auth.js

//sending back whatever is receving as a body and parameter
exports.post = function(request, response) {
    response.send(statusCodes.OK, { request_body: request.body, request_param: request.query  });
};
exports.put = function(request, response) {
     response.send(statusCodes.OK, { request_body: request.body, request_param: request.query  });
};

post_example.js

var access_token = 'eyJhbGciOi...'; 
var xhr = Titanium.Network.createHTTPClient();
xhr.setTimeout(30000);
xhr.onload=function() {
    Ti.API.info('Protected Resource by POST: '+this.responseText);
};
xhr.onerror= function() {
    Ti.API.info('Error response: '+this.responseText);
};
xhr.open('POST', 'https://my_resource_auth_server.azure-mobile.net/api/auth');
xhr.setRequestHeader("Content-Type", "application/json");
xhr.setRequestHeader("Accept", "application/json");
xhr.setRequestHeader("X-ZUMO-AUTH", access_token); // this is the magic line
xhr.send(JSON.stringify({
     "user" : {
         "name" : "faisal",
         "interested_in" : ["male", "female"],
         "current_look" : {
             "photo_url" : "",
             "identifier": {
                 "type" : "1",
                 "brand" : "2",
                 "color" : "3"
             }
         }
     }
 }));

post_response.json

{
    "request_body": {
        "user": {
            "name": "faisal",
            "interested_in": [
                "male",
                "female"
            ],
            "current_look": {
                "photo_url": "",
                "identifier": {
                    "type": "1",
                    "brand": "2",
                    "color": "3"
                }
            }
        }
    },
    "request_param": {}
}

put_example.js

var access_token = 'eyJhbGciOiJI...';
var xhr = Titanium.Network.createHTTPClient();
xhr.setTimeout(30000);
xhr.onload=function() {
    Ti.API.info('Protected Resource by PUT: '+this.responseText);
};
xhr.onerror= function() {
    Ti.API.info('Error response: '+this.responseText);
};
xhr.open('PUT', 'https://my_resource_auth_server.azure-mobile.net/api/auth?id=123');
xhr.setRequestHeader("Content-Type", "application/json");
xhr.setRequestHeader("Accept", "application/json");
xhr.setRequestHeader("X-ZUMO-AUTH", access_token); // this is the magic line
xhr.send(JSON.stringify({
     "user" : {
         "name" : "faisal",
         "interested_in" : ["male", "female"],
         "current_look" : {
             "photo_url" : "",
             "identifier": {
                 "type" : "1",
                 "brand" : "2",
                 "color" : "3"
             }
         }
     }
 }));

put_response.json

{
    "request_body": {
        "user": {
            "name": "faisal",
            "interested_in": [
                "male",
                "female"
            ],
            "current_look": {
                "photo_url": "",
                "identifier": {
                    "type": "1",
                    "brand": "2",
                    "color": "3"
                }
            }
        }
    },
    "request_param": {
        "id": "123"
    }
}

Humm, I see the problem now.

You are using the tables endpoint whereas the example was for api endpoints. Here is what you are gonna do:

To Add:
Everything should be the same, except the body will be simple JSON (key-value pair, where key is the column name) and the end point would be something like: https://my_resource_auth_server.azure-mobile.net/tables/todoitem

To Update:
You have to use HTTP PATCH instead of PUT. And the url should end with /id, for example: https://my_resource_auth_server.azure-mobile.net/tables/todoitem/123 where 123 is the id.

Here is the working example (I have tested it, let me know if it doesn't work):
https://gist.github.com/rfaisal/9773273

BTW, I still think Authentication error is due to permissions.