Q: If we want to have “super users” or “support agents” who can temporarily sign-in as/impersonate a user, is that up to our app or can we use Realms and Orgs?
A: Check out the Create a Session API method. It creates a login token without requiring a password (just relies on your AuthRocket API key). You can use it to enable support agents to literally be logged in as another user.
The only usual concern is separating the admin session from the user session (so the support agent doesn’t have to log back in as themselves when done). This is easily done either by separate admin/user portals (perhaps with separate subdomains, which tends to solve the cookie/session issue) or separate sessions (perhaps using distinct admin and user session IDs within the session store).
Questions? Find a Typo? Get in touch.
Connecting Existing User Data
Limits on Simultaneous User Sessions
Returning a JWT with Updated User and Org Data
Using AuthRocket with a Static Website
Getting Memberships when Authenticating a User
Making User Login Easier and Faster
Super Users and Support Agents
Create a Session without User Intervention
What is Inside a Login Token?
User Management Permissions
Testing API Calls
Encoding Extended Information into a JWT