Securing Profiles Switching

Introduction:

This document describes the design approach for securing of switching of Managed User’s account

Background:

Jira Issue: https://project-sunbird.atlassian.net/browse/SH-95

Epic: https://project-sunbird.atlassian.net/browse/SH-67

Presently user can be switched to managed user’s profile and managed-user can consume application as a normal user.

Problem Statement:

Currently switch of user is not secured

Existing workflow:

User login in to his account and starts using application.
Parent’s token is used for managed-user actions.



Change request:

For managed Users’s an extra MUT should be send in API’s.

Below is current data stored in session