Hello everyone,
As of now, Keycloak supports impersonation by an admin user at the front end application
level. However, if someone is using JWT token based API security, there is no existing way
to get a user's JWT token "on behalf" of the user by admin u.
I understand and agree with Stian Thorgersen that this is not just adding the return of a
JWT token to the current impersonation endpoint. But I believe if keycloak supports
impersonation; we should support that for API security as well and not just front-end
applications.
If we decide to incorporate it; one implementation approach can be to introduce an
impersonation grant type which would perform client and admin user authentication before
granting a token on behalf of the user it is requested for. Please let me know if this
sounds completely absurd to you guys.
Thoughts?
Thanks,
Ritesh Garg