Any chance we could "become" a user by calling a login request via REST API with the master secret - without having to a specify a password? The request would then return the normal authtoken for that user.
This would be valuable for custom server-side logins (third-party authentication) and also the ability to login as a user for support purposes.
Hey Ryan, I will chat with Ivan about it and see if it's coming up in the roadmap and let you know.
over 4 years ago
Thanks Caroline. Hopefully this is something we could achieve via a /rpc or /user REST API request or possible via a Business Logic function - for example modules.backendContext.getAuthToken(username).
about 4 years ago
Hey Caroline - Any update on this?
With a little more thought on this topic, the token returned should not be new if one already exists. Otherwise it will logout users already logged in.
Another way of achieving this may be for Kinvey to return the existing (or a new authtoken if none already exists) when querying a specific user using the master key via `GET /user/:appKey/:id` ?