0
votes

we have successfully implemented Azure mobile services authentication to all our applications (Web, Xamain.iOS, Xamarin.Android, Windows 8, Windows Phone, WPF even).We can authenticate against Google , Microsoft and Azure Active Directory without any trouble using tutorials from MS site. On all platforms we have autologin, implemented again based on tutorials and stack owerflow.

Problem is, that when user change his password in any of services, i would expect that it will cause premature expiration of token, or something like that, forcing applications to request user login informations again. But this is just not happening, we were expecting that it would be handled by provided classes.

So my question is, how to be able to handle change of user password (or deleting of account) before expiration of token that is stored locally.

1

1 Answers

0
votes

Mobile Services only relies on the OAuth token being valid when it first logs the user in. It's up to the service how ofter to validate that that token is still valid.

Basically, if you want to validate, before each call, whether the user is still valid, just ping Google and see if it works. If it doesn't, log the user out. If Google doesn't invalidate tokens based on password change, but does expose some sort of event for password changes, you'd have to include that in your logic as well.