Jitsi: Simple way to join a jitsi room with a manual jwt token #13986
Conversation
How would this work given any Riot can use any Jitsi via config.json?
Yes but the field always being there has the chance to confuse simpler users. |
Well Maybe it's my fault to mix issues, and plan the server part out of riot issues. But I think that various jitsi servers keys can be defined, specified in a list of domain:secret or domain:private_key. If a user sends a token request to server and the server doesn't contain the specified domain then it will return an error code and so on the field will not be succesfully filled.
That's why I put in a details element... Maybe it is still confusing... but given the importance of allowing moderated and "private" jitsi rooms I think is better this than just left it out of riot, making users to detach jitsi in a new window and add the jwt get parameter there. |
|
@aleixq, thanks for your interest in this feature and working on this PR. I agree it would be good to offer private / authenticated calls in Riot, but I am worried this approach is too power user focused, and would degrade the UX for the common case. For a feature like this, I think we'll need to work together with the Riot Design team from the start to ensure the overall UX is consider holistically across different user types, so we can ensure we're offering privacy and security that's also simple to use. At the moment, the Design team has a lot on their plate with several first-time user experience projects all coming together soon, so if you're still interested in pursuing this topic, I'd recommend discussing it with the team first in #riot-web:matrix.org, perhaps in a few weeks from now once we're past the current slate of work. |
|
Well thanks @jryans , I have sent a message in that room. But, do you think that it will be useful to open a new issue as a feature request? |
Yes, feel free to open an issue and describe your use case in detail. That will help us track interest and prioritise future work. 😄 |
With a self-hosted jitsi server JWT tokens are the way to give access automatically and at same time protect against unauthorized guest room creation.
I found it useful to put in riot some way to enter the jwt token. By now obtaining the token is manually but I think that with some little work it can be done automatically. (notes below)
Mockup proposal about provide tokens automatically by the HS:
Maybe the better way should be to keep the secret (or the private key) to be able to generate jwt tokens in some way in matrix homeserver and then find a way to request jwt tokens to server (maybe widget api...), and answer with a token depending on the user power level.
Then at local widget level fill the jwt token field automatically, but only for the user who request the token or the widget and has a concrete power level.
Adding a jwt token url parameter for a jitsi that has not enabled it is harmless. So it can be always filled.
The jwt token field in riot widget (done in src/vector/jitsi/index.ts) will be the place to enter the token, if there's a good answer from server then fill it, if not leave blank.
Also, by now a simple bot could be used by now to request the jwt token.
But as I said by now the homeserver part is not there, so we only can create room jwt tokens manually by the one who has the secret or the allowed private key.
It's my first contribution in riot so i don't know if the PR is fully usable, i think so, but maybe the use of localstorage from the widget is not recommended, or maybe it's better to use indexeddb... Excuse me if I omit something.