search

jitsi / jitsi-meet

Jitsi Meet - Secure, Simple and Scalable Video Conferences that you use as a standalone app or embed in your web application.
https://jitsi.org/meet
Apache License 2.0
23.25k stars 6.75k forks source link

Jibri cannot record if the token authentication is enabled #11999

Closed emrahcom closed 2 years ago

emrahcom commented 2 years ago

Description:

jibri cannot record if the token authentication is enabled and allow_empty_token = false for the latest stable. If I switch back to the anonymous authentication or set allow_empty_token = true then it can record as expected.

Steps to reproduce:

  1. Configure jibri and be sure it's working
  2. Install jitsi-meet-tokens package
  3. Try to record the meeting session using jibri

Expected behavior:

The meeting session should be recorded when the token authentication is enabled too.

Actual behavior:

jibri is triggered as always but fails in a few seconds.

Server information:

ii  jicofo                1.0-910-1
ii  jitsi-meet            2.0.7577-1
ii  jitsi-meet-prosody    1.0.6380-1
ii  jitsi-meet-tokens     1.0.6380-1
ii  jitsi-meet-turnserver 1.0.6380-1
ii  jitsi-meet-web        1.0.6380-1
ii  jitsi-meet-web-config 1.0.6380-1
ii  prosody               0.11.9-2+deb11u2 amd64

Debian 11 Bullseye

Client information:

Chrome Version 104.0.5112.79 Debian 11 Bullseye

Additional information:

The issue seems related with the following line which was updated for the latest stable. Everything goes back to normal when enable_domain_verification = false is added into the prosody config (in main VirtualHost)

https://github.com/jitsi/jitsi-meet/blob/master/resources/prosody-plugins/token/util.lib.lua#L74

emrahcom commented 2 years ago

There is some more info in Community Forum:

https://community.jitsi.org/t/jibri-cannot-record-if-the-token-authentication-is-enabled/116450

holzi1005 commented 2 years ago

@emrahcom That was the case in the previous version. In the latest, I don't know if it is working. You cloud add the user recoder@.... in prosody as admin. Then there is no request for the JWT token.

emrahcom commented 2 years ago

Hi @holzi1005,

When I added "recorder@recorder.jitsi.mydomain.corp" into admins list in conference component, everything works as expected. So this may be only a documentation issue. There is no clue about it in Jibri README.

damencho commented 2 years ago

We have taken it offline with @saghul and after discussing it, we decided that the way to go is just to add the jid of jigasi or jibri to the admins of the main muc and that will skip the token verification for those users. https://github.com/jitsi/jitsi-meet/blob/f07bd4a0d6e0765162c8ac4b2290c09438b01a0b/doc/debian/jitsi-meet-prosody/prosody.cfg.lua-jvb.example#L83

jamesbrooks commented 2 years ago

Adding the jitsi to the admins list on the main muc resolved this issue for me also (jitsi w/ jwt). Thanks @damencho!