So, you deprecated impersonation years ago, leaving as with must have feature missing, but now you’re allowing impersonation in Auth for GenAI? User Authentication for AI agents, with support for linking, impersonation, and delegation
(from “April 2025 in Auth0: Auth That Works for Humans and AI” blog post)
For support staff, what alternatives do we have to us apps as a clients user?
Hi @sebastian.rojas
Welcome to the Auth0 Community!
I understand the frustration the deprecation of the Impersonation legacy feature can bring, even though it created security concerns.
While we do not have any official workaround, our general recommendation matches the one mentioned in this following post, namely using a companion app that could function similarly to this:
-
configure a Help Desk Application that has the adminsOnly app metadata set to true and set the users to have an Admin role in their respective app_metadata, if they are " representatives " of Help Desk;
-
add the appropriate claims in the token for the API to allow access;
-
create an API Middleware that confirms if a user is a Help Desk Representative or just themselves;
While we do not have any specific way to achieving impersonation, the above flow should work while maintaining a high level of security.
Hope this helped!
Gerald
Thank you, Gerald. There is no so much detail about that alternative, can you elaborate more or suggest me something to look into?