35 lines
1.4 KiB
Markdown
35 lines
1.4 KiB
Markdown
# PoliticTalk Jitsi Auth Roadmap
|
|
|
|
These notes are intentionally not deployed yet. They describe the local files and app changes we should add when we connect PgApi authentication to Jitsi.
|
|
|
|
## Target Flow
|
|
|
|
```text
|
|
PgPlatform PoliticTalk event
|
|
-> PgPlatform PoliticTalk prejoin page
|
|
-> PgApi verifies logged-in user, event ownership/invite/access, and event time window
|
|
-> PgApi returns a short-lived Jitsi JWT
|
|
-> PgPlatform embeds or opens Jitsi with that JWT
|
|
-> Jitsi VPS validates JWT through Prosody token auth
|
|
```
|
|
|
|
## Local Files
|
|
|
|
```text
|
|
jitsi/templates/prosody-token-auth.cfg.lua.example
|
|
jitsi/templates/pgapi-politictalk-jwt.env.example
|
|
```
|
|
|
|
Only templates should be committed. Real JWT secrets must stay in VPS-only files.
|
|
|
|
## Platform Changes To Add Later
|
|
|
|
- PgApi `join-link` issues Jitsi JWTs when token-auth env values are present.
|
|
- JWT claims for room, user display name, email/id, moderator flag, expiry, and feature permissions.
|
|
- PgPlatform prejoin route shows event title and immutable platform user name.
|
|
- PgPlatform embedded Jitsi room using the IFrame API.
|
|
- Participants must wait on the PgPlatform prejoin page until the host starts the room.
|
|
- Jitsi auto-owner must be disabled once JWT auth is enabled so moderator status comes only from PgApi JWT claims.
|
|
- Moderator-only controls for audio moderation and poll permissions.
|
|
- Event end-time enforcement through JWT expiry and/or iframe hangup.
|