[Openid-specs-ab] Identity impersonation?

Vladimir Dzhuvinov / NimbusDS vladimir at nimbusds.com
Mon Nov 24 15:22:48 UTC 2014


Hi guys,

We have a customer who asked whether OIDC supports impersonation, i.e.
the ability to login as somebody else and receive an id_token for the
impersonated user.

My understanding is that id_tokens should always be linked to a true
identity, and that impersonation should happen by means of an access
token only (here I assume that the OP is also an OAuth server). Am I
correct on this?

Thanks,

Vladimir

--
Vladimir Dzhuvinov


More information about the Openid-specs-ab mailing list