Hello guys,
I have a question regarding user impersonation.
Since I saw that this functionality is deprecated from Auth0 side, I would like to ask you if you know what is the best way to achieve this?
I would like to be able to login from an admin account and see the customer view.
Any suggestions and guides will be welcome!
Regards
Hi @lyubomir.nikov
This is a complex question. Our recommendation is a “companion app” or a side-by-side app. This is a separate app or a mode in the existing app that lets your admin view the user info.
Impersonation is a security risk. When user info is viewed or modified, any log messages should clearly indicate WHO viewed or modified the info. If it is the user, that is straightforward. But if it is the admin, or a support person, that ALSO must be indicated. With plain impersonation, you don’t get the distinction that lets you know that someone else modified the data.
John
3 Likes