User impersonation is a popular Symfony security feature that allows you to log in in the application as another user without knowing their credentials. It's mostly useful to debug issues reported by your customers that you can't reproduce with your own user.
Symfony provides some Twig functions to ease working with user impersonation: impersonation_exit_path() and impersonation_exit_url(). These functions generate the relative and absolute URL that you need to browse to exit or stop the impersonation and return back to your own user.
In Symfony 6.4 we're adding new Twig functions related to impersonation.
They are called impersonation_path() and impersonation_url() and they
generate the relative/absolute URL needed to impersonate a user:
1 2 3 4 5
{# e.g. add this in the profile page of a user in the backend #}
<a href="{{ impersonation_path(customer.username) }}">Impersonate {{ customer.name }}</a>
{# e.g. add this in the emails sent by your customer support service #}
<a href="{{ impersonation_url(customer.username) }}">Impersonate {{ customer.name }}</a>Using these functions is more future-proof than generating the paths/URLs manually, because the query string parameter included in them is a "magic string" that is configurable in the application.
Something I think should be added into the Impersonation Utilities, would be an official (and included) way to add Auditing to "Impersonation", also a way to ask autorisation for impersonalize a user. It's now more and more a legal requirement.
Very handy! Thanks!