教程 http://bitoftech.net/2015/02/16/implement-oauth-json-web-tokens-authentication-in-asp-net-web-api-and-identity-2/
源码 https://github.com/ChuckTest/AspNetWebApi2/
对应到commit的编号25df01a25c0aa8cada67474c3788272cace428db
发现是忘记step 6了
Step 6: Consume JSON Web Tokens
Now if we tried to obtain an access token by sending a request to the end point “oauth/token” then try to access one of the protected end points we’ll receive 401 Unauthorized status, the reason for this that our API doesn’t understand those JWT tokens issued by our API yet, to fix this we need to the following:
Stack Overflow上的一个提问https://stackoverflow.com/questions/26458785/i-get-authorization-has-been-denied-for-this-request-error-message-when-using
里面提到了另外一个教程http://bitoftech.net/2014/09/24/decouple-owin-authorization-server-resource-server-oauth-2-0-web-api/ 关于如何解耦授权服务器和资源服务器的