Securing Profiles Switching
Introduction:
This document describes the design approach for securing of switching of Managed User’s account
Background:
Jira Issue: https://project-sunbird.atlassian.net/browse/SH-95
Epic: https://project-sunbird.atlassian.net/browse/SH-67
Presently user can be switched to managed user’s profile and managed-user can consume application as a normal user.
Problem Statement:
Currently switch of user is not secured
Existing workflow:
User login in to his account and starts using application.
Parent’s token is used for managed-user actions.
Change request:
For managed Users’s an extra MUT should be send in API’s.
Below is current data stored in session