How does impersonation work with the new OIDC Conformant upgrade?

Using .net core I would get the impersonation details form the User

How do we get this info with the new claims, does it come through the additional claims?

One of the drawbacks of the existing impersonation implementation is that the token that your application eventually receives does not contain information about the impersonator by default. To identify the impersonator in your application, you will need to explicitly add a claim via a Rule, e.g.

    var namespace = '';
    context.idToken[namespace + 'impersonator'] = user.impersonator.user_id;
  callback(null, user, context);

You can then access the claim in your Controller action as follows:

var impersonator = User.Claims.FirstOrDefault(c => c.Type == "")?.Value,

In addition to adding a rule to return the impersonation details via claims and especially with new Clients and OIDC conformant changes the grant type will need to be added/updated to all the clients, in my case I had to add these (authorization_code specifically added for impoersonation, others for passwords):


This answer provides more info on how to “patch” a client and update the grant types: