3

This plugin works fine https://github.com/404labfr/laravel-impersonate but I am developing a web application that performs a RESTful API. APIs typically use tokens to authenticate users and do not maintain session state between requests.

And larave-impersonation plugin https://github.com/404labfr/laravel-impersonate is session based, which can be done in routes/controllers that belongs to the web middleware group. It’s because API routes are stateless, they are using API tokens and not a session for authentication and authorization. So basically I cannot use this handy plugin :(

Is there a way to perform user impersonation using API tokens?

User impersonation feature has an ability to impersonate other users. As an admin you can view all screens as if you are logged in as another user. This allows you to easily spot a problem that your user might be reporting.

J.I.S
  • 41
  • 4

1 Answers1

1

Why not just manually generate the token for the selected user and actually make requests as them? Set up a separate client (assuming you're using oAuth/Passport) and use that client as your "impersonator". You could set a database flag to say the requests were impersonated if you were auditing requests.

Joe
  • 4,618
  • 3
  • 28
  • 35
  • Thank you so much for your response. I really appreciate it. :) Unfortunately, i'm still confused on how to apply it. I should read more about oAuth. But can I humbly ask for just a block of code or just a reference link on how to actually do it? – J.I.S Nov 28 '18 at 09:55
  • @J.I.S this is a super late response but what I did was I created a middleware based on Joe's answer that modifies the Authorization token header based on the impersonated user. Hope it helps someone with this approach. – Jay Bryan Cañas Nov 11 '20 at 13:06