# Impersonator ## Background Add the ability for an administrator to manage user resources. This requires the implementation of a mechanism for obtaining a user's token for the administrator. `id-server` will provide the following request for the admin scope. ### Request example ``` Path: /auth/impersonator Method: POST Body: { user_id: {type: string} } Headers: { authorization: Bearer 006fd5dea5de4e3cb7b6352e38d4e34c } ``` It requires an admin scope. On the request `id-server` will create a document with a token for the set user_id and reference to the admin account in the `active_session` collection ### Response ``` { token: {type: string}, user: { id: {type: string}, impersonator_id: {type: string}, name: {type: string}, email: {type: string}, roles: [{type:object}] is_admin: {type: bool} } } ``` |field|description| |---|---| |token|user token, which can pass to JEMA to manage user's resources| |user.id|user UUID| |user.impersonator_id|admin UUID, reference to the admin who has obtain user's token| If we pass `token` to the `/auth/me` request, it will return all user information and user's applications ## FAQ ### How to expire user's token obtained by admin When the admin logs out from the system, all related users tokens will be deleted.