Auth0 Home Blog Docs

Need Impersonation API enabled


#1

The docs tell me to contact support, is this how I contact them?


#3

Unfortunately this feature, Impersonation API, has since been deprecated and cannot be enabled. I went ahead and contacted the appropriate teams to update our documentation to reflect the correct information. I am terribly sorry that it provided inaccurate information! We will make sure to update this ASAP.


#6

Can you explain why this was deprecated and what the alternative would be?


#8

:wave: @abooth We’ve stopped supporting the impersonation feature for the foreseeable future due to a number of security concerns. Impersonation leaves your application vulnerable to CSRF attacks, since the flag allows the bypassing of the CSRF check from the state parameter if this parameter is missing from the authorization response. I will need to investigate if there is an alternative at this time.


#9

we have similar requirements for our system. Is there any alternative that can be considered?