[mirotalksfu] - allow all authenticated users via OIDC to create their own rooms

2025-04-10 15:24:01 +02:00
--- a/.env.template
+++ b/.env.template
@@ -85,6 +85,7 @@ JWT_EXPIRATION=1h                                 # JWT token expiration (e.g.,

 # OIDC 
 OIDC_ENABLED=false                                # Enable OpenID Connect (true|false)
+OIDC_ALLOW_ROOMS_CREATION_FOR_AUTH_USERS=false    # Allow all authenticated users via OIDC to create their own rooms
 OIDC_ISSUER=https://server.example.com            # OIDC provider URL
 OIDC_BASE_URL=                                    # OIDC base URL es https://yourdomain.com
 OIDC_CLIENT_ID=clientID                           # OIDC client ID
--- a/app/src/Server.js
+++ b/app/src/Server.js
@@ -64,7 +64,7 @@ dev dependencies: {
 * @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
 * @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
 * @author  Miroslav Pejic - miroslav.pejic.85@gmail.com
- * @version 1.8.14
+ * @version 1.8.15
 *
 */

@@ -3405,26 +3405,29 @@ function startServer() {
        const hostUserAuthenticated = hostCfg.protected && hostCfg.authenticated;
        const roomExist = roomList.has(roomId);
        const roomCount = roomList.size;
+        const OIDCAllowRoomCreationForAuthUsers = OIDC.allow_rooms_creation_for_auth_users;

        const allowRoomAccess =
-            (!hostCfg.protected && !OIDC.enabled) || // No host protection and OIDC mode enabled (default)
-            (OIDCUserAuthenticated && roomExist) || // User authenticated via OIDC and room Exist
-            (hostUserAuthenticated && roomExist) || // User authenticated via Login and room Exist
-            ((OIDCUserAuthenticated || hostUserAuthenticated) && roomCount === 0) || // User authenticated joins the first room
-            roomExist; // User Or Guest join an existing Room
+            (!hostCfg.protected && !OIDC.enabled) || // Default open access
+            (OIDCUserAuthenticated && roomExist) || // OIDC auth & room exists
+            (hostUserAuthenticated && roomExist) || // Host login auth & room exists
+            ((OIDCUserAuthenticated || hostUserAuthenticated) && roomCount === 0) || // First room creation
+            (OIDCUserAuthenticated && OIDCAllowRoomCreationForAuthUsers) || // Allow room creation if authenticated via OIDC
+            roomExist; // Fallback: allow anyone if room exists

        log.debug(logMessage, {
-            OIDCUserAuthenticated: OIDCUserAuthenticated,
-            hostUserAuthenticated: hostUserAuthenticated,
-            roomExist: roomExist,
-            roomCount: roomCount,
+            OIDCUserAuthenticated,
+            hostUserAuthenticated,
+            roomExist,
+            roomCount,
            extraInfo: {
-                roomId: roomId,
+                roomId,
                OIDCUserEnabled: OIDC.enabled,
                hostProtected: hostCfg.protected,
                hostAuthenticated: hostCfg.authenticated,
+                OIDCAllowRoomCreationForAuthUsers,
            },
-            allowRoomAccess: allowRoomAccess,
+            allowRoomAccess,
        });

        return allowRoomAccess;
--- a/app/src/config.template.js
+++ b/app/src/config.template.js
@@ -293,10 +293,11 @@ module.exports = {
         * identity providers like Auth0, Okta, Keycloak, etc.
         *
         * Structure:
-         * - enabled            : Master switch for OIDC authentication
-         * - baseURLDynamic     : Whether to dynamically resolve base URL
-         * - peer_name          : Controls which user attributes to enforce/request
-         * - config             : Core OIDC provider settings
+         * - enabled                                : Master switch for OIDC authentication
+         * - baseURLDynamic                         : Whether to dynamically resolve base URL
+         *   allow_rooms_creation_for_auth_users    : Allow all authenticated users via OIDC to create their own rooms
+         * - peer_name                              : Controls which user attributes to enforce/request
+         * - config                                 : Core OIDC provider settings
         *
         * Core Settings:
         * - issuerBaseURL      : Provider's discovery endpoint (e.g., https://your-tenant.auth0.com)
@@ -319,6 +320,10 @@ module.exports = {
            enabled: process.env.OIDC_ENABLED === 'true',
            baseURLDynamic: false, // Set true if your app has dynamic base URLs

+            // ==================================================================================================
+            allow_rooms_creation_for_auth_users: process.env.OIDC_ALLOW_ROOMS_CREATION_FOR_AUTH_USERS === 'true',
+            // ==================================================================================================
+
            // User identity requirements
            peer_name: {
                force: true, // Require identity provider authentication
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
    "name": "mirotalksfu",
-    "version": "1.8.14",
+    "version": "1.8.15",
    "description": "WebRTC SFU browser-based video calls",
    "main": "Server.js",
    "scripts": {
--- a/public/js/Brand.js
+++ b/public/js/Brand.js
@@ -64,7 +64,7 @@ let BRAND = {
    },
    about: {
        imageUrl: '../images/mirotalk-logo.gif',
-        title: '<strong>WebRTC SFU v1.8.14</strong>',
+        title: '<strong>WebRTC SFU v1.8.15</strong>',
        html: `
            <button 
                id="support-button" 
--- a/public/js/Room.js
+++ b/public/js/Room.js
@@ -11,7 +11,7 @@ if (location.href.substr(0, 5) !== 'https') location.href = 'https' + location.h
 * @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
 * @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
 * @author  Miroslav Pejic - miroslav.pejic.85@gmail.com
- * @version 1.8.14
+ * @version 1.8.15
 *
 */

@@ -5351,7 +5351,7 @@ function showAbout() {
        position: 'center',
        imageUrl: BRAND.about?.imageUrl && BRAND.about.imageUrl.trim() !== '' ? BRAND.about.imageUrl : image.about,
        customClass: { image: 'img-about' },
-        title: BRAND.about?.title && BRAND.about.title.trim() !== '' ? BRAND.about.title : 'WebRTC SFU v1.8.14',
+        title: BRAND.about?.title && BRAND.about.title.trim() !== '' ? BRAND.about.title : 'WebRTC SFU v1.8.15',
        html: `
            <br />
            <div id="about">
--- a/public/js/RoomClient.js
+++ b/public/js/RoomClient.js
@@ -9,7 +9,7 @@
 * @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
 * @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
 * @author  Miroslav Pejic - miroslav.pejic.85@gmail.com
- * @version 1.8.14
+ * @version 1.8.15
 *
 */

@@ -1128,7 +1128,7 @@ class RoomClient {
                lobby: {
                    roomIsLobby: this.RoomIsLobby,
                    roomLobbyAccepted: this.RoomLobbyAccepted,
-                }
+                },
            });

            if (this.RoomIsLocked && !this.RoomPasswordValid) {