Support the ongoing development of Laravel.io →
posted 3 years ago

I'm building API with Laravel. I have user and admin role there. User and admin can login normally as they are just users, but admin can login as another user a.k.a. can impersonate user. I'm using JWT for authentication.

Sometimes I need to check on backend side if admin impersonated the user. I can set claims in JWT, somekind of flag, to know if that is token of impersonated user.

But how do I get that information on backend? Do I create middleware and check JWT claims there and set some kind of global flag?

Last updated 2 years ago.
0

Hello,

I'd like to help, but need to know first – how the impersonation is implemented?

0

When admin wants to impersonate user X, I just generate JWT token for user X and that's it. I solved it by using Middleware + Singleton, so on each request I check JWT token and its claims and then I set value in SIngleton and then I use that Singleton to check for the value

If you have any other idea, that would be great

0

That should work. Assuming you are setting an impersonation flag as part of the payload in JWT (https://stackoverflow.com/questions/40435842/custom-payload-with-laravel-jwt), you can also utilize config() to store it in the configuration.

0

Sign in to participate in this thread!

Eventy

Your banner here too?

trbsi trbsi Joined 3 May 2017

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2025 Laravel.io - All rights reserved.