I have Azure Mobile Service and AD set up for authentication.
Log out and login works perfectly through mobile app.
AD application reply url is https://test.azure-mobile.net/signin-aad
client = new MobileServiceClient (applicationURL, applicationKey);
var authResult = await client.LoginAsync(this, MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory);
var data = await client.InvokeApiAsync("testAPI", HttpMethod.Get, null); //Works
client.Logout(); // LOGOUT
var data = await client.InvokeApiAsync("testAPI", HttpMethod.Get, null); //Unauthorized Error at mobile side. Request not going to API
This working is perfect.
But if I copy the token from authResult after LOGOUT, I can use same token to call API from postman.
Header: X-ZUMO-AUTH → token
How I can validate the token? Any setting needed at Azure Mobile Service Side to validate and prevent this?