i'm using Cognito for user authentication on a site I'm working on for a client, and I need to add (if possible) a way for an admin (of the site) to login as a user. It's mainly used to see issues that the user is experiencing.
Do you know if there's a way to do that with Cognito, basically signing in as someone else if you have a specific code or belong to a specific group, or any other way?
Thanks
1 Answer
Not easily.
Effectively Cognito doesn't want you to be able to do this, as it opens no end of security issues within your application.
However, you can take control of the authorisation process by using Custom Authentication. By writing your own custom authentication, you can effectively allow user impersonation so long as the authenticating user can pass your authentication "tests".
I'd invite you to think hard about this method, however, as it does mean that you are now responsible for making sure no one else can use this backdoor.
3