I want to achieve user impersonation using Azure AD for my application.
For authentication and authorization of the user, I use MSAL-Angular library, as my application is in Angular 7.
I am calling the Function Apps using the authorization token for the logged-in user. Is there a way, I can get the authorization token for a different user?
I tried, but could not find any proper documentation for the same.
If you're talking your API making impersonated calls to an API and you're writing it in .NET Core then take a look to Getting tokens on behalf of a user (Service to service calls). Also to this sample and method call.
For other languages take a look at Microsoft-supported client libraries.
The only requirement for your Angular application is to get an access token for your API first that can be used as assertion.
If you're talking about user impersonation from the Angular application (that is user impersonating another one) that's not supported out of the box, you would need to store the user credentials securily in your API with something like Key Vault so that you can request a new access token using ROPC.
Azure AD does not support user impersonation where you get a token for another user. It only allows you to get a token for the currently signed in user, or the app itself.
