Authenticate as a different user and be able to logout again

I’m building a administration panel for a callcenter, and they would like to be able to authenticate as a different Account (a Customer) to see what the user sees.

A little context
Currently a Customer authenticates and gets to the dashboard and a Callcenter supporter works from a backoffice, totally independent from the Dashboard.

I now that I can change the authenticated account by setting something like this (taken from the PersistedUsernamePasswordProvider class)

$authenticationToken->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);
$authenticationToken->setAccount($account);

So, does a solution include a new and separate AuthenticationProvider that is being executed when a special formed link is clicked and saves “who is authenticated as who” somewhere?

Any help is appreciated on this subject

Not sure, if this still works, but should be a good start: https://github.com/mneuhaus/Famelo.Impersonate

Great example, thanks @mneuhaus Is it considered safe to store such data in the session data?

@sorenmalling, what solution did you use in your project in the end?

Haven’t gotten around a solution yet. We still have some business logic to figure out. Since we can’t act on behalf of our customers in the system, I need to be able to know if it’s a simulated session or not, in order to disable functionality in the user interface and so on… And we have only had 2-3 cases where it was “nice to have” but we solved it via TeamViewer screen sharing instead

Thanks. I just estimated this feature for a customer project and during research I found your post. If the customer places the order for the feature I will post my chosen solution here.

Right now I think I will do it like @mneuhaus showed in his package.

@drillsgt Did you eventually integrate this feature to your website?

@lorenzulrich No, did not get the order of the customer, it is still in the backlog of the project but not planned in the near future.