Impersonation on API routes
AbrahamBrookes opened this issue · 3 comments
I have my take and leave impersonation routes set up using the built in helpers and protected by the web middleware, but my app uses API middleware and makes all it's calls through api middleware not web. When I go to access any API routes my session gets closed and I am logged out.
Is impersonation available on API middleware protected routes?
Narrowing this down. It looks like my axios is not sending out the XSRF-TOKEN cookie on any API routes once I am impersonating a user. When that same user is logged in, however, the same route does indeed get the XSRF-TOKEN cookie header.
I have just been tasked with looking into how this exact use case could work. @AbrahamBrookes do you have a work around or the beginnings of one, that you are will to share ideas on? maybe not here though we don't want to pollute this issue comments.
Hey I just ended up putting the impersonation route under my web middleware and causing a full redirect and app refresh. It's easier in the long run because I didn't have to handle the change of user really, just reload the app as that user.