I've been looking into Mobile Services recently, and I love the authentication and push notification features that allow the developer to let the user log in with whatever credentials they'd like (Facebook, Twitter, Microsoft Account etc.) and that allow push notifications to be generic so different code doesn't have to be written for each OS.
However, my issue is that it seems that Mobile Services is very limited. Specifically, it seems the only interface that is exposed is to directly perform operations on a database. I can't seem to understand how I could implement Mobile Services authentication on a generic REST API.
For example, I don't see any way to do something like this in node.js:
var express = require('express');
var azure = require('azure');
var app = express();
app.get('/nearbyFriends', function(req, res){
if(azure.getUser(req).isAuthenticated()) { // pseudo code obviously
// find and return nearby friends
}
});
app.listen(3000);
My issue is that it seems like I'm locked into only using Mobile Services to do simple data storage and I can't really use it to make a more robust API that just happens to tap into the authentication provider component.
I noticed that I can change the default actions of some of the actions, but having to just modify scripts on the Windows Azure page to do possibly important business logic seems like pretty terrible design, and I still have to back every REST action with a database, which doesn't necessarily make sense for what I'm doing.
Am I missing the point? Is Mobile Services not supposed to be used in the way I'm envisioning?
Azure Mobile Services now supports custom API endpoints to do precisely what you are describing: http://msdn.microsoft.com/en-us/library/windowsazure/dn303368.aspx