I'm building API with Laravel. I have user and admin role there. User and admin can login normally as they are just users, but admin can login as another user a.k.a. can impersonate user. I'm using JWT for authentication.
Sometimes I need to check on backend side if admin impersonated the user. I can set claims in JWT, somekind of flag, to know if that is token of impersonated user.
But how do I get that information on backend? Do I create middleware and check JWT claims there and set some kind of global flag?
Hello,
I'd like to help, but need to know first – how the impersonation is implemented?
When admin wants to impersonate user X, I just generate JWT token for user X and that's it. I solved it by using Middleware + Singleton, so on each request I check JWT token and its claims and then I set value in SIngleton and then I use that Singleton to check for the value
If you have any other idea, that would be great
That should work. Assuming you are setting an impersonation flag as part of the payload in JWT (https://stackoverflow.com/questions/40435842/custom-payload-with-laravel-jwt), you can also utilize config() to store it in the configuration.
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast