Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature Request] Endpoint for jitsi tokenAuthUrl #207

Open
fabien-anabasis opened this issue Jan 31, 2022 · 5 comments
Open

[Feature Request] Endpoint for jitsi tokenAuthUrl #207

fabien-anabasis opened this issue Jan 31, 2022 · 5 comments
Labels
Type/Bug Something isn't working Type/Enhancement New feature or improvement of existing feature

Comments

@fabien-anabasis
Copy link

fabien-anabasis commented Jan 31, 2022

Mattermost Version: 6.3

Plugin Version: 2.0.0

Describe the issue
There is no way to "login" as Host on an already existing jitsi room.

Additional context
Jitsi offers mechanism to ask to an authentication service for a JWT to connect to a room. As described here: jitsi/jitsi-meet#728

The mechanism works as follow:

  1. a user try to join some room on https://instance.jitsi/room where authentication is required to host a room, and the user is not identified
  2. a popup shows, click on "I'm the host"
  3. this redirects to some tokenAuthUrl, exemple https://instance.mattermost/plugins/jitsi/auth-callback?room={room}&roleUpgrade={roleUpgrade}, where {room} and {roleUpgrade} are replaced with the room's name and a flag set to false.
  4. the auth-callback endpoint checks whether the user is identified (some other criterion could be used too, should anyone logged have the right to join any room?)
  5. (if success) auth-callback redirects the user to https://instance.jitsi/room?jwt=valid_token
  6. (if the user is not authenticated to mattermost) ask the user to login and then perform the redirection
  7. otherwise, fails with an error message (or redirect back without a valid jwt)

Notice that the callback can be called with roleUpgrade=true, in that case, it shouldn't redirect back to the room, but only return the JWT. This seems to be used when a user asks for a promotion to moderator.

@larkox larkox added the Triage label Feb 1, 2022
@hanzei hanzei added Type/Bug Something isn't working Type/Enhancement New feature or improvement of existing feature labels Feb 7, 2022
@hanzei
Copy link
Contributor

hanzei commented Feb 7, 2022

@givors-anabasis Should the MM server act as the JWT provider or another service?

@fabien-anabasis
Copy link
Author

@hanzei My thought was that when the MM jitsi plugin was configured to be a JWT provider, then it would be natural to also be able to use it as a JWT provider for this use-case (since MM jitsi knows the app secret and id and provides the well formed valid JWT). No need to use any external service.

@lufty-demansol
Copy link

lufty-demansol commented Apr 11, 2022

@givors-anabasis

I trying work on this issue.

Is there any jwt or other message that send to callback from jitsi?
it's used for validation

@maisnamraju
Copy link

@catalintomai @hanzei @givors-anabasis is 6) possible. I am not aware of any features that allow us to do the same. I had a call with @lufty-demansol and this is the part we couldn't figure out.

@fabien-anabasis
Copy link
Author

@maisnamraju I'm not sure about 6), If one try to access some plugin url without being logged to Mattermost, won't Mattermost ask the user to log in first? Anyway, this was a proposal, if the other points are implemented, it's really nice! (thank you @dimashasbi)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Type/Bug Something isn't working Type/Enhancement New feature or improvement of existing feature
Projects
None yet
Development

No branches or pull requests

6 participants