search

mattermost-community / mattermost-plugin-jitsi

Jitsi plugin for Mattermost :electric_plug:
Apache License 2.0
193 stars 89 forks source link

[Feature Request] Endpoint for jitsi tokenAuthUrl #207

Open fabien-anabasis opened 2 years ago

fabien-anabasis commented 2 years ago

Mattermost Version: 6.3

Plugin Version: 2.0.0

Describe the issue There is no way to "login" as Host on an already existing jitsi room.

Additional context Jitsi offers mechanism to ask to an authentication service for a JWT to connect to a room. As described here: https://github.com/jitsi/jitsi-meet/pull/728

The mechanism works as follow:

  1. a user try to join some room on https://instance.jitsi/room where authentication is required to host a room, and the user is not identified
  2. a popup shows, click on "I'm the host"
  3. this redirects to some tokenAuthUrl, exemple https://instance.mattermost/plugins/jitsi/auth-callback?room={room}&roleUpgrade={roleUpgrade}, where {room} and {roleUpgrade} are replaced with the room's name and a flag set to false.
  4. the auth-callback endpoint checks whether the user is identified (some other criterion could be used too, should anyone logged have the right to join any room?)
  5. (if success) auth-callback redirects the user to https://instance.jitsi/room?jwt=valid_token
  6. (if the user is not authenticated to mattermost) ask the user to login and then perform the redirection
  7. otherwise, fails with an error message (or redirect back without a valid jwt)

Notice that the callback can be called with roleUpgrade=true, in that case, it shouldn't redirect back to the room, but only return the JWT. This seems to be used when a user asks for a promotion to moderator.

hanzei commented 2 years ago

@givors-anabasis Should the MM server act as the JWT provider or another service?

fabien-anabasis commented 2 years ago

@hanzei My thought was that when the MM jitsi plugin was configured to be a JWT provider, then it would be natural to also be able to use it as a JWT provider for this use-case (since MM jitsi knows the app secret and id and provides the well formed valid JWT). No need to use any external service.

lufty-demansol commented 2 years ago

@givors-anabasis

I trying work on this issue.

Is there any jwt or other message that send to callback from jitsi? it's used for validation

maisnamraju commented 2 years ago

@catalintomai @hanzei @givors-anabasis is 6) possible. I am not aware of any features that allow us to do the same. I had a call with @lufty-demansol and this is the part we couldn't figure out.

fabien-anabasis commented 2 years ago

@maisnamraju I'm not sure about 6), If one try to access some plugin url without being logged to Mattermost, won't Mattermost ask the user to log in first? Anyway, this was a proposal, if the other points are implemented, it's really nice! (thank you @dimashasbi)