jwag956
commented
2 years ago A simple answer is - yes and no. You can't authenticate as the user w/o their password. However you certainly can create a new user with the same roles as the 'demo' user and show them features. If your app has built additional authorization features (such as groups, teams, permissions, etc) then you would need this new user to get all those capabilities. In general - I would shy away from actually impersonating a user - (i.e. such that all actions you perform would show up as actions they performed) - this is likely to cause confusion and privacy/security concerns. Instead - as mentioned above - figure out how to create a new demo user that has the same authorizations as the user/team in question.
I have a case where customers who are administrators need to log in as non-administrators to be able to demo features to their team. In a few words, I need an admin to be able to impersonate a non-admin user on the platform.
Is this something that can be accomplished with Flask Security?