Skip to content

Add "Log in as customer" support to vue-starter-template #2281

Open
Improvement
Open
Add "Log in as customer" support to vue-starter-template#2281
Improvement
Labels
template
@mkucmus

Description

@mkucmus
Maciek Kucmus (mkucmus)
opened on Feb 13, 2026

Describe the feature

Proposed Solution

Create a single Nitro server route that handles the admin's "Log in as customer" redirect.

Note: The vue-starter-template is used here as a reference implementation. This doesn't have to live in the template itself — it could also be provided as a standalone example in the examples/ directory. The important part is documenting the pattern so any Nuxt-based storefront can adopt it.

server/routes/account/login/imitate-customer.get.ts

The .get.ts suffix ensures it only handles GET requests (matching what the admin panel sends).

Flow:

  1. Extract token, customerId, userId from query params
  2. Validate all three are present — redirect to / if not
  3. Create a standalone API client (server-side, no existing session)
  4. Call POST /account/login/imitate-customer on the Store API with the three params
  5. On success: extract sw-context-token from response headers, set it as a cookie (matching existing plugin.ts cookie config), redirect to /account
  6. On failure (invalid/expired token): redirect to /

No changes needed to nuxt.config.ts or any client-side code — after the redirect, the existing Nuxt plugin picks up the sw-context-token cookie and the session works automatically.

Security

  • Uses the official Shopware 6 impersonation API (/_proxy/generate-imitate-customer-token + /account/login/imitate-customer)
  • Token is single-use and time-limited (enforced server-side by Shopware)
  • Token validation happens entirely server-side via the Store API
  • Token-in-URL pattern follows the same approach as OAuth 2.0 authorization codes (RFC 6749)
  • Cookie settings match the existing @shopware/nuxt-module plugin configuration (sameSite: lax, secure on HTTPS, path: /)

WHY do we need that?

Shopware Admin has a built-in "Log in as customer" feature that generates a one-time token and opens a storefront URL (/account/login/imitate-customer?token=...&customerId=...&userId=...). The vue-starter-template currently lacks the server-side route to handle this URL, so the feature silently fails — the admin gets redirected or sees an error page.

The vue-demo-store template has an implementation (server/routes/account/login/imitate-customer.ts), but it has several issues:

  • Uses readBody() (expects POST) instead of getQuery() (the admin sends a GET request)
  • No try/catch around the API call — crashes on invalid/expired tokens
  • Uses non-standard HTTP status codes for redirects (400, 200 instead of 302)

Acceptance Criteria

  • Admin can log in as a customer from Shopware Admin and land on the storefront /account page with the customer's session
  • Missing or partial query parameters result in a redirect to /
  • Invalid or expired tokens result in a redirect to /
  • Token replay (same URL used twice) fails on second attempt
  • Cookie configuration matches the existing Nuxt plugin settings

Additional information

  • I want to implement this feature.

Checks

Metadata

Metadata

Assignees

No one assigned

    Labels

    template

    Type

    Improvement

    Fields

    No fields configured for Improvement.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions