教程 http://bitoftech.net/2015/02/16/implement-oauth-json-web-tokens-authentication-in-asp-net-web-api-and-identity-2/
源碼 https://github.com/ChuckTest/AspNetWebApi2/
對應到commit的編號25df01a25c0aa8cada67474c3788272cace428db
發現是忘記step 6了
Step 6: Consume JSON Web Tokens
Now if we tried to obtain an access token by sending a request to the end point “oauth/token” then try to access one of the protected end points we’ll receive 401 Unauthorized status, the reason for this that our API doesn’t understand those JWT tokens issued by our API yet, to fix this we need to the following:
Stack Overflow上的一個提問https://stackoverflow.com/questions/26458785/i-get-authorization-has-been-denied-for-this-request-error-message-when-using
里面提到了另外一個教程http://bitoftech.net/2014/09/24/decouple-owin-authorization-server-resource-server-oauth-2-0-web-api/ 關於如何解耦授權服務器和資源服務器的