What Is Jitsi Meet JWT Authentication?
Let’s break it down in simple terms:
JWT (JSON Web Token) authentication in Jitsi Meet is like giving someone a digital key to enter a secure room. Only those with a valid token can join your meeting.
When I first deployed Jitsi Meet for my team, everything worked smoothly—until I realized anyone with the link could join. Not ideal. That’s when I discovered JWT authentication, and it completely changed the game. Suddenly, I had full control over who could access our meetings.
Why Use JWT Authentication with Jitsi Meet?
If you’re running your own Jitsi server, here’s why JWT is a no-brainer:
- Stronger Security – Only users with valid tokens can enter.
- Custom Login Flows – Integrate with your own app or login system.
- Keeps Meetings Private – No more uninvited guests.
- Works Everywhere – Web and mobile support.
From experience, I can say this is the way to host secure client calls, internal meetings, and private webinars.
How JWT Works with Jitsi Meet
Here’s a quick overview of how it all comes together:
- A user logs into your platform.
- Your backend generates a unique JWT token.
- The user opens a Jitsi meeting link that includes that token.
- Jitsi checks the token and lets them in—if it’s valid.
A typical JWT token includes:
- Username
- Room name
- Expiry time
- App ID and secret
Requirements Before You Begin
Here’s what you’ll need to get started:
- A self-hosted Jitsi Meet server
- Root or sudo access
- Web server like Nginx
- SSL-enabled domain
- Some knowledge of Linux + Node.js, PHP, or Python (for token generation)
Step-by-Step: How to Set Up JWT Authentication in Jitsi Meet
Step 1: Install Jitsi Meet (Skip if already installed)
sudo apt install jitsi-meet
This gives you a complete open-source video conferencing platform.
Step 2: Enable JWT in Prosody (Authentication Layer)
Edit your Prosody config file:
sudo nano /etc/prosody/conf.avail/your-domain.cfg.lua
Under the VirtualHost section, add:
authentication = "token"
app_id = "your_app_id"
app_secret = "your_app_secret"
allow_empty_token = false
Step 3: Configure Jicofo and Jitsi Meet Frontend
For Jicofo:
sudo nano /etc/jitsi/jicofo/sip-communicator.properties
Add:
org.jitsi.jicofo.auth.URL=XMPP:your-domain.com
For Jitsi Meet UI:
sudo nano /etc/jitsi/meet/your-domain-config.js
Add or update:
config.jwt = {
enableUserRolesBasedOnToken: true
};
Step 4: Restart All Jitsi Services
Apply your changes:
sudo systemctl restart prosody
sudo systemctl restart jicofo
sudo systemctl restart jitsi-videobridge2
Step 5: Generate JWT Tokens
You can generate tokens using any backend language. Here’s a Node.js example:
const jwt = require("jsonwebtoken");
const payload = {
context: {
user: {
name: "John Doe",
},
},
aud: "your_app_id",
iss: "your_app_id",
sub: "your-domain.com",
room: "*", // or specify a room name
exp: Math.floor(Date.now() / 1000) + 3600, // 1 hour
};
const token = jwt.sign(payload, "your_app_secret");
console.log(token);
Attach the token to your meeting link like so:
https://your-domain.com/roomname?jwt=YOUR_TOKEN_HERE
Example: How I Used JWT for a 100+ Person Workshop
We once hosted a workshop with over 100 attendees. Instead of sharing a public link, we generated a unique token for each registered user and emailed it to them. This way, we knew exactly who joined—and we had zero issues with uninvited guests. It felt like a VIP event.
Common Issues and Quick Fixes
- Blank screen or no video? - Check if the JWT token is valid and hasn’t expired.
- Error: “Token not provided”? - Make sure the token is in the URL correctly.
- Authentication failing? - Double check your app_id and app_secret in the config.
Security Tips for Using JWT
- Always use HTTPS
- Set short token lifespans (e.g., 30 mins)
- Use strong, rotated secrets
- Don’t store secrets in frontend code
Conclusion: Secure Your Jitsi Meet Today
Jitsi Meet is already a powerful open-source tool—but JWT authentication makes it enterprise-ready. Whether you’re running virtual classes, confidential meetings, or big online events, this setup adds a critical layer of privacy and control.
I’ve used JWT in multiple real-world projects, and it never fails to deliver.
Go ahead—give it a try. And if you need any help along the way, contact us for Jitsi expert support. We’re here to make your Jitsi experience seamless and secure.