diff --git a/conference.js b/conference.js
index 6df6db2a9..4777395f3 100644
--- a/conference.js
+++ b/conference.js
@@ -471,6 +471,8 @@ export default {
         this.roomName = options.roomName;
         JitsiMeetJS.setLogLevel(JitsiMeetJS.logLevels.TRACE);
 
+        this._initJWTTokenListener(options);
+
         // attaches global error handler, if there is already one, respect it
         if(JitsiMeetJS.getGlobalOnErrorHandler){
             var oldOnErrorHandler = window.onerror;
@@ -1518,5 +1520,67 @@ export default {
             // Update the view
             APP.UI.setLocalRaisedHandStatus(raisedHand);
         }
+    },
+    
+    /**
+     * When there is anonymous domain enabled together with JWT authentication
+     * binds window message listener, which will wait for JWT token to be
+     * received from the login service opened in a popup window.
+     * @param options config.js
+     * @private
+     */
+    _initJWTTokenListener(options) {
+        if (!options.tokenAuthUrl) {
+            return;
+        }
+        var self = this;
+        var listener = function (event) {
+            if (event.data && event.data.jwtToken) {
+                // FIXME implement origin verification ?
+                //if (event.origin !== window.location.origin) {
+                //    logger.warn("Ignoring JWT token from different origin: " +
+                //        event.origin);
+                //    return;
+                //}
+                config.token = event.data.jwtToken;
+                console.info("Received JWT token:", config.token);
+                var roomName = options.roomName;
+                openConnection({retry: false, roomName: roomName })
+                    .then(function (connection) {
+                        // Start new connection
+                        let newRoom = connection.initJitsiConference(
+                            roomName, self._getConferenceOptions());
+                        // Authenticate from the new connection to get
+                        // the session-ID from the focus, which wil then be used
+                        // to upgrade current connection's user role
+                        newRoom.room.moderator.authenticate().then(function () {
+                            connection.disconnect();
+                            // At this point we'll have session-ID stored in
+                            // the settings. It wil be used in the call below
+                            // to upgrade user's role
+                            room.room.moderator.authenticate()
+                                .then(function () {
+                                console.info("User role upgrade done !");
+                            }).catch(function (err, errCode) {
+                                console.error(
+                                    "Authentication failed: ", err, errCode);
+                            });
+                        }).catch(function (error, code) {
+                            connection.disconnect();
+                            console.error(
+                                'Authentication failed on the new connection',
+                                error, code);
+                        });
+                    }, function (err) {
+                        console.error("Failed to open new connection", err);
+                    });
+            }
+        };
+        // Register
+        if (window.addEventListener) {
+            window.addEventListener("message", listener, false);
+        } else {
+            window.attachEvent("onmessage", listener);
+        }
     }
 };
\ No newline at end of file
diff --git a/connection.js b/connection.js
index 5add17e48..699b59194 100644
--- a/connection.js
+++ b/connection.js
@@ -1,6 +1,7 @@
 /* global APP, JitsiMeetJS, config */
 //FIXME:
 import LoginDialog from './modules/UI/authentication/LoginDialog';
+import UIUtil from './modules/UI/util/UIUtil';
 
 const ConnectionEvents = JitsiMeetJS.events.connection;
 const ConnectionErrors = JitsiMeetJS.errors.connection;
@@ -50,13 +51,7 @@ function checkForAttachParametersAndConnect(id, password, connection) {
  * @returns {Promise<JitsiConnection>} connection if
  * everything is ok, else error.
  */
-function connect(id, password, roomName) {
-
-    let connectionConfig = Object.assign({}, config);
-
-    connectionConfig.bosh += '?room=' + roomName;
-    let connection
-        = new JitsiMeetJS.JitsiConnection(null, config.token, connectionConfig);
+function connect(id, password, roomName, connection) {
 
     return new Promise(function (resolve, reject) {
         connection.addEventListener(
@@ -147,7 +142,13 @@ export function openConnection({id, password, retry, roomName}) {
         password = passwordOverride;
     }
 
-    return connect(id, password, roomName).catch(function (err) {
+    let connectionConfig = Object.assign({}, config);
+
+    connectionConfig.bosh += '?room=' + roomName;
+    let connection
+        = new JitsiMeetJS.JitsiConnection(null, config.token, connectionConfig);
+
+    return connect(id, password, roomName, connection).catch(function (err) {
         if (!retry) {
             throw err;
         }
@@ -156,6 +157,10 @@ export function openConnection({id, password, retry, roomName}) {
             // do not retry if token is not valid
             if (config.token) {
                 throw err;
+            } else if (config.tokenAuthUrl) {
+                var tokenAuthUrl = connection.getTokenAuthUrl(roomName);
+                console.info("Will redirect to: " + tokenAuthUrl);
+                UIUtil.redirect(tokenAuthUrl);
             } else {
                 return requestAuth(roomName);
             }