1.4 KiB
1.4 KiB
PoliticTalk Jitsi Auth Roadmap
These notes are intentionally not deployed yet. They describe the local files and app changes we should add when we connect PgApi authentication to Jitsi.
Target Flow
PgPlatform PoliticTalk event
-> PgPlatform PoliticTalk prejoin page
-> PgApi verifies logged-in user, event ownership/invite/access, and event time window
-> PgApi returns a short-lived Jitsi JWT
-> PgPlatform embeds or opens Jitsi with that JWT
-> Jitsi VPS validates JWT through Prosody token auth
Local Files
jitsi/templates/prosody-token-auth.cfg.lua.example
jitsi/templates/pgapi-politictalk-jwt.env.example
Only templates should be committed. Real JWT secrets must stay in VPS-only files.
Platform Changes To Add Later
- PgApi
join-linkissues Jitsi JWTs when token-auth env values are present. - JWT claims for room, user display name, email/id, moderator flag, expiry, and feature permissions.
- PgPlatform prejoin route shows event title and immutable platform user name.
- PgPlatform embedded Jitsi room using the IFrame API.
- Participants must wait on the PgPlatform prejoin page until the host starts the room.
- Jitsi auto-owner must be disabled once JWT auth is enabled so moderator status comes only from PgApi JWT claims.
- Moderator-only controls for audio moderation and poll permissions.
- Event end-time enforcement through JWT expiry and/or iframe hangup.