Closed devium closed 1 year ago
Actually jitsi-keycloak seems fine. It's just that Prosody now properly validates the sub
claim, i.e. the JITSI_SUB
variable.
I had it set to jitsi.mydomain.org
and apparently it needs to be set to meet.jitsi
instead, at least in my Kubernetes setup.
I just upgraded from 7439-2 to 7577-2 and that seems to have broken JWT validation. I get the following error in Prosody:
muc.meet.jitsi:token_verification error Token eyJhbGciOiJIU[...]PZBgw not allowed to join: futurecallsfightthoroughly@muc.meet.jitsi/c3e37956
It seems this is connected to this issue: https://github.com/jitsi/jitsi-meet/issues/11967
Apparently, token verification has changed in one of the recent updates.