Broadleaf Microservices
  • v1.0.0-latest-prod



The Auth Service supports impersonation capabilities that enable flows such as CSR "Shop as Guest" so that a particular admin user with the appropriate roles and permissions can help facilitate various commerce function "on behalf of" an existing Customer.

The following sequence diagram shows the details around an impersonation API flow

Impersonation API Flow Diagram

Allow CSRs to Log into Storefront as Sellers (since 1.8.6-GA)

Sometimes it is useful for CSRs to log into the storefront not as a guest or registered customer but as a Seller or admin in order to manage certain features such as quote requests. To enable this mode, pass impersonate_self=true to the impersonation endpoint along with the standard parameters. From that point, the rest of the flow is the essentially the same as the normal impersonation flow; however, the claims will include a new impersonating_self claim to indicate that this flow is engaged.

CSRs in this mode will not be considered anonymous or as being a customer but as acting on their behalves. This is useful for distinguishing when a CSR is performing an action such as publishing a quote that customer’s can’t perform but also allowing normal logged in user components to be visible on the storefront.