Authenticate as a different user and be able to logout again


(Soren Malling) #1

I’m building a administration panel for a callcenter, and they would like to be able to authenticate as a different Account (a Customer) to see what the user sees.

A little context
Currently a Customer authenticates and gets to the dashboard and a Callcenter supporter works from a backoffice, totally independent from the Dashboard.

I now that I can change the authenticated account by setting something like this (taken from the PersistedUsernamePasswordProvider class)

$authenticationToken->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);
$authenticationToken->setAccount($account);

So, does a solution include a new and separate AuthenticationProvider that is being executed when a special formed link is clicked and saves “who is authenticated as who” somewhere?

Any help is appreciated on this subject :slight_smile:


(Marc Neuhaus) #2

Not sure, if this still works, but should be a good start: https://github.com/mneuhaus/Famelo.Impersonate :slightly_smiling_face:


(Soren Malling) #3

Great example, thanks @mneuhaus :slight_smile: Is it considered safe to store such data in the session data?


(Peter Rauber) #4

@sorenmalling, what solution did you use in your project in the end?


(Soren Malling) #5

Haven’t gotten around a solution yet. We still have some business logic to figure out. Since we can’t act on behalf of our customers in the system, I need to be able to know if it’s a simulated session or not, in order to disable functionality in the user interface and so on… And we have only had 2-3 cases where it was “nice to have” but we solved it via TeamViewer screen sharing instead


(Peter Rauber) #6

Thanks. I just estimated this feature for a customer project and during research I found your post. If the customer places the order for the feature I will post my chosen solution here.

Right now I think I will do it like @mneuhaus showed in his package.