[Openid-specs-ab] Identity impersonation?

[Vladimir Dzhuvinov / NimbusDS]

Hi guys,

We have a customer who asked whether OIDC supports impersonation, i.e.
the ability to login as somebody else and receive an id_token for the
impersonated user.

My understanding is that id_tokens should always be linked to a true
identity, and that impersonation should happen by means of an access
token only (here I assume that the OP is also an OAuth server). Am I
correct on this?

Thanks,

Vladimir

--
Vladimir Dzhuvinov