ngoan98tv
commented
2 years ago hmm, there is one chance that someone replace creator_id in jwt payload, but then the token will be invalid when verifying.
I see no way to fake the moderator for now
Open ngoan98tv opened 2 years ago
ngoan98tv
commented
2 years ago hmm, there is one chance that someone replace creator_id in jwt payload, but then the token will be invalid when verifying.
I see no way to fake the moderator for now
agarciamontoro
commented
2 years ago I added the changes in root_portal.tsx in #214, which I just merged, and I expected this PR to have merge conflicts, but it doesn't :thinking: Anyway, heads-up that those changes are already in master.
DaDummy
commented
6 months ago Out of curiosity as a present user of this mattermost plugin: Is this change configurable/optional and disabled by default or will this be a breaking change?
I'm asking because we actually prefer the current behavior of gaining moderation privileges by using the link in mattermost and then generating a non-privileged link in the meeting to use for external invitations. So this change would break our workflow if not disabled on our instance.
mickmister
commented
6 months ago @DaDummy Thanks for commenting here. Sure, I think it makes sense to have this be configurable
@ngoan98tv Are you interested in implementing this? Also, would be good to know if you would be open to address any concerns that come up in general with this, as this was submitted quite a while ago. Apologies for the large delay in review here
Summary
Adding field
moderatorto JWT claims so it can work withjitsi-token-moderation-pluginto identify moderator.Now, only the user who start the meeting can be moderator
Ticket Link
Fixes #178