Hi,

I need to implement a "login on behalf" feature.

Let's say 2 user profiles exist: Customer and Customer Care.
A Customer Care user would authenticate as any Customer user, in order to perform actions on behalf of this Customer user.

What seems the most logic to me is that the Customer Care user initiates a, OAuth 2.0 JWT Bearer Flow, by providing the Customer user's email in the JWT payload, which he certainly knows about.

According to you, which approach(es) would be suitable for this kind of use case?

Thank you