Impersonate user not sending impersonated authentication cookie for some calls
ID: 790185
Backlog
Published on 4/13/2023
•
Last update on 4/13/2023
Summary
When you are in telemarketing access and try to impersonate access of a user that has an access to a trade policy with restrictions, some graphql layers are not sending the impersonated user cookie, causing a forbidden access response from APIs
Simulation
- Create an admin user with call center access
- Create a TP with a restriction
- Create a user into the account and grant access to the closed TP condition through the master data
- Log into the account with the call center user-created at step 1
- Impersonate the user created at step 3
- Check any PDP
The expected behavior is not found on page, due to the authentication used is not allowed to access impersonated's user TP and we are not sending the impersonated session for some Graphql calls
Workaround
- Create a user in the store with the same email from the admin's access
- Grant access to the tp condition for the admin's email
With that, you will be able to access impersonated's user conditions