Add option to impersonate on management sdk (#337)

+ test related to descope/etc#5584
descope · Feb 21, 2024 · 105ff64 · 105ff64
1 parent 66ab95d
commit 105ff64
Show file tree

Hide file tree

Showing 4 changed files with 66 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -70,11 +70,12 @@ Then, you can use that to work with the following functions:
 7. [Query SSO Groups](#query-sso-groups)
 8. [Manage Flows](#manage-flows)
 9. [Manage JWTs](#manage-jwts)
-10. [Embedded Links](#embedded-links)
-11. [Search Audit](#search-audit)
-12. [Manage Authz](#manage-authz)
-13. [Manage Project](#manage-project)
-14. [Manage SSO applications](#manage-sso-applications)
+10. [Impersonate](#impersonate)
+11. [Embedded Links](#embedded-links)
+12. [Search Audit](#search-audit)
+13. [Manage Authz](#manage-authz)
+14. [Manage Project](#manage-project)
+15. [Manage SSO applications](#manage-sso-applications)
 
 If you wish to run any of our code samples and play with them, check out our [Code Examples](#code-examples) section.
 
@@ -1011,6 +1012,20 @@ const updatedJWTRes = await descopeClient.management.jwt.update('original-jwt',
 });
 ```
 
+### Impersonate
+
+You can impersonate to another user
+The impersonator user must have the `impersonation` permission in order for this request to work.
+The response would be a refresh JWT of the impersonated user
+
+```typescript
+const updatedJWTRes = await descopeClient.management.jwt.impersonate(
+  'impersonator-id',
+  'login-id',
+  true,
+);
+```
+
 Note 1: The generate code/link functions, work only for test users, will not work for regular users.
 Note 2: In case of testing sign-in / sign-up operations with test users, need to make sure to generate the code prior calling the sign-in / sign-up operations.
 

diff --git a/lib/management/jwt.test.ts b/lib/management/jwt.test.ts
@@ -46,4 +46,37 @@ describe('Management JWT', () => {
       });
     });
   });
+
+  describe('impersonate', () => {
+    it('should send the correct request and receive correct response', async () => {
+      const httpResponse = {
+        ok: true,
+        json: () => mockJWTResponse,
+        clone: () => ({
+          json: () => Promise.resolve(mockJWTResponse),
+        }),
+        status: 200,
+      };
+      mockHttpClient.post.mockResolvedValue(httpResponse);
+
+      const resp: SdkResponse<UpdateJWTResponse> = await management.jwt.impersonate(
+        'imp1',
+        'imp2',
+        true,
+      );
+
+      expect(mockHttpClient.post).toHaveBeenCalledWith(
+        apiPaths.jwt.impersonate,
+        { impersonatorId: 'imp1', loginId: 'imp2', validateConsent: true },
+        { token: 'key' },
+      );
+
+      expect(resp).toEqual({
+        code: 200,
+        data: mockJWTResponse,
+        ok: true,
+        response: httpResponse,
+      });
+    });
+  });
 });
diff --git a/lib/management/jwt.ts b/lib/management/jwt.ts
@@ -11,6 +11,18 @@ const withJWT = (sdk: CoreSdk, managementKey?: string) => ({
     transformResponse(
       sdk.httpClient.post(apiPaths.jwt.update, { jwt, customClaims }, { token: managementKey }),
     ),
+  impersonate: (
+    impersonatorId: string,
+    loginId: string,
+    validateConsent: boolean,
+  ): Promise<SdkResponse<UpdateJWTResponse>> =>
+    transformResponse(
+      sdk.httpClient.post(
+        apiPaths.jwt.impersonate,
+        { impersonatorId, loginId, validateConsent },
+        { token: managementKey },
+      ),
+    ),
 });
 
 export default withJWT;
diff --git a/lib/management/paths.ts b/lib/management/paths.ts
@@ -84,6 +84,7 @@ export default {
   },
   jwt: {
     update: '/v1/mgmt/jwt/update',
+    impersonate: '/v1/mgmt/impersonate',
   },
   password: {
     settings: '/v1/mgmt/password/settings',