diff --git a/cf.conf b/cf.conf
index 28d0f7a8c15711308fa319c55b053398f87d5b9a..fc8e875e7e87e35130644a0f8d37807d5df95122 100644
--- a/cf.conf
+++ b/cf.conf
@@ -1,5 +1,8 @@
 {
-  secrets    => ['04283d549647774b17d10e1d75bcf16c2969673d'],
-  oauth_url  => 'https://auth.pirati.cz/auth/realms/pirati',
-  groups_url => 'https://iapi.pirati.cz/v1/groups',
+  secrets              => ['14283d549647774b17d10e1d75bcf16c2969673d'],
+  oauth_url            => 'https://auth.pirati.cz/auth/realms/pirati',
+  groups_url           => 'https://iapi.pirati.cz/v1/groups',
+  piratar_base_url     => 'https://a.pirati.cz/piratar/200/',
+  jitsi_token_secret   => 'UtfkxQEpudmCh2MKLXrRmHAXoQwg5twF',
+  jitsi_token_lifetime => 300,
 }
diff --git a/lib/CF/Helpers/Auth.pm b/lib/CF/Helpers/Auth.pm
index fe004ae28cd7180e9871b0548c8a98af9ae08a28..ba74f16ec84b8b45e0d13885ee400ac9d5448298 100644
--- a/lib/CF/Helpers/Auth.pm
+++ b/lib/CF/Helpers/Auth.pm
@@ -101,6 +101,31 @@ sub register ( $class, $self, $conf) {
         return $c->stash->{user_roles};
     });
 
+    $self->helper( jitsi_token => sub ( $c, $room='*' ) {
+        my $claims = $c->oauth_claims // return undef;
+
+        my $jwt = Mojo::JWT->new(
+            secret => $c->cfg->{jitsi_token_secret},
+            claims => {
+                aud  => 'jitsi',
+                iss  => 'cf-online',
+                sub  => 'meet.jitsi',
+                room => $room,
+                exp  => time + $c->cfg->{jitsi_token_lifetime},
+                context => {
+                    user   => {
+                        avatar => join ('',
+                            $c->cfg->{piratar_base_url},
+                            $claims->{preferred_username},
+                            '.jpg',
+                        ),
+                        name   => $claims->{name},
+                        email  => $claims->{mail},
+                    }
+                },
+            }
+        )->encode;
+    });
 }
 
 1;