I would like to create an admin function in our app that will allow me to login as a user on the system. Like many admin systems I would like to be able to view a users dashboard as them and as a function that will allow me to “view as user” or “login as user” link from our apps admin dashboard.
Does anyone have any idea how this could be accomplished? My idea is to briefly change the password for the user then somehow login as the user using the updated password credential then immediately after logging in switch the password back to the old one if this is even possible since its hashed. Hopefully I can just copy the hashed password then change it back.
Any ideas how this login as user function could be created?
1 Like
Hey Tony, Wondering if you ever figured anything out here. Would be so useful log in as a user. From the builder, you can see everything except the password. And that view from the builder where they show a few users is not very helpful.
Hi Tony,
Maybe I don’t quite understand what you need exactly, but it sure sounds like something I do all the time, in a very simple way.
I open the App in two different browsers: Edge and Chrome for instance. Since they don’t communicate, it’s possible to log-in with different accounts simultaneously. Admin and User typically.
You can even go with the Incognito/Private modes to achieve up to 4 different logins at the same time. I use this a lot for testing crazy stuff.
Hope this helps. If not, maybe try to give a bit more details, I’ll see if I can come up with something.
Cheers,
Normand D.
Check out the powerful Knack Toolkit Library
I apologize for the delay in my response. To clarify, I am not looking to log into my own accounts using incognito sessions. I am trying to find a way to temporarily log in as another user on a system that I have built, in order to view the pages and troubleshoot any potential issues. Since I don’t know the user’s password, I was considering a method where I could temporarily replace it with a known password, and then switch it back to the original. However, this would require direct access to the password field, which I am not sure if we have. One possible solution could be to programmatically copy the user’s password hash to another field, then use my own known password hash to automatically log in as that user. Once I am finished, the system could then switch the password back to the user’s original. The feasibility of this approach would depend on whether we have direct read-write access to the password field in a user’s account.
After conducting further research today, it appears that using the remote login system might be a viable solution. This can be achieved by obtaining a user token and then redirecting the user to the desired login area. Once there, the token can be used to assume the user’s identity.
More information can be found here: Remote User Logins
However, this method requires both the username and password. A potential workaround might involve retrieving the user token using only the email address and, if possible, the API key (from a secure location to avoid exposing sensitive information). After obtaining the token, it could be used to swap sessions and allow the user to log in as the intended individual. It is unclear whether it is possible to acquire a user’s token from the system without their password and then log in as that user. If anyone has knowledge on this subject, please share your insights. This approach seems to be the most promising, provided the token can be retrieved for the user.