Allow page refresh with token authentication

[fsantner]

What problem are you trying to solve?

We use token authentication for our self hosted jitsi installation and everything works quite well. The only thing that is currently quite annoying is, that when a user is successfully logged in by passing a valid JWT in the browser, the conference starts and then reloads the browser window, the user is prompted to enter username and password, which it does not have.

What solution would you like to see?

The user should be automatically logged in again, or at least the JWT should be added again so he can rejoin the conference.

Is there an alternative?

No response

[damencho]

the conference starts and then reloads the browser window,

What is this reload? How does it happen? Are you using tokenAuthUrl in config.js?

[fsantner]

Hi @damencho and thx for the quick reply. We are joining a conference by passing the JWT in the URL. e.g. https://path-to-our-jitsi-server/ROOM12345?jwt=. We do not use the tokenAuthUrl in config.js but generate the JWT in our application from where the user "jumps" to the conference calling the URL mentioned above.

When I press F5 in the browser to reload the page (in a running conference), the user is logged out and sees the jitsi "Join conference" page again instead of being in the conference again.

I think the problem is, that the ?jwt= is stripped away in the browser address bar when the user entered/joined the conference, so when I press F5 the information is not sent anymore to jitsi.

[damencho]

Yep. You have two options, use the iframeAPI to pass the token, and then when users refresh you can pass it again. Another option is to implement the tokenAuthUrl to be passing the token and when people are not authenticated they will be redirected to it to get the token.