Search code examples
openid-connectopenidoidc-client

Oidc Client sign in as different user

We are using oidc-client package for login using IdP. This is working fine. But now our requirement is to sign in to a different user, without interfering with an existing user.

At a high level, our workflow would be

  • Login to the application using UserA
  • UserA triggers rest calls. All rest calls which return sensitive data would need to be authorized by the power user(say, the Manager).
  • When UserA triggers a sensitive rest call, the application opens the login page in a separate tab for power user(Manager) authorization.
  • Manager signs in.

Now the problem is, when the manager signs in, it overrides the token of UserA. Is it possible to log in 2 simultaneous users using oidc-client?

Solution

  • In a nutshell, no, is not possible to have two logged in users on the same client. How will the REST calls what token to choose? the one from userA or userB, in the subsequent calls?