Login as default user (Login as User A, but Keycloak creates a session / impersonate as User B)

I need to implements this feature:
A user can have multiple accounts, BUT one account is the default. So when I log in with user A, I need to create a session / impersonate with the user B, so my app behind keycloak thinks I’m logged as user B,… Is it possible? Do i need to override the Token Handler? I have a service that specify the “default” user that i need to ““impersonate”” for a given user…


Keycloak implements impersonation via OAuth 2 token exchange, it is an experimental feature but well documented (Securing Applications and Services Guide), you can also impersonate through the console, but probably not what you want.