Standard token exchange - Impersonation

Axel · April 22, 2026, 1:32pm

Hi there, I have a question about impersonation with token exchange.

Is it correct that this feature isn’t inside standard token exchange yet? Is this something that will happen somewhere in the future? How advisable would it be to for now just use token exchange (V1) to impersonate users?

I am looking towards creating an auto-login feature that doesn’t use Direct access granting. Any advice or help is welcome!

Greetings,

Axel

dasniko · April 22, 2026, 3:29pm

Token exchange V1 will be removed eventually, it’s now officially deprecated. I wouldn’t start building anything on top of it.
It’s currently not clear if there will be a new option for “direct naked impersonation” in the future. The “new” external-to-internal token exchange is now solved via JWT Authorization Grant and I’m not aware of anything what will be implemented in the future. I might be missing some information, but I wouldn’t rely on direct naked impersonation.

jonnewell · April 24, 2026, 3:53pm

You can do anything with a custom authenticator, including granting access based on IP as an example.

Topic		Replies	Views
Impersonation of external token	0	391	May 13, 2021
Trying to impersonate a user using the preview token exchange functionality Getting advice	0	519	July 1, 2021
Naked Impersonation Struggles Securing applications token-exchange	2	476	May 15, 2024
How to understand if a token has been released via token-exchange grant type Getting advice authentication , oidc	2	387	April 11, 2023
Impersonate right procedure	0	217	October 23, 2024

Standard token exchange - Impersonation

Related topics