🚀 Feature: Allow full server side impersonation

[aviNrich]

🔖 Feature description

Hi,
In order to migrate complex apps such as ERP/CRM, I think we need a way to wrap/proxy appwrite from the server.
If everything that is possible from the client side will be available on the server side it will give huge benefit migrating complex apps.
This way we will be less depend on functions and can wrap all database calls with our own logic.
I think most of the problem today is the ability to impersonate the use on the server side for unlimited time and do everything on behalf of him..

🎤 Pitch

1. Exposing server to server APIs for our customers is almost impossible today...
2. Imagine if server-side create session function will return a jwt token with unlimited time and this token will be used in the server the same way on as we use it from the client side, The variety of apps we can implement in appwrite is much more wide.

👀 Have you spent some time to check if this issue has been raised before?

• I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?

• I have read the Code of Conduct

[Meldiron]

Not directly, but related to: #3120
Thanks for raising this 🙏

We have seen many different use cases, and we should address all as part of one feature. We will do our best to brainstorm a secure, easy-to-use feature to address them all.

[izznatsir]

This will be really useful to use on server side js framework such as Remix and Sveltekit. A small e-commerce that I created implement the session creation on the server side.

So I could create and manage a custom session cookie myself. While isolating the interaction with the data api only on the server side with token send via request header.

[CannonPhelps]

Having this especially for sveltekit would be amazing as handing over client-side info to the server is overly complicated

[stnguyen90]

This should be doable now by creating a custom token server side and exchanging it for a session. Then, use that session for any calls on behalf of the user.