[Openid-specs-ab] Identity impersonation?
Vladimir Dzhuvinov / NimbusDS
vladimir at nimbusds.com
Mon Nov 24 15:22:48 UTC 2014
We have a customer who asked whether OIDC supports impersonation, i.e.
the ability to login as somebody else and receive an id_token for the
My understanding is that id_tokens should always be linked to a true
identity, and that impersonation should happen by means of an access
token only (here I assume that the OP is also an OAuth server). Am I
correct on this?
More information about the Openid-specs-ab