According to the docs, when creating a VideoRoom, we’re able to specify token or pin to disallow unwanted users from joining, or a secret to be able to destroy it.
A Token can also limit the set of plugins, which the user can interact with, however not the plugins’ request type.
Is it possible to allow only the admin to create a new VideoRooms, but allow all the users to join existing ones, or would such case require plugin’s or Janus’ code modification?
Check the admin_key property in the VideoRoom configuration: that allows you to only allow users with access to that key to create rooms. A common solution around that involves setting up a single external service with your own authentication: that way, you can create a basic application server that receives requests from users, and creates rooms on their behalf, e.g., using the Admin API. Since the application server would be the only one knowing the admin_key, you could control who can create rooms that way.
Right! I should have read the VideoRoom documentation more carefully.
Thanks again @lorenzo !