How to Authenticate Users to Jitsi Meet Using JWT Tokens

Introduction

Ever wondered how to secure your Jitsi Meet video calls so that only the right people get in?

When building or managing a video conferencing platform, one of the most important aspects is controlling user access. That’s where JSON Web Tokens (JWT) come in. If you’re looking to authenticate users to Jitsi Meet using JWT tokens, this guide will walk you through the process from start to finish.

Whether you’re running Jitsi on your own server or integrating it into a SaaS application, JWT-based authentication gives you more control, better security, and a smoother user experience. Let’s dive in.

Struggling with Jitsi setup, scalling, or customization?

Meet Avkash for expert solutions to streamline your Jitsi experience efficiently.

Trusted Clients

Let’s Talk To Avkash

1. Why Use JWT for Authentication?

Using JWT (JSON Web Tokens) to authenticate users gives you:

• Access control: Limit who can start or join meetings
• Secure identity: Trust that users are who they say they are
• Stateless authentication: No need to store session data
• Simple integration: Easy to embed into existing login systems

JWT is especially useful for multi-tenant platforms or SaaS apps, where each user or company needs isolated access.

2. Understanding How JWT Works in Jitsi

Jitsi Meet uses Prosody (an XMPP server) under the hood. When JWT is enabled, Jitsi checks for a valid JWT before letting a user join or create a room.

Here’s a simplified flow:

1. User logs in to your app
2. Your server generates a signed JWT
3. JWT is passed when the user joins the meeting
4. Jitsi reads the token, verifies it, and grants or denies access

3. Jitsi JWT Authentication Requirements

Before you start, make sure you have:

• A self-hosted Jitsi Meet instance
• Access to your server’s configuration files (root or sudo)
• A domain name with SSL (required for secure connections)
• Node.js or backend to generate JWT tokens

Dependencies:

• Jitsi Meet with token support (usually based on Prosody)
• Lua libraries for JWT validation

4. Setting Up Jitsi Meet for JWT Authentication

Let’s configure your server to accept JWT tokens.

Step 1: Enable JWT Plugin

In /etc/prosody/conf.avail/yourdomain.cfg.lua, update your virtual host:

VirtualHost "yourdomain.com"
    authentication = "token"
    app_id = "your_app_id"
    app_secret = "your_app_secret"
    allow_empty_token = false

Step 2: Install Required Modules

Ensure mod_auth_token.lua is installed and enabled.

bash CopyEdit

sudo apt install lua-cjson lua-sec

Restart the services: bash CopyEdit

sudo systemctl restart prosody
sudo systemctl restart jicofo
sudo systemctl restart jitsi-videobridge2

5. Creating JWT Tokens for Jitsi

You can generate JWTs using Node.js, Python, or any backend language.

Sample JWT Payload

json CopyEdit

{
  "aud": "your_app_id",
  "iss": "your_app_id",
  "sub": "yourdomain.com",
  "room": "conference1",
  "exp": 1712366400,
  "context": {
    "user": {
      "name": "John Doe",
      "email": "john@example.com"
    }
  }
}

Sign it using your secret key (app_secret) with HMAC SHA-256.

6. Adding Claims to Your JWT Payload

To fine-tune permissions, add custom claims:

• **room: **Limits access to a specific room
• **moderator: **Grants host-level controls
• **context.user: **Pass user metadata for display

This is useful when embedding Jitsi into portals or dashboards.

7. Frontend Integration: Embedding Jitsi with JWT

Use the Jitsi Meet IFrame API to embed meetings.

javascript CopyEdit

const domain = "yourdomain.com";
const options = {
    roomName: "conference1",
    parentNode: document.querySelector('#meet'),
    jwt: "your_generated_token"
};
const api = new JitsiMeetExternalAPI(domain, options);

8. Securing JWT Tokens and Best Practices

Keep your tokens safe. Here’s how:

• Use short expiration times (e.g., 5–15 minutes)
• Sign tokens server-side only
• Avoid storing tokens in local storage
• Use HTTPS for all communication

This ensures your meetings aren’t hijacked or abused.

Struggling with Jitsi setup, scalling, or customization?

Meet Avkash for expert solutions to streamline your Jitsi experience efficiently.

Trusted Clients

Let’s Talk To Avkash

9. Common Issues and Troubleshooting

Error: “Invalid JWT” or “Not authorized”

• Check token signature, app_id, and app_secret

Blank screen or connection error

• Ensure Prosody is restarted and the plugin is loaded

Room mismatch

• Token room must match the one user is trying to join

Use browser dev tools and Jitsi logs(/var/log/prosody/)to debug.

10. Use Case Example: SaaS Integration with JWT

Imagine you’re running a telehealth platform. Patients can only talk to assigned doctors. Here’s how JWT helps:

• User logs in to your portal
• Your backend issues a JWT for a private room
• Jitsi verifies the token, ensuring only invited users can join
• No need for extra logins or passwords

This streamlines user experience while keeping calls secure.

Conclusion

Setting up JWT authentication with Jitsi Meet may seem technical, but it’s a powerful way to secure your video meetings. From generating tokens to embedding them in your app, every step adds a layer of trust and control.

If you’re running a multi-user platform, building a SaaS product, or simply want to lock down access, using JWT is the way to go.