I really apologize for the super late reply on this. I didn’t realize I didn’t get back.
Anyway, the way I’d approach using Laravel Impersonate with NuxtJS would be on a limited capacity and even with this, you’d have to set a lot of state that would most likely be cleared on a closed tab. This is due to the balancing of the state held by NuxtJS auth and what Laravel handles.
I see in some apps you can kind of “log in as” a user but then switch back to your original account. To my best understanding I’d approach the problem like this:
1. Install Laravel Impersonate.
This will have the package available at your disposal and you can work with it as needed.
2. Add a flag to Vuex Store To Flag When Impersonating
Before even implementing this, I’d get your Vuex store set up. This way you have a flag you can dump to when you switch. This will be your front end implementation.
3. Add an API endpoint PROTECTED BY ADMIN MIDDLEWARE to switch users
Definitely ensure this is behind a secure middleware, but this endpoint would be called when you wish to impersonate another user. I’d assume you’d pass the user ID you wish to switch to. This should only be accessible from an admin.
4. Behind FRONTEND ADMIN MIDDLEWARE display screen with link to impersonate
This is where all the action would happen. You’d have to make the call to the API endpoint to impersonate the user. From there, you’d use the appropriate Laravel Impersonate method, BUT ALSO combine the response with the Laravel Sanctum tokens. So when the response returns, the tokens for the impersonated user are returned as well.
Now on the front end, with NuxtJS, you’d then 1. Flag that you are impersonating a user. 2. Log out your current account, 3. Use the Nuxt Auth API methods to manually set the tokens: https://dev.auth.nuxtjs.org/api/tokens.
When you wish to switch back, since you have the Vuex flag, you could make another API call to reverse the authentication. Here’s where I would really have to think about it, but you’d have to ensure that the main user is an admin before allowing the switch BACK to that user. I’ve never used Laravel Impersonate before, but I’d assume you could check? I’d also recommend cancelling any redirects from the package if you can since that will mess up the SPA.
Let me know if that helps at all!