feat: 418 Impersonation (#181)

trsh · Janis Taranda · web-flow · commit 45c04ca17965 · 2026-03-31T15:22:21.000+02:00
* feat: 418 Impersonation

* fix: 418 added comment for subject field

* fix: 418 impersonated_by moved to token data, impersonate responses now return token data

* fix: 418 fixing request type for end impersonation

---------

Co-authored-by: Janis Taranda &lt;janis.taranda@n-fuse.co&gt;
diff --git a/packages/protos/io/restorecommerce/auth.proto b/packages/protos/io/restorecommerce/auth.proto
@@ -23,6 +23,7 @@ message Tokens {
   optional bool interactive = 6;
   optional google.protobuf.Timestamp last_login = 7;
   optional string client_id = 8;
+  optional string impersonated_by = 9; // ID of the impersonator
 }
 
 message HierarchicalScope {
diff --git a/packages/protos/io/restorecommerce/user.proto b/packages/protos/io/restorecommerce/user.proto
@@ -58,6 +58,8 @@ service UserService {
   rpc ResetTOTP (ResetTOTPRequest) returns (io.restorecommerce.status.OperationStatusObj);
   rpc MfaStatus (MfaStatusRequest) returns (MfaStatusResponse);
   rpc GetUnauthenticatedSubjectTokenForTenant(TenantRequest) returns (TenantResponse);
+  rpc Impersonate (ImpersonateRequest) returns (ImpersonateResponse);
+  rpc EndImpersonation (EndImpersonationRequest) returns (EndImpersonateResponse);
 }
 
 /**
@@ -70,6 +72,33 @@ message LoginRequest {
   optional string token = 3;
 }
 
+message ImpersonateRequest {
+  optional string identifier = 1; // Username to impersonate
+  optional io.restorecommerce.auth.Subject subject = 2; // Impersonator's subject
+}
+
+message AccessTokenData {
+  optional string access_token = 1;
+  optional google.protobuf.Timestamp expires_in = 2;
+  optional string token_type = 3;
+  optional string scope = 4;
+  optional string token_name = 5;
+}
+
+message ImpersonateResponse {
+  optional io.restorecommerce.status.Status status = 1;
+  optional AccessTokenData payload = 2;
+}
+
+message EndImpersonationRequest {
+  optional io.restorecommerce.auth.Subject subject = 1;
+}
+
+message EndImpersonateResponse {
+  optional io.restorecommerce.status.Status status = 1;
+  optional AccessTokenData payload = 2;
+}
+
 message LoginResponse {
   optional User payload = 1;
   optional io.restorecommerce.status.Status status = 2;

Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,7 @@ message Tokens {`
`23`	`23`	`optional bool interactive = 6;`
`24`	`24`	`optional google.protobuf.Timestamp last_login = 7;`
`25`	`25`	`optional string client_id = 8;`
	`26`	`+ optional string impersonated_by = 9; // ID of the impersonator`
`26`	`27`	`}`
`27`	`28`
`28`	`29`	`message HierarchicalScope {`