Actor Tokens

Allow your users to sign in on behalf of other users
Actor tokens are JWT tokens generated from the Backend API and are linked to a specific user.
These tokens can be used to allow users to sign in on behalf of other users. These are particularly useful for features like user impersonation.
More specifically, an actor token has an actor who is the user who wants to sign in, and a target user who is the user whose account the actor user will have once they sign in.
Actor tokens bypass all factors during sign in, even any second factors that the target user might have set up.
Given that actor tokens are particularly powerful, we have setup some limitations to make sure we limit any accidents as much as possible.
  • An actor token can only be used once
  • Creating a session with an actor token will terminate all other sessions on the same browser
  • Sessions created via an actor token have an inactivity timeout of 10 minutes, and a fixed duration that can be configured when creating the actor token (by default it's 30 minutes)
After a token is generated from the Backend API, it can be used in the sign in object via the ticket strategy, i.e. using ticket as strategy and passing the generated token in the ticket property.

Available requests

  • POST /v1/actor_tokens
  • POST /v1/actor_tokens/:id/revoke

Example actor token schema

"object": "actor_token",
"id": "act_26Ed5ZqqJcOjRwecRQij2ZovDdG",
"user_id": "user_26Ect5GuCCeaFWwSDiiKcgAGtVk",
"actor": {
"sub": "actor_id"
"token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJFeHBpcmVzSW5TZWNvbmRzIjo1LCJleHAiOjE2NDY5OTI1MDEsImlpZCI6Imluc18yNkVja3R0TnJDamE3YTZQT0xINTVDQVBpZmQiLCJzaWQiOiJzaXRfMjZFZDVacXFKY09qUndlY1JRaWoyWm92RGRHIiwic3QiOiJzaWduX2luX3Rva2VuIn0.j6Gwl6g2QcAJ9AjRvG1k7aUrnMCyPU49hYgTlmDG9gD_8Yd7sxUepyDdCHRaDaABlWg-G3tUs09HRfdrAXM-4e6NwcEy_ak1LWkE3G6WVhPnlomwH7n7BsIbmoybf91Eel0XRlb33XdUVaWNaA_CH8INkVLtXfZWTorNsAN2-Es_6G-Jtz4Zvw8hZBtXQDMSlyl27rxohMvfefv-ffG6Kd0XsvT9yYj2kik5KcONMWO6XEPtMZRoHzMabnmPQbLrUPBmbnU_1UVFpxL0LfuOXlxbV3LIvuejmhNZZtR0ZwcbrAnXruof4KjmCK_QOpqShI3dTlyYTV18amy2se5oxA",
"status": "pending",
"created_at": 1638000669544,
"updated_at": 1638000669544
Create actor token
Revoke actor token