Refactor JWT authentication
We use tokenAuthURL
in tenant.brand.config.js
like this:
tokenAuthUrl: "https://jitsi-token-service-fairkom.prod.osalliance.com/login?room={room}&roleUpgrade={roleUpgrade}",
which is calling our token service on kubernetes for each tenant https://git.fairkom.net/armin.felder/jitsi-token-service
Handling of tokenAuthURL
is not well documented and is deprecated.
JWT token could be handled by jicofo, which is also deprecated. Only plain JWT in URL will be supported.
READ: external auth mechanisms will be removed in Jitsi - https://community.jitsi.org/t/intent-to-deprecate-and-remove-external-auth-mechanisms/115332
We may give the keycloak extension for Jitsi a try (OIDC): https://github.com/D3473R/jitsi-keycloak (uses straight JWT auth)
SAML middleware: https://github.com/Renater/Jitsi-SAML2JWT see integration https://meetrix.io/blog/webrtc/jitsi/sso-jitsi-meet-sso-authentication.html
Straight JWT prosody method https://github.com/jitsi/lib-jitsi-meet/blob/master/doc/tokens.md which you install with
apt-get install jitsi-meet-tokens
NEW DEC 2022: keycloak JWT adapter https://github.com/nordeck/jitsi-keycloak-adapter