Add support for Jitsi openidtoken-jwt auth

If the widget URL specifies this auth, generate a JWT token
containing the info needed by the Jitsi backend.
This commit is contained in:
Jason Robinson 2020-09-04 13:14:52 +03:00
parent e5a4092adc
commit 5108697ac8
3 changed files with 57 additions and 2 deletions

View file

@ -59,6 +59,7 @@
"browser-request": "^0.3.3",
"gfm.css": "^1.1.2",
"highlight.js": "^9.13.1",
"jsrsasign": "^9.1.5",
"matrix-js-sdk": "github:matrix-org/matrix-js-sdk#develop",
"matrix-react-sdk": "github:matrix-org/matrix-react-sdk#develop",
"olm": "https://packages.matrix.org/npm/olm/olm-3.1.4.tgz",

View file

@ -19,6 +19,7 @@ require("./index.scss");
import * as qs from 'querystring';
import { Capability, WidgetApi } from "matrix-react-sdk/src/widgets/WidgetApi";
import { KJUR } from "jsrsasign";
// Dev note: we use raw JS without many dependencies to reduce bundle size.
// We do not need all of React to render a Jitsi conference.
@ -33,6 +34,8 @@ let conferenceId: string;
let displayName: string;
let avatarUrl: string;
let userId: string;
let jitsiAuth: string;
let roomId: string;
let widgetApi: WidgetApi;
@ -69,6 +72,8 @@ let widgetApi: WidgetApi;
displayName = qsParam('displayName', true);
avatarUrl = qsParam('avatarUrl', true); // http not mxc
userId = qsParam('userId');
jitsiAuth = qsParam('auth', true);
roomId = qsParam('roomId', true);
if (widgetApi) {
await widgetApi.waitReady();
@ -91,6 +96,45 @@ function switchVisibleContainers() {
document.getElementById("joinButtonContainer").style.visibility = inConference ? 'hidden' : 'unset';
}
/**
* Create a JWT token fot jitsi openidtoken-jwt auth
*
* See TODO add link
*/
function createJWTToken() {
// Header
const header = {alg: 'HS256', typ: 'JWT'};
// Payload
const payload = {
// TODO change this to refer to spec?
iss: "app_id",
sub: jitsiDomain,
aud: `https://${jitsiDomain}`,
room: "*",
context: {
matrix: {
// TODO openid token retrieved as per MSC1960
token: "foobar",
room_id: roomId,
},
user: {
avatar: avatarUrl,
name: displayName,
},
},
};
// Sign JWT
// The secret string here is irrelevant, we're only using the JWT
// to transport data to Prosody in the Jitsi stack.
// See TODO add link
return KJUR.jws.JWS.sign(
"HS256",
JSON.stringify(header),
JSON.stringify(payload),
"notused",
);
}
function joinConference() { // event handler bound in HTML
switchVisibleContainers();
@ -102,7 +146,7 @@ function joinConference() { // event handler bound in HTML
"they mention 'external_api' or 'jitsi' in the stack. They're just Jitsi Meet trying to parse " +
"our fragment values and not recognizing the options.",
);
const meetApi = new JitsiMeetExternalAPI(jitsiDomain, {
const options = {
width: "100%",
height: "100%",
parentNode: document.querySelector("#jitsiContainer"),
@ -113,7 +157,12 @@ function joinConference() { // event handler bound in HTML
MAIN_TOOLBAR_BUTTONS: [],
VIDEO_LAYOUT_FIT: "height",
},
});
jwt: undefined,
};
if (jitsiAuth === "openidtoken-jwt") {
options.jwt = createJWTToken();
}
const meetApi = new JitsiMeetExternalAPI(jitsiDomain, options);
if (displayName) meetApi.executeCommand("displayName", displayName);
if (avatarUrl) meetApi.executeCommand("avatarUrl", avatarUrl);
if (userId) meetApi.executeCommand("email", userId);

View file

@ -6914,6 +6914,11 @@ jsprim@^1.2.2:
json-schema "0.2.3"
verror "1.10.0"
jsrsasign@^9.1.5:
version "9.1.5"
resolved "https://registry.yarnpkg.com/jsrsasign/-/jsrsasign-9.1.5.tgz#fe286425d2c05b2d0865d24ded53e34b12abd2ca"
integrity sha512-iJLF8FvZHlwyQudrRtQomHj1HdPAcM8QSRTt0FJo8a6iFgaGCpKUrE7lWyELpAjrFs8jUC/Azc0vfhlj3yqHPQ==
jsx-ast-utils@^2.2.3:
version "2.3.0"
resolved "https://registry.yarnpkg.com/jsx-ast-utils/-/jsx-ast-utils-2.3.0.tgz#edd727794ea284d7fda575015ed1b0cde0289ab6"