ci (RocketChat#15183)

* remove livechat cache from circle ci

* removed eslint

* Update Livechat to 1.1.6 (RocketChat#15186)

* [BREAK] Remove publication `usersInRole` (RocketChat#15194)

* [BREAK] Remove publication `roomSubscriptionsByRole` (RocketChat#15193)

* [BREAK] Remove REST endpoint `/api/v1/info` (RocketChat#15197)

* [BREAK] Remove GraphQL and grant packages (RocketChat#15192)

* Change notifications file imports to server (RocketChat#15184)

* Service Accounts Server tests added

* Lint errors fixed

* lint errors fixed

* Add service account button location changed

* lint errors fixed

* Test error fixed

* Sidebar header condition modified

* Fixed lint errors
@sampaiodiego sampaiodiego mentioned this pull request Sep 12, 2019
@gerroon
Copy link

gerroon commented Sep 20, 2019

Thanks for implementation, this seems tow ork with my initial tests. The Android app crashes when the user joins the video call, though not sure if it is a JWT thing.

@geekgonecrazy
Copy link
Contributor

I think the mobile apps don’t know how to do this. We might need to open an issue on the repo if it’s not already there

@gerroon
Copy link

gerroon commented Sep 21, 2019

I will try to file a bug for the Android version

Btw is it possible to share the Jitsi room with non Rocket.chat users after the room is created in Rocket via video chat?

@geekgonecrazy
Copy link
Contributor

click the i in bottom right corner

@ankar84
Copy link

ankar84 commented Feb 14, 2020

@diegolmello could you please implement that functionality to RC.RN applications?
Here a two issues for that case:
RocketChat/Rocket.Chat.ReactNative#1356
#16028
Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Jitsi-meet login credentials