[Openid-specs-ab] Identity impersonation?
Michael.Jones at microsoft.com
Mon Nov 24 16:03:39 UTC 2014
There is no OpenID spec for impersonation at present. There is an OAuth spec https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-00 that describes an impersonation mechanism.
From: Openid-specs-ab [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Vladimir Dzhuvinov / NimbusDS
Sent: Monday, November 24, 2014 7:23 AM
To: openid-specs-ab at lists.openid.net
Subject: [Openid-specs-ab] Identity impersonation?
We have a customer who asked whether OIDC supports impersonation, i.e.
the ability to login as somebody else and receive an id_token for the impersonated user.
My understanding is that id_tokens should always be linked to a true identity, and that impersonation should happen by means of an access token only (here I assume that the OP is also an OAuth server). Am I correct on this?
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
More information about the Openid-specs-ab