👨🔧User impersonation
Enable the admin of your application to login as a given user.
User impersonation should ideally be managed by the authentication server. For instance, if you are using Keycloak, you can navigate to the Admin Console, then go to: Users -> Action -> Impersonate. This allows you to access all applications within the realm as the impersonated user.
The workaround described in this documentation is intended for situations where:
The support team handling impersonation does not have access to the Keycloak Admin Console.
Hosting a custom admin app .
Imagine you have a custom admin app that allows your support team to impersonate users. With oidc-spa, you can include a special query parameter when redirecting a support team member from your admin app to your main app. This will automatically authenticates the support team member as the impersonated user.
By default, this feature is disabled. To enable it:
Crafting the URL for Impersonation
After using the Keycloak API to obtain an access token, ID token, and refresh token for a user session in exchange for your admin token, you can craft the redirection URL for impersonation as follows:
(For this example, we assume you're using a JavaScript backend, but you can easily adapt it to your environment.)
Last updated