login as

pages/api/auth/[...nextauth].ts

@@ -247,7 +247,10 @@ export const authOptions: NextAuthOptions = {
         session.user.role = token.role;
         session.user.name = token.name || token.email;
       }
-
+      if (user.impersonating) {
+        // Add flag to session if user is being impersonated
+        session.user.impersonating = true;
+      }
       // if (session?.user) {
       //   session.user.id = user.id; //duplicate
       // }

pages/api/auth/login-as.js

@@ -27,6 +27,8 @@ export default async function handler(req, res) {
                 impersonating: true, // flag to indicate impersonation
                 originalUser: session.user // save the original user for later
             };
+            // Log the event (simplified example)
+            console.log(`Admin ${session.user} impersonated user ${userToImpersonate.email} on ${new Date().toISOString()}`);
 
             // Here you would typically use some method to create a session server-side
             // For this example, we'll just send the impersonated session as a response