From 30bafb5d901217524fcb495cc9c6d633a278bef8 Mon Sep 17 00:00:00 2001
From: Janis Taranda <janis.taranda@n-fuse.co>
Date: Tue, 24 Mar 2026 11:36:07 +0200
Subject: [PATCH 1/4] feat: 418 Impersonation

---
 packages/protos/io/restorecommerce/user.proto | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/packages/protos/io/restorecommerce/user.proto b/packages/protos/io/restorecommerce/user.proto
index 028d958e4..5e65af1e8 100644
--- a/packages/protos/io/restorecommerce/user.proto
+++ b/packages/protos/io/restorecommerce/user.proto
@@ -58,6 +58,8 @@ service UserService {
   rpc ResetTOTP (ResetTOTPRequest) returns (io.restorecommerce.status.OperationStatusObj);
   rpc MfaStatus (MfaStatusRequest) returns (MfaStatusResponse);
   rpc GetUnauthenticatedSubjectTokenForTenant(TenantRequest) returns (TenantResponse);
+  rpc Impersonate (ImpersonateRequest) returns (LoginResponse);
+  rpc EndImpersonation (EndImpersonationRequest) returns (LoginResponse);
 }
 
 /**
@@ -70,6 +72,15 @@ message LoginRequest {
   optional string token = 3;
 }
 
+message ImpersonateRequest {
+  optional string identifier = 1; // Username
+  optional io.restorecommerce.auth.Subject subject = 2;
+}
+
+message EndImpersonationRequest {
+  optional io.restorecommerce.auth.Subject subject = 1;
+}
+
 message LoginResponse {
   optional User payload = 1;
   optional io.restorecommerce.status.Status status = 2;
@@ -380,6 +391,7 @@ message User {
   repeated string totp_session_tokens = 29; /// TOTP Login session tokens
   repeated string password_hash_history = 30; // List of historical password hashes
   repeated string totp_recovery_codes = 31; // List of TOTP recovery codes
+  optional string impoersonated_by = 32; // ID of the impersonator
 }
 
 /**

From 188f75ec9125784f00ce4fbc76ff4f8825f33c72 Mon Sep 17 00:00:00 2001
From: Janis Taranda <janis.taranda@n-fuse.co>
Date: Wed, 25 Mar 2026 15:58:06 +0200
Subject: [PATCH 2/4] fix: 418 added comment for subject field

---
 packages/protos/io/restorecommerce/user.proto | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/protos/io/restorecommerce/user.proto b/packages/protos/io/restorecommerce/user.proto
index 5e65af1e8..aa1d914aa 100644
--- a/packages/protos/io/restorecommerce/user.proto
+++ b/packages/protos/io/restorecommerce/user.proto
@@ -73,8 +73,8 @@ message LoginRequest {
 }
 
 message ImpersonateRequest {
-  optional string identifier = 1; // Username
-  optional io.restorecommerce.auth.Subject subject = 2;
+  optional string identifier = 1; // Username to impersonate
+  optional io.restorecommerce.auth.Subject subject = 2; // Impersonator's subject
 }
 
 message EndImpersonationRequest {

From 1fa3eb779779824a447acb1b8a8da61b28152e7a Mon Sep 17 00:00:00 2001
From: Janis Taranda <janis.taranda@n-fuse.co>
Date: Mon, 30 Mar 2026 17:36:24 +0300
Subject: [PATCH 3/4] fix: 418 impersonated_by moved to token data, impersonate
 responses now return token data

---
 packages/protos/io/restorecommerce/auth.proto |  1 +
 packages/protos/io/restorecommerce/user.proto | 24 ++++++++++++++++---
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/packages/protos/io/restorecommerce/auth.proto b/packages/protos/io/restorecommerce/auth.proto
index 29c914ead..f53c7c868 100644
--- a/packages/protos/io/restorecommerce/auth.proto
+++ b/packages/protos/io/restorecommerce/auth.proto
@@ -23,6 +23,7 @@ message Tokens {
   optional bool interactive = 6;
   optional google.protobuf.Timestamp last_login = 7;
   optional string client_id = 8;
+  optional string impersonated_by = 9; // ID of the impersonator
 }
 
 message HierarchicalScope {
diff --git a/packages/protos/io/restorecommerce/user.proto b/packages/protos/io/restorecommerce/user.proto
index aa1d914aa..10d7f07df 100644
--- a/packages/protos/io/restorecommerce/user.proto
+++ b/packages/protos/io/restorecommerce/user.proto
@@ -58,8 +58,8 @@ service UserService {
   rpc ResetTOTP (ResetTOTPRequest) returns (io.restorecommerce.status.OperationStatusObj);
   rpc MfaStatus (MfaStatusRequest) returns (MfaStatusResponse);
   rpc GetUnauthenticatedSubjectTokenForTenant(TenantRequest) returns (TenantResponse);
-  rpc Impersonate (ImpersonateRequest) returns (LoginResponse);
-  rpc EndImpersonation (EndImpersonationRequest) returns (LoginResponse);
+  rpc Impersonate (ImpersonateRequest) returns (ImpersonateResponse);
+  rpc EndImpersonation (EndImpersonationRequest) returns (EndImpersonateResponse);
 }
 
 /**
@@ -77,8 +77,27 @@ message ImpersonateRequest {
   optional io.restorecommerce.auth.Subject subject = 2; // Impersonator's subject
 }
 
+message AccessTokenData {
+  optional string access_token = 1;
+  optional google.protobuf.Timestamp expires_in = 2;
+  optional string token_type = 3;
+  optional string scope = 4;
+  optional string token_name = 5;
+}
+
+message ImpersonateResponse {
+  optional io.restorecommerce.status.Status status = 1;
+  optional AccessTokenData payload = 2;
+}
+
 message EndImpersonationRequest {
   optional io.restorecommerce.auth.Subject subject = 1;
+  optional AccessTokenData payload = 2;
+}
+
+message EndImpersonateResponse {
+  optional io.restorecommerce.status.Status status = 1;
+  optional AccessTokenData payload = 2;
 }
 
 message LoginResponse {
@@ -391,7 +410,6 @@ message User {
   repeated string totp_session_tokens = 29; /// TOTP Login session tokens
   repeated string password_hash_history = 30; // List of historical password hashes
   repeated string totp_recovery_codes = 31; // List of TOTP recovery codes
-  optional string impoersonated_by = 32; // ID of the impersonator
 }
 
 /**

From 01c3721efa296e243175277dfbd344f840cb7baa Mon Sep 17 00:00:00 2001
From: Janis Taranda <janis.taranda@n-fuse.co>
Date: Tue, 31 Mar 2026 10:57:23 +0300
Subject: [PATCH 4/4] fix: 418 fixing request type for end impersonation

---
 packages/protos/io/restorecommerce/user.proto | 1 -
 1 file changed, 1 deletion(-)

diff --git a/packages/protos/io/restorecommerce/user.proto b/packages/protos/io/restorecommerce/user.proto
index 10d7f07df..b47c13691 100644
--- a/packages/protos/io/restorecommerce/user.proto
+++ b/packages/protos/io/restorecommerce/user.proto
@@ -92,7 +92,6 @@ message ImpersonateResponse {
 
 message EndImpersonationRequest {
   optional io.restorecommerce.auth.Subject subject = 1;
-  optional AccessTokenData payload = 2;
 }
 
 message EndImpersonateResponse {