Posted on: 4/22/2014 6:39:00 PM by Chris
If you’ve been using Azure Mobile Services lately, you may have noticed a warning appearing in your logs with the following message:
Version 1 of the Mobile Services JWT token has been deprecated. Please contact firstname.lastname@example.org to find out how to update your code.
First, don’t freak out. There’s a pretty good chance this doesn’t affect you at all. Due to an unfortunate misstep, this warning has been showing up for some people that aren’t actually affected. Read on to see if you need to make any changes.
Essentially, you only need to worry about this message if you’re doing custom auth with your Mobile Service. If you are, you most likely found it in one of these locations:
- Custom Auth with Mobile Services and LensRocket
- Authentication with Azure Mobile Services
- Custom Identity in Mobile Services (from Josh Twist)
The reason that you’re affected if you’re doing custom auth is that you’re generating your own JWT tokens. If you’re using any of the built in auth (Facebook, Google, Microsoft, Twitter) than your Mobile Service generates the JWT for you and your service is already updated. If you are doing custom auth, read on for the instructions on how to update your code.
Updating the auth code
Thankfully, the changes required to move to version 2 are very simple and they can all be done in the server side scripts. Here we have the code previously used to specify the contents of the JWT (note I’ve left off the code to make this URL friendly, merge it, etc):
We need to make two alterations to this code. First the kid value needs to change from an integer to a string, so “0”. Second, the ver value needs to change to 2. Our updated code will look like this:
There is one other change you’ll have to make if you’re also doing custom claims. If you’re specifying a urn:microsoft:credentials as part of the j2 value above, you’ll need to change it to match this shape:
Version 1 tokens will continue to work for some time though you’ll see that warning pop up in your logs if you continue to issue V1 tokens. Thankfully the changes are small. As always, I would advise making your changes against a test service prior to making the changes against a service backing a production app. You can read more about the changes on the Azure Mobile Services blog.