Stop impersonation call (#513)

aviadl · web-flow · commit 02022d7b96ac · 2025-05-09T15:05:57.000+03:00
related to descope/etc#9294 + tests
diff --git a/README.md b/README.md
@@ -1135,6 +1135,16 @@ const updatedJWTRes = await descopeClient.management.jwt.impersonate(
 );
 ```
 
+Once impersonation is done, you can call `stopImpersonation`, and get back a jwt of hte the actor
+
+```typescript
+const updatedJWTRes = await descopeClient.management.jwt.impersonate(
+  '<jwt string>',
+  { k1: 'v1' },
+  't1',
+);
+```
+
 Note 1: The generate code/link functions, work only for test users, will not work for regular users.
 Note 2: In case of testing sign-in / sign-up operations with test users, need to make sure to generate the code prior calling the sign-in / sign-up operations.
 
diff --git a/lib/management/jwt.test.ts b/lib/management/jwt.test.ts
@@ -92,6 +92,45 @@ describe('Management JWT', () => {
     });
   });
 
+  describe('stopImpersonation', () => {
+    it('should send the correct request and receive correct response', async () => {
+      const httpResponse = {
+        ok: true,
+        json: () => mockJWTResponse,
+        clone: () => ({
+          json: () => Promise.resolve(mockJWTResponse),
+        }),
+        status: 200,
+      };
+      mockHttpClient.post.mockResolvedValue(httpResponse);
+
+      const resp: SdkResponse<UpdateJWTResponse> = await management.jwt.stopImpersonation(
+        'jwt',
+        { k1: 'v1' },
+        't1',
+        32,
+      );
+
+      expect(mockHttpClient.post).toHaveBeenCalledWith(
+        apiPaths.jwt.stopImpersonation,
+        {
+          jwt: 'jwt',
+          customClaims: { k1: 'v1' },
+          selectedTenant: 't1',
+          refreshDuration: 32,
+        },
+        { token: 'key' },
+      );
+
+      expect(resp).toEqual({
+        code: 200,
+        data: mockJWTResponse,
+        ok: true,
+        response: httpResponse,
+      });
+    });
+  });
+
   describe('sign-in', () => {
     it('should send the correct request and receive correct response', async () => {
       const httpResponse = {
diff --git a/lib/management/jwt.ts b/lib/management/jwt.ts
@@ -33,6 +33,19 @@ const withJWT = (sdk: CoreSdk, managementKey?: string) => ({
         { token: managementKey },
       ),
     ),
+  stopImpersonation: (
+    jwt: string,
+    customClaims?: Record<string, any>,
+    selectedTenant?: string,
+    refreshDuration?: number,
+  ): Promise<SdkResponse<UpdateJWTResponse>> =>
+    transformResponse(
+      sdk.httpClient.post(
+        apiPaths.jwt.stopImpersonation,
+        { jwt, customClaims, selectedTenant, refreshDuration },
+        { token: managementKey },
+      ),
+    ),
   signIn: (loginId: string, loginOptions?: MgmtLoginOptions): Promise<SdkResponse<JWTResponse>> =>
     transformResponse(
       sdk.httpClient.post(
diff --git a/lib/management/paths.ts b/lib/management/paths.ts
@@ -95,6 +95,7 @@ export default {
   jwt: {
     update: '/v1/mgmt/jwt/update',
     impersonate: '/v1/mgmt/impersonate',
+    stopImpersonation: '/v1/mgmt/stop/impersonation',
     signIn: '/v1/mgmt/auth/signin',
     signUp: '/v1/mgmt/auth/signup',
     signUpOrIn: '/v1/mgmt/auth/signup-in',
