Last week I published ZuMo.API to GitHub which is a simple Windows Azure Mobile Service (using the .Net backend) that includes Custom Authentication instead of solely relying on Active Directory or login via Twitter, Facebook, Google or Microsoft.
Today I wanted to extend it a little. See, when you use Custom Authentication in Windows Azure Mobile Services (ZuMo), you basically rely on a signed token (a JSON Web Token, to be precise) and when you receive a request in one of your
ApiController classes the JWT is included in the
X-ZUMO-AUTH HTTP Header.
But the JWT doesn't make much sense in clear text - you need to transform it into something useful. Luckily a lot of the heavy lifting has already been done for you. All you need to do, is to grab the identity of the request and find your own app specific credentials.
Here's how it's done in code:
ZuMoLoginProviderCredentials is the app specific credentials that is configured along with the custom login provider, and since they're registered as a LoginProvider the Azure Mobile Services backend will automatically transform the token from
X-ZUMO-AUTH into an instance of the credentials that was configured.