diff --git a/src/routes/idaa/(idaa)/video_conferences/+page.svelte b/src/routes/idaa/(idaa)/video_conferences/+page.svelte
index 0b92815d..3bc912ec 100644
--- a/src/routes/idaa/(idaa)/video_conferences/+page.svelte
+++ b/src/routes/idaa/(idaa)/video_conferences/+page.svelte
@@ -841,30 +841,33 @@ async function init_jitsi() {
const url_params = data.params;
// --- Initialize Jitsi ---
- // TODO: Issue JWT to all verified Novi users once Jitsi server is configured to enforce
- // JWT auth and respect context.user.moderator (set allow_empty_token = false in Prosody).
- // For now, only moderators get a JWT — non-moderators join anonymously.
- let jwt_token = null;
- if (is_moderator) {
- console.log('Jitsi: Attempting to get JWT for moderator...');
- jwt_token = await get_jitsi_jwt(
- display_name,
- email,
- is_moderator,
- room_name,
- user_id
- );
- if (!jwt_token) {
- const container = document.getElementById(jitsi_container_id);
- if (container)
- container.innerHTML =
- 'Authentication Failed. Please try again.
';
- console.error('Jitsi: Authentication failed. JWT not received.');
- return;
- }
- console.log('Jitsi: Successfully received JWT.');
- } else {
- console.log('Jitsi: Non-moderator joining without JWT (temporary — pending Jitsi server config fix).');
+ // Issue JWT to all verified Novi users. The token's moderator flag controls
+ // whether the user gets host privileges in the Jitsi room.
+ console.log(`Jitsi: Attempting to get JWT (is_moderator=${is_moderator})...`);
+ const jwt_token = await get_jitsi_jwt(
+ display_name,
+ email,
+ is_moderator,
+ room_name,
+ user_id
+ );
+ if (!jwt_token) {
+ const container = document.getElementById(jitsi_container_id);
+ if (container)
+ container.innerHTML =
+ 'Authentication Failed. Please try again.
';
+ console.error('Jitsi: Authentication failed. JWT not received.');
+ return;
+ }
+ console.log('Jitsi: Successfully received JWT.');
+ try {
+ // Decode JWT payload (base64url → JSON) for debug verification.
+ // This does NOT verify the signature — for logging only.
+ const jwt_payload = JSON.parse(atob(jwt_token.split('.')[1].replace(/-/g, '+').replace(/_/g, '/')));
+ console.log('%cJitsi JWT decoded payload:', 'font-weight:bold;color:#4f8ef7', jwt_payload);
+ console.log(`Jitsi JWT: user=${jwt_payload?.context?.user?.name ?? jwt_payload?.name}, moderator=${jwt_payload?.context?.user?.moderator ?? jwt_payload?.user?.moderator}, room=${jwt_payload?.room ?? jwt_payload?.context?.room}`);
+ } catch (e) {
+ console.warn('Jitsi: Could not decode JWT payload for debug logging.', e);
}
const disabled_sounds = [