devium
commented
1 year ago Actually jitsi-keycloak seems fine. It's just that Prosody now properly validates the sub claim, i.e. the JITSI_SUB variable.
I had it set to jitsi.mydomain.org and apparently it needs to be set to meet.jitsi instead, at least in my Kubernetes setup.
I just upgraded from 7439-2 to 7577-2 and that seems to have broken JWT validation. I get the following error in Prosody:
muc.meet.jitsi:token_verification error Token eyJhbGciOiJIU[...]PZBgw not allowed to join: futurecallsfightthoroughly@muc.meet.jitsi/c3e37956It seems this is connected to this issue: https://github.com/jitsi/jitsi-meet/issues/11967
Apparently, token verification has changed in one of the recent updates.