CallYou Jitsi and Twilio Configuration

Requirements

This feature requires:

  1. That user's web browsers support the WebRTC API.
  2. That the connection with the server is done view the HTTPS protocol.

Configuration

This feature must be configured before using it. To configure the feature the developer must implement a few procedures.

The procedures return SDTs used by the module, whose fields are detailed below. The developer may load these SDTs as they see fit.

LoadMeetingsConfiguration

This procedure configures the submodule’s global configuration. In it the developer must load the following values:

  • Enabled: Determines if the submodule is active in this KB.

  • ImplementationWC: Determines which provider will be used, by specifying the name of the web component that will be used to show the meeting.
    Supported values for this property are shown in this table:

    Provider Generator Property Value
    Jitsi Java k2btools.meetings.meetingjitsiwc
    Jitsi .Net k2btools.meetings.meetingjitsiwc.aspx
    Twilio Java k2btools.meetings.meetingtwiliowc
    Twilio .Net k2btools.meetings.meetingtwiliowc.aspx

LoadJitsiConfiguration

This procedure is used to configure meetings using Jitsi. If this provider is not used, the procedure may be left blank.

The parameters are shown below. They can be used to configure the connection with different types of Jitsi servers.

If you want to use the JaaS service provided by 8x8, see Using the 8x8 JaaS service for video calls.

Property Name Description
Domain The domain name for the Jitsi server.
UsePassword Determines whether a password will be set to the Jitsi room. If set to true, the password will be generated and set automatically.
UseToken Determines if JWT tokens will be used to implement authentication.
TokenAlgorithm Determines which algorithm will be used to sign the JWT token. Supported values are: JWTAlgorithm.HS256 (symmetric keys) and JWTAlgorithm.RS256 (asymmetric keys). Only used if UseToken = True.
TokenKey Contains the token key used to sign the JWT tokens. Only used if the previous parameter is set to True. This value must be encoded as an hexadecimal value CallYou Jitsi and Twilio Configuration. Only used if UseToken = True and TokenAlgorithm = JWTAlgorithm.HS256.
Kid This parameter is optional. It may be used to tell the server which key was used to sign the token. Only used if UseToken = True.
Sub This parameter's value must be set as determined by the jitsi server. Only used if UseToken = True.
Iss This parameter's value must be set as determined by the jitsi server. Only used if UseToken = True.
TokenPrivateKeyFile This parameter contains the path to the file containing the private key in PKCS12 format. See Generating public/private key pairs for JWT tokens signed with the RS256 algorithm. Only used if UseToken = True and TokenAlgorithm = JWTAlgorithm.RS256.
TokenPrivateKeyAlias This parameter contains the alias of the private key inside the file. See Generating public/private key pairs for JWT tokens signed with the RS256 algorithm. Only used if UseToken = True and TokenAlgorithm = JWTAlgorithm.RS256.
TokenPrivateKeyPassword This parameter contains the password for the private key file. See Generating public/private key pairs for JWT tokens signed with the RS256 algorithm. Only used if UseToken = True and TokenAlgorithm = JWTAlgorithm.RS256.
TokenCertificateFile This parameter contains the path to the file containing the certificate in PKCS12 format. See Generating public/private key pairs for JWT tokens signed with the RS256 algorithm. Only used if UseToken = True and TokenAlgorithm = JWTAlgorithm.RS256.
TokenCertificateAlias This parameter contains the alias of the certificate inside the file. See Generating public/private key pairs for JWT tokens signed with the RS256 algorithm. Only used if UseToken = True and TokenAlgorithm = JWTAlgorithm.RS256.
TokenCertificatePassword This parameter contains the password for the certificate file. See Generating public/private key pairs for JWT tokens signed with the RS256 algorithm. Only used if UseToken = True and TokenAlgorithm = JWTAlgorithm.RS256.
UserControlNamePrefix Contains a prefix for the room name in the user control. Some servers require that the room name be prefixed by a tenant code.
RoomNameTemplate Contains a naming template for rooms. The value %ROOM_GUID% will be replaced by the meeting’s id.

LoadTwilioConfiguration

This procedure is used to configure meetings using Twilio. If this provider is not used, the procedure may be left blank.

The output fields are:

  • ApiKeySid: Twilio key identification. See this page for more information.

  • ApiKeySecret: Twilio key value. See this page for more information. This value must be encoded as an hexadecimal value (See this).

  • AccountSid: Twilio account identification. See this page for more information.

  • RoomNameTemplate: Contains a naming template for rooms. The value %ROOM_GUID% will be replaced by the meeting’s id.

Encoding JWT symmetric keys as hexadecimal values

When using the HS256 algrithm, the GeneXusJWT library expects keys to be a character value containing the hexadecimal representation of the key. Both Twilio and Jitsi provide the key as a string that is not encoded this way, and this can lead to errors if the developer does not encode the value when passing it to the JWTCreator.

To encode the key, you can use this Powershell command (replace <key> below with the key that should be encoded):

("<key>" | Format-Hex | Select-Object -Expand Bytes | ForEach-Object { '{0:x2}' -f $_ }) -join ''

Generating public/private key pairs for JWT tokens signed with the RS256 algorithm

Some Jitsi providers (por example, 8x8) use asymmetric keys to sign the JWT tokens used to authenticate the user. In that case, you should generate your keypair and send the public key to the server.

The following commands may be helpful to generate those pairs. These examples use the openssl command, easily found in unix distributions. If you are using windows, see this page.

1 - Generating the keypair.

Use the following command:

openssl req -x509 -sha256 -newkey rsa:4096 -keyout selfsigned.pem -out selfsigned.cer

Sample output:

$> openssl req -x509 -sha256 -newkey rsa:4096 -keyout selfsigned.pem -out selfsigned.cer
Generating a RSA private key
........++++
............................................................................................++++
writing new private key to 'selfsigned.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:

2 - Exporting the private key/certificate in PKCS12 format (as required by GeneXus).

Use the command:

openssl pkcs12 -export -inkey selfsigned.pem -in selfsigned.cer -out selfsigned.p12

Sample output:

$> openssl pkcs12 -export -inkey selfsigned.pem -in selfsigned.cer -out selfsigned.p12
Enter pass phrase for selfsigned.pem:
Enter Export Password:
Verifying - Enter Export Password:

The first password requested is the one set in the previous step. The other two are used in the exported file (the new password may be different from the previous one).

3 - Exporting the public key in PEM format (as requested by 8x8).

Use the command:

openssl rsa -in selfsigned.pem -pubout -outform PEM -out selfsigned.pub

Sample output:

$ openssl rsa -in selfsigned.pem -pubout -outform PEM -out selfsigned.pub
Enter pass phrase for selfsigned.pem:
writing RSA key