404labfr / laravel-impersonate

Laravel Impersonate is a plugin that allows you to authenticate as your users.
https://marceau.casals.fr
2.03k stars 209 forks source link

Impersonation on API routes #143

Open AbrahamBrookes opened 3 years ago

AbrahamBrookes commented 3 years ago

I have my take and leave impersonation routes set up using the built in helpers and protected by the web middleware, but my app uses API middleware and makes all it's calls through api middleware not web. When I go to access any API routes my session gets closed and I am logged out.

Is impersonation available on API middleware protected routes?

AbrahamBrookes commented 3 years ago

Narrowing this down. It looks like my axios is not sending out the XSRF-TOKEN cookie on any API routes once I am impersonating a user. When that same user is logged in, however, the same route does indeed get the XSRF-TOKEN cookie header.

bronz3beard commented 3 years ago

I have just been tasked with looking into how this exact use case could work. @AbrahamBrookes do you have a work around or the beginnings of one, that you are will to share ideas on? maybe not here though we don't want to pollute this issue comments.

AbrahamBrookes commented 3 years ago

Hey I just ended up putting the impersonation route under my web middleware and causing a full redirect and app refresh. It's easier in the long run because I didn't have to handle the change of user really, just reload the app as that user.