Create JitsiJWTTokenBuilder that creates a JWT token for jitsi openidtoken-jwt authentication.

2026-04-22 01:22:46 +02:00 · 2020-10-27 23:42:18 +01:00
parent a79aae735f
commit ffa4f7af65
2 changed files with 128 additions and 0 deletions
@@ -0,0 +1,56 @@
+// 
+// Copyright 2020 New Vector Ltd
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+import Foundation
+import SwiftJWT
+
+/// `JitsiJWTPayload` represents the Jitsi JWT payload
+/// More details here: https://github.com/matrix-org/prosody-mod-auth-matrix-user-verification#widget-initialization
+struct JitsiJWTPayload: Claims {
+    let iss: String
+    let sub: String
+    let aud: String
+    let room: String
+    let context: JitsiJWTPayloadContext
+}
+
+// MARK: - JitsiJWTPayloadContext
+
+struct JitsiJWTPayloadContext: Codable {
+    let matrix: JitsiJWTPayloadContextMatrix
+    let user: JitsiJWTPayloadContextUser
+}
+
+// MARK: - JitsiJWTPayloadContextMatrix
+
+struct JitsiJWTPayloadContextMatrix {
+    let token: String
+    let roomId: String
+}
+
+extension JitsiJWTPayloadContextMatrix: Codable {
+    enum CodingKeys: String, CodingKey {
+        case token
+        case roomId = "room_id"
+    }
+}
+
+// MARK: - JitsiJWTPayloadContextUser
+
+struct JitsiJWTPayloadContextUser: Codable {
+    let avatar: String
+    let name: String
+}
@@ -0,0 +1,72 @@
+// 
+// Copyright 2020 New Vector Ltd
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+import Foundation
+import SwiftJWT
+
+/// Create a JWT token for jitsi openidtoken-jwt authentication
+/// See https://github.com/matrix-org/prosody-mod-auth-matrix-user-verification
+final class JitsiJWTTokenBuilder {
+    
+    // MARK: - Constants
+    
+    private enum Constants {
+        static let privateKey = "notused"
+    }
+    
+    // MARK: - Public
+    
+    func build(jitsiServerDomain: String,
+               openIdAccessToken: String,
+               roomId: String,
+               userAvatarUrl: String,
+               userDisplayName: String) throws -> String {
+        
+        // Create Jitsi JWT
+        let jitsiJWTPayloadContextMatrix = JitsiJWTPayloadContextMatrix(token: openIdAccessToken, roomId: roomId)
+        let jitsiJWTPayloadContextUser = JitsiJWTPayloadContextUser(avatar: userAvatarUrl, name: userDisplayName)
+        let jitsiJWTPayloadContext = JitsiJWTPayloadContext(matrix: jitsiJWTPayloadContextMatrix, user: jitsiJWTPayloadContextUser)
+        
+        let jitsiJWTPayload = JitsiJWTPayload(iss: jitsiServerDomain,
+                                      sub: jitsiServerDomain,
+                                      aud: "https://\(jitsiServerDomain)",
+            room: "*",
+            context: jitsiJWTPayloadContext)
+        
+        let jitsiJWT = JWT(claims: jitsiJWTPayload)
+                        
+        // Sign JWT
+        // The secret string here is irrelevant, we're only using the JWT
+        // to transport data to Prosody in the Jitsi stack.
+        let privateKeyData = self.generatePivateKeyData()
+        let jwtSigner = JWTSigner.hs256(key: privateKeyData)
+        
+        // Encode JWT token
+        let jwtEncoder = JWTEncoder(jwtSigner: jwtSigner)
+        let jwtString = try jwtEncoder.encodeToString(jitsiJWT)
+        
+        return jwtString
+    }
+    
+    // MARK: - Private
+    
+    private func generatePivateKeyData() -> Data {
+        guard let privateKeyData = Constants.privateKey.data(using: .utf8) else {
+            fatalError("[JitsiJWTTokenBuilder] Fail to generate private key")
+        }
+        return privateKeyData
+    }
+}