Sign up to save your podcasts
Or
Share 447: How to (not) implement impersonation
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
447: How to (not) implement impersonation
For developers, impersonation can be a powerful tool, but with great power comes great responsibility. In today’s episode, hosts Stephanie and Joël explore the complexities of implementing impersonation features in software development, giving you the ability to take over someone’s account and act as the user. They delve into the pros and cons of impersonation, from how it can help with debugging and customer support to its prime drawbacks regarding security and auditing issues. Discover why the need for impersonation is often a sign of poor admin tooling, alternative solutions to true impersonation, and the scenarios where impersonation might be the most pragmatic approach. You’ll also learn why they advocate for understanding the root problem and considering alternative solutions before implementing impersonation. Tune in today for a deep dive into impersonation and the best ways to use it (or not use it)!
Key Points From This Episode:
What’s new in Stephanie’s world: how Notion Calendar is helping her manage her schedule.
Joël’s quest to find a health plan: how he used a spreadsheet to compare his options.
A client request to build an impersonation feature, and why Joël has mixed feelings about it.
What an impersonation tool does: it allows you to take over someone’s account.
When it’s useful to use implementation as a feature, like for debugging and support.
Potential risks and responsibilities associated with impersonation.
Why the need for impersonation often indicates poor admin tooling.
Technical and security implications of impersonation.
Solutions for logging the audit trail when you’re doing impersonation.
Differentiating between the logged-in user and the user you’re rendering views for.
Building an app that isn’t as tightly coupled to the “current user.”
Suggested alternatives to true impersonation.
The value of cross-functional teams and collaborative problem-solving.
Links Mentioned in Today’s Episode:
Mailtrap
Notion Calendar
'Implementing Impersonation'
Sustainable Web Development with Ruby on Rails
The Bike Shed
Joël Quenneville on LinkedIn
Joël Quenneville on X
Support The Bike Shed
WorkOS
Support The Bike Shed
View all episodes
By thoughtbot
4.9
121121 ratings
For developers, impersonation can be a powerful tool, but with great power comes great responsibility. In today’s episode, hosts Stephanie and Joël explore the complexities of implementing impersonation features in software development, giving you the ability to take over someone’s account and act as the user. They delve into the pros and cons of impersonation, from how it can help with debugging and customer support to its prime drawbacks regarding security and auditing issues. Discover why the need for impersonation is often a sign of poor admin tooling, alternative solutions to true impersonation, and the scenarios where impersonation might be the most pragmatic approach. You’ll also learn why they advocate for understanding the root problem and considering alternative solutions before implementing impersonation. Tune in today for a deep dive into impersonation and the best ways to use it (or not use it)!
Key Points From This Episode:
What’s new in Stephanie’s world: how Notion Calendar is helping her manage her schedule.
Joël’s quest to find a health plan: how he used a spreadsheet to compare his options.
A client request to build an impersonation feature, and why Joël has mixed feelings about it.
What an impersonation tool does: it allows you to take over someone’s account.
When it’s useful to use implementation as a feature, like for debugging and support.
Potential risks and responsibilities associated with impersonation.
Why the need for impersonation often indicates poor admin tooling.
Technical and security implications of impersonation.
Solutions for logging the audit trail when you’re doing impersonation.
Differentiating between the logged-in user and the user you’re rendering views for.
Building an app that isn’t as tightly coupled to the “current user.”
Suggested alternatives to true impersonation.
The value of cross-functional teams and collaborative problem-solving.
Links Mentioned in Today’s Episode:
Mailtrap
Notion Calendar
'Implementing Impersonation'
Sustainable Web Development with Ruby on Rails
The Bike Shed
Joël Quenneville on LinkedIn
Joël Quenneville on X
Support The Bike Shed
WorkOS
Support The Bike Shed
More shows like The Bike Shed
View all
Tentative
9 Listeners
Software Engineering Radio
273 Listeners
The Changelog: Software Development, Open Source
290 Listeners
Giant Robots Smashing Into Other Giant Robots
88 Listeners
Build Phase
44 Listeners
Software Engineering Daily
625 Listeners
Soft Skills Engineering
283 Listeners
Syntax - Tasty Web Development Treats
985 Listeners
REWORK
210 Listeners
Crossroads
2 Listeners
CoRecursive: Coding Stories
188 Listeners
Remote Ruby
35 Listeners
Practical AI
212 Listeners
Reboot
12 Listeners
Code with Jason
14 Listeners
The Stack Overflow Podcast
62 Listeners
Signals and Threads
72 Listeners
Code and the Coding Coders who Code it
6 Listeners
IndieRails
6 Listeners
The Pragmatic Engineer
64 Listeners