How to implement the impersonate feature from OAuth 2.0? #2240
Description
Hello team 👋 First of all, thanks for the work put in this library 🙏
In keycloak, there is a handy feature that allow you to impersonate another user using the OAuth 2.0 Token Exchange protocol.
it's implementation is straightforward:
- Having an access token, with the necessary rights, I can call
POST <keycloakBaseurl>/realms/<realm>/protocol/openid-connect/token. This was "documented" within this example: https://github.com/flyinfish/keycloak-examples/blob/main/impersonation/README.md#s1---impersonation-via-tokenexchange - The response of this call will contain a new
access_tokenand an optionalrefresh_token: https://datatracker.ietf.org/doc/html/rfc8693#name-successful-response
That's working fine on the API part, but I can't find any documentation on oidc-client-ts about how to "exchange" the local access_token.
My real life scenario is the following:
- I have a backoffice application that contains the list of all users
- I can impersonate a user by calling the post request that will respond with an
access_token - I want to be redirected to the web application with the
access_token(as query string?) so that it's automatically connected with the right user using oidc-client-ts and the givenaccess_token.
So is there a way to implement such things? Did I miss something in the doc?
Thanks in advance for your help 😄