MiroTalk P2P cannot join rooms if OIDC user is same as .env user

@robi said in MiroTalk P2P cannot join rooms if OIDC user is same as .env user:

API_KEY_SECRET=<redacted>
HOST_PROTECTED=true
HOST_USER_AUTH=false
HOST_USERS=<includes 'robi'>

Hi Rob,

Please try using the following settings in your env file:

API_KEY_SECRET=your-api-key-secret
OIDC_ENABLED=false
HOST_PROTECTED=true
HOST_USER_AUTH=false
HOST_USERS='[{"username": "robi", "password": "your-password"}]'

Make sure to add OIDC_ENABLED=false to explicitly disable OIDC, and update HOST_USERS to use the correct JSON format as shown above. Then restart the your MiroTalk P2P instance.

@robi said in MiroTalk P2P cannot join rooms if OIDC user is same as .env user:

My install is from before OIDC was available, hence my Cloudron user 'robi' was added to the .env file.

It's not entirely clear what you mean by ".env user." Just to clarify, MiroTalk P2P supports two ways to protect your instance from unauthorized access:

1. Using OIDC (OpenID Connect):

OIDC_ENABLED=true
OIDC_ALLOW_ROOMS_CREATION_FOR_AUTH_USERS=true

• This allows all users authenticated via your OIDC provider to access the instance.
• If OIDC_ALLOW_ROOMS_CREATION_FOR_AUTH_USERS is set to true, they can also create their own rooms.

2. Without OIDC (Local Auth):

HOST_PROTECTED=true
HOST_USER_AUTH=false
HOST_USERS='[{"username": "admin", "password": "admin"},{"username": "guest", "password": "guest"}]'

• In this mode, users defined in HOST_USERS are allowed to log in and join rooms.
• This is a simple JSON-based user/password list stored in your .env file.

So when you refer to a ".env user," I assume you mean a user defined in the HOST_USERS list.

For additional context please refer to this post as well:
https://forum.cloudron.io/post/108348

So if i understand well the issue you encountered was related to an older version of MiroTalk P2P?

---

In the latest release, I’m unable to reproduce the problem, everything seems works as expected with OIDC enabled.

Please update your MiroTalk P2P instance to the latest version, and let me know if the issue persists.

Thank you!

---

@robi said in MiroTalk P2P cannot join rooms if OIDC user is same as .env user:

Since I somehow ended up in this configuration, the workaround was to edit the username in the .env file so it's not the same.

Hi Robi, could you please provide the exact steps and configuration you used to reproduce the issue? Thank you!

Thank you so much @James — I really appreciate it! ️

Done in MiroTalk SFU v1.8.84

MiroTalk is built with love to power seamless, secure, and open communication for everyone. If you find it valuable, please consider supporting the project — your contribution helps us:

• Keep the platform free and open
• Develop powerful new features
• Enhance performance and reliability
• Deliver timely updates and support

You can support MiroTalk in two impactful ways:

Donate – Every contribution, big or small, truly makes a difference
Purchase a License – Build with confidence in your private or commercial projects — and help us keep improving MiroTalk for everyone.

Donate Now
Get a License

Let’s build the future of communication together. Thank you for being part of the MiroTalk journey! ️

@kmz010101 said in Host Users not defined in env:

And now it works with the new instance.

Good!

@imc67 said in Room link gets lost after OIDC login:

@mirotalk-57bab571 indeed 1.8.81 solved the issue!! Many many thanks for that!

Good! You're welcome.

Just one more thing: can you make the (button)texts on the WhoAreYou page configurable via .env just like the main page?

Sure, I like the idea, it will be available in the next release!

You’ll then be able to configure WhoAreYou as needed with the following options in the env:

# Who Are You
WHO_ARE_YOU_TITLE="Who are you?"                  # Title
WHO_ARE_YOU_DESCRIPTION="If you're the presenter, please log in now.<br />Otherwise, kindly wait for the presenter to join." # Description
WHO_ARE_YOU_BUTTON_LOGIN_LABEL="LOGIN"            # Login button label
WHO_ARE_YOU_JOIN_LABEL="JOIN ROOM"                # Join button label

@imc67 said in Room link gets lost after OIDC login:

Can this be solved?

OIDC support for WhoAreYou (waiting room) is now available in MiroTalk SFU v1.8.81!

Docker image build is in progress…

@james said in Room link gets lost after OIDC login:

Thanks for that!
Question, if we find issues or questions here regarding anything related to MiroTalk, is the forum mention OK for you or would you like a ticket on GitHub for better tracking?
And again, a huge thanks for your active participation in our forum.

You're very welcome!

Posting in the forum is absolutely OK — I follow discussions there as well and often reply, implement new features, or push fixes directly based on what’s shared. So feel free to continue using it for anything related to MiroTalk.

By the way, OIDC + WhoAreYou integration is a work in progress and will be part of the upcoming release (v 1.8.81) — stay tuned!

Thanks again for your great support and feedback

@imc67 said in Room link gets lost after OIDC login:

When you receive a direct link to a room, click that, get redirected via OIDC to login, then .... you are redirected to the main page and NOT the original room link.

Guests will be redirected to the OIDC login page until the presenter (authenticated user) joins the room. Please note that the waiting room feature is currently supported only in HOST_PROTECTION mode. For more details, @James check out this issue.

@kmz010101 said in Host Users not defined in env:

and in the logs i always get:

You need to Restart the instance to apply the changes made in the .env file.

Hi @avatar1024,

I've made some improvements to the Socket.IO handling in MiroTalk SFU v1.8.64.

If you experience any disconnections, please let me know. It would be helpful if you could provide a screenshot of what you see on the device when it happens, and let me know whether you're reconnected to the room immediately or what exactly occurs.

Thank you!

@avatar1024 said in reconnecting to the meeting randomly:

But there is something about MiroTalk that makes it particularly sensitive to it as does not happen with any other apps.

Work in progress...

@alpro said in Only one room available at a time:

thx a lot for the support! Adding the line below in the .env file resolved the issue.

OIDC_ALLOW_ROOMS_CREATION_FOR_AUTH_USERS=true // true or false (default true)

You're welcome.

---

For MiroTalk P2P to handle users without OIDC, use the following environment configuration:

OIDC_ENABLED=false
HOST_PROTECTED=true
HOST_USER_AUTH=false
HOST_USERS='[{"username": "admin", "password": "admin"}, {"username": "guest", "password": "guest"}]'

HOST_USERS

This environment variable differs in format from the one used in MiroTalk SFU. It defines a list of allowed users when OIDC (OpenID Connect) is disabled (OIDC_ENABLED=false) and static user authentication is needed.

It must be a JSON-formatted array of user objects, where each object contains a username and a password.

Example:

HOST_USERS='[{"username": "admin", "password": "admin"}, {"username": "guest", "password": "guest"}]'

Purpose:

The application will authenticate users using the credentials provided in this list. This enables a simple, built-in username/password authentication mechanism without requiring an external identity provider.

@alpro said in Only one room available at a time:

With only difference that I experience it with MiroTalk SFU 1.8.60.

Not sure how is handled there, but by default, OIDC_ENABLED is set to false in all MiroTalk projects.

When OIDC_ENABLED is set to true, any user authenticated via OIDC can create and share rooms. Previously, only one user had this ability, but now this behavior is enabled by default (when OIDC is active) and can be configured through the .env file.

OIDC_ALLOW_ROOMS_CREATION_FOR_AUTH_USERS=true  // true or false (default true)

So when you visit your MiroTalk SFU instance outside the cloudron panel, (e.g., https://cloudron.your-domain-name.com), the Cloudron OIDC authentication popup will appear. Simply enter the username and password you use for Cloudron login. Once authenticated, you—or your family members—will be able to access the instance, create rooms, and share them with guests.

---

Additionally, you can try another approach by updating your env file (via the Cloudron file manager) in MiroTalk SFU to enable HOST_PROTECTED mode and define a list of authorized users as follows:

OIDC_ENABLED=false
HOST_PROTECTED=true
HOST_USER_AUTH=false
HOST_USERS="username:password:User:*|admin:admin:Admin:room1,room2|guest:guest:Guest:room1,room1"

When HOST_PROTECTED or HOST_USER_AUTH enabled:

HOST_USERS – Define Authorized Host Users

The HOST_USERS environment variable is used to predefine a list of users who are allowed to log in as hosts in your application. Each user entry follows this format:

username:password:displayName:allowedRooms

Multiple users are separated by the pipe symbol |.

Format Breakdown:

• username: The login name of the user.
• password: The password used for authentication.
• displayName: The name that will be shown in the UI (e.g., in meetings).
• allowedRooms: A comma-separated list of room names this user is allowed to create or join as host. Use * to allow all rooms.

🧪 Example:

HOST_USERS="username:password:user:*|admin:admin:Admin:room1,room2|guest:guest:Guest:room1"

This defines 3 host users:

1. username with password password, display name user, can access any room (*).
2. admin with password admin, display name Admin, can access only room1 and room2.
3. guest with password guest, display name Guest, can access only room1.

---

For reference here.

@avatar1024 said in reconnecting to the meeting randomly:

At home we have one router and two repeaters. It seems like depending on a how the laptop connects to the broadband impacts how frequently I get disconnections (i.e. whether it connects to a repeater / to the main router / over wifi 5 / over wifi 6E). I also get frequent disconnections when behind a VPN or over 4g/5g.

For testing purposes, could you also try the official mediasoup demo available here: https://v3demo.mediasoup.org ?

If you experience the same behavior as in MiroTalk SFU, you can post your findings directly on the mediasoup support forum: https://mediasoup.discourse.group. You might discover something useful or get help from the community.

@avatar1024 said in Email as default username since update to new config set-up is NOT great :

For info the variables have changed again since today's update to 1.7.58. It is now:

Oops, my mistake — it's been fixed in v1.7.59.

OIDC_USERNAME_FORCE=false
OIDC_USERNAME_AS_EMAIL=false
OIDC_USERNAME_AS_NAME=true 

@james said in Email as default username since update to new config set-up is NOT great :

I assume what @mirotalk-57bab571 wrote https://forum.cloudron.io/post/107999 was simply a typo or first draft of that variable names.

Yes, you're absolutely right — the way you explained it is correct. I actually updated it in my last commit to make it more readable.

OIDC_USERNAME_FORCE=false
OIDC_USERNAME_AS_EMAIL=false
OIDC_USERNAME_AS_NAME=true

And here’s a quick explanation of each default setup:

OIDC_USERNAME_FORCE=true        # Forces the username to match the OIDC email or name. 
                                # If true, the user won't be able to change their name when joining a room.

OIDC_USERNAME_AS_EMAIL=true     # Uses the OIDC email as the username.
OIDC_USERNAME_AS_NAME=false     # Uses the OIDC name as the username.

These options give you full control over how usernames are assigned during OIDC authentication for the meeting.

Note

By default, the email is used as the username when OIDC is enabled. This helps maintain user identity and trust, and also ensures that the correct Gravatar is displayed in the room (especially if the camera is off).

In this default setup, the username cannot be edited by the user when joining a room.

However, since MiroTalk SFU is designed to be flexible, this behavior is fully configurable. You can choose whether to use the email, the name, or allow users to set their own name — depending on your needs...