Azure Mobile Services


Please follow the steps below to configure your Auth0 account to work with .

1. Activate the add-on.

Go to Application Add-ons page and activate the add-on.

Each integration is different and requires different parameters and configuration. Once the add-on is activated, you will see tailored instructions with details on how to get this done.

2. Use it

The key to this integration is the Delegation endpoint in Auth0. Check the documentation of any of our FrontEnd or Mobile SDKs to learn how to call this endpoint. You can download your favorite library from any of the Quickstarts.

3. You are done!

Congrats! You've implemented Delegation for the API

Additional Information

1. Create a client for the application

WAMS endpoints can be used from anywhere. For example: Android, iOS, Windows UWP C#, JavaScript or Windows Phone. You can use any of these tutorials for configuring an app that interacts with WAMS.

The samples that you can download from the Azure Portal are a good starting point.

2. Modify the sample to use Auth0

If you follow the Windows UWP sample (C#), you will end up with an AuthenticateAsync method that adds one of the standard WAMS authentication mechanisms.

To modify the sample to use Auth0, include this code:

private async System.Threading.Tasks.Task AuthenticateAsync()
  while (user == null)
    string message;

      //Adding Auth0
      //Login User
      var auth0 = new Auth0Client("YOUR_NAMESPACE", "YOUR_CLIENT_ID");

      var appUser = await auth0.LoginAsync(); //This call presents user with all available options

      //This obtains a token for WAMS
      var api = await auth0.GetDelegationToken("{THE WAMS CLIENT ID IN AUTH0}");

      //Tell WAMS to use this new token
      user = new MobileServiceUser(appUser.Profile["name"].ToString());
      user.MobileServiceAuthenticationToken = api["id_token"].ToString();
      App.MobileService.CurrentUser = user;

      //Old code
      //user = await App.MobileService.LoginAsync(MobileServiceAuthenticationProvider.Facebook);

      message =
        string.Format("You are now logged in - {0}", user.UserId);

    catch (InvalidOperationException)
      message = "You must log in. Login Required";

    var dialog = new MessageDialog(message);

    dialog.Commands.Add(new UICommand("OK"));

    await dialog.ShowAsync();

The important aspects of these lines are:

  1. The Auth0Client class takes 2 parameters: your namespace and the clientId of the client application.
  2. There are various overloads for the LoginAsync method. In the example above, all options will be presented to the user. You can use other versions of LoginAsync to direct login to a specific provider. For example: LoginAsync("github") will have users login exclusively with GitHub.
  3. The GetDelegationToken call exchanges the client token (received in step #2) for another token to be used for with WAMS.
  4. The input for the GetDelegationToken method is the clientID of your WAMS enabled app.
  5. A new MobileServiceUser object is created with the new information.

The GetDelegationToken call allows your client app to interact with multiple WAMS APIs (or even other APIs). In Auth0, you can control which clients can call which API.

For example, you can login a user with GitHub, then connect them to WAMS and also interact with an AWS hosted endpoint. The delegation call allows you to flow the identity of the user securely across multiple environments.

3. Using the user identity in the WAMS backend

The final step is to use the information in the token in the server code. Most likely you will have to do the following two things:

  1. Change permissions on the table for each operation:

  1. Use the user object to change the behavior of the operation.

This example inserts the userId on new rows:

Then, when querying, it filters out rows for the logged in user:

Try Auth0 for FREECreate free Account