Get started
We are having lots of fun on Discord. Come and join us!
Star on GitHub 45.1K Get started
Back

Can an Admin (API Key) create a session for a user?

  • 0
  • Accounts
View on Discord
jordorama
14 Jul, 2023, 19:36

I have a trusted 3rd party that provides me an external ID that maps to my users. What I want to do is have that request create a client that is a specific user. The reason is so it still respects all the database rules instead of running the request with API keys. Is this possible?.

I can sign new JWTs but i'd rather have my appwrite signing key in one place (on my appwrite server)

TL;DR
User wants to know if an admin API key can create sessions for users. This feature is not currently supported, and there seems to be a request for it. User also wants to create a client as a specific user using an external ID, but still respecting database rules. User prefers to have appwrite signing key in one place.
Drake
14 Jul, 2023, 19:56

Server SDK can't create sessions at the moment. I'm pretty sure there's an issue somewhere requesting this type of impersonation feature

jordorama
14 Jul, 2023, 20:06

Do you know if thats a technical or a security issue?

Drake
14 Jul, 2023, 20:11

Technical.

Sort of security because that allows any developer/admin to impersonate a user

jordorama
14 Jul, 2023, 20:14

Makes sense. It would be cool to have the option exposed via an API key permission but Its kind of a weird case. Thanks 👍

rohan
27 Jul, 2023, 11:14

even i want to create sessions for my users

Reply

Reply to this thread by joining our Discord

Reply on Discord

Recommended threads

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more