From 45c04ca17965e330754355393e91b28d1b0f7d8e Mon Sep 17 00:00:00 2001
From: Janis <janis.taranda@gmail.com>
Date: Tue, 31 Mar 2026 16:22:21 +0300
Subject: [PATCH] feat: 418 Impersonation (#181)

* feat: 418 Impersonation

* fix: 418 added comment for subject field

* fix: 418 impersonated_by moved to token data, impersonate responses now return token data

* fix: 418 fixing request type for end impersonation

---------

Co-authored-by: Janis Taranda <janis.taranda@n-fuse.co>
---
 packages/protos/io/restorecommerce/auth.proto |  1 +
 packages/protos/io/restorecommerce/user.proto | 29 +++++++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/packages/protos/io/restorecommerce/auth.proto b/packages/protos/io/restorecommerce/auth.proto
index 29c914ead..f53c7c868 100644
--- a/packages/protos/io/restorecommerce/auth.proto
+++ b/packages/protos/io/restorecommerce/auth.proto
@@ -23,6 +23,7 @@ message Tokens {
   optional bool interactive = 6;
   optional google.protobuf.Timestamp last_login = 7;
   optional string client_id = 8;
+  optional string impersonated_by = 9; // ID of the impersonator
 }
 
 message HierarchicalScope {
diff --git a/packages/protos/io/restorecommerce/user.proto b/packages/protos/io/restorecommerce/user.proto
index 028d958e4..b47c13691 100644
--- a/packages/protos/io/restorecommerce/user.proto
+++ b/packages/protos/io/restorecommerce/user.proto
@@ -58,6 +58,8 @@ service UserService {
   rpc ResetTOTP (ResetTOTPRequest) returns (io.restorecommerce.status.OperationStatusObj);
   rpc MfaStatus (MfaStatusRequest) returns (MfaStatusResponse);
   rpc GetUnauthenticatedSubjectTokenForTenant(TenantRequest) returns (TenantResponse);
+  rpc Impersonate (ImpersonateRequest) returns (ImpersonateResponse);
+  rpc EndImpersonation (EndImpersonationRequest) returns (EndImpersonateResponse);
 }
 
 /**
@@ -70,6 +72,33 @@ message LoginRequest {
   optional string token = 3;
 }
 
+message ImpersonateRequest {
+  optional string identifier = 1; // Username to impersonate
+  optional io.restorecommerce.auth.Subject subject = 2; // Impersonator's subject
+}
+
+message AccessTokenData {
+  optional string access_token = 1;
+  optional google.protobuf.Timestamp expires_in = 2;
+  optional string token_type = 3;
+  optional string scope = 4;
+  optional string token_name = 5;
+}
+
+message ImpersonateResponse {
+  optional io.restorecommerce.status.Status status = 1;
+  optional AccessTokenData payload = 2;
+}
+
+message EndImpersonationRequest {
+  optional io.restorecommerce.auth.Subject subject = 1;
+}
+
+message EndImpersonateResponse {
+  optional io.restorecommerce.status.Status status = 1;
+  optional AccessTokenData payload = 2;
+}
+
 message LoginResponse {
   optional User payload = 1;
   optional io.restorecommerce.status.Status status = 2;