How can Logout be implemented in the Azure Mobile Service custom API?

I

Imira_crai2016-02-17 11:20:41

Microsoft Azure

Imira_crai, 2016-02-17 11:20:41

How can Logout be implemented in the Azure Mobile Service custom API?

After the user is authorized in the Custom API (xxx.azure-mobile.net/api/...), a token is returned to him, by which access is checked in subsequent requests (via X-ZUMO-AUTH) to non-public APIs. Also, in the handlers of the requests themselves, the data on the user becomes available in request.user
I ran into a problem how to log out for such users (ie, delete the session on the server). Stupid decision in the forehead through the removal of request.user does not help.
Custom API spinning on node.js

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

I

Imira_crai, 2016-02-17
@Imira_crai

As far as I understand, the logic of work here is as follows: JSON web token
is used as a token in X-ZUMO-AUTH , which is formed from 3 components, including:
( more )
Thus, the session on the side of the Custom API is not created. The user is checked only by the correctness of the token. After validation, Azur passes the user id from the token to the request handler (in request.user).
Accordingly, the check for the existence of a user with a given id has to be implemented manually for each API method (for example: make it a separate module in the shared folder and include it in each API method)