Traditionally we have used Thinktecture.IdentityModel to parse and validate incoming JWT tokens in Web API. The good news is, there is nothing you have to change when moving to Web API v2 – the delegating handler approach, and thus IdentityModel are totally supported in v2.

If you want to move to OWIN-based hosting and Katana, you have to exchange our AuthenticationHandler with the new JWT middleware, e.g. like this:

app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions

{

    AllowedAudiences = new[] { Constants.Audience },

    IssuerSecurityTokenProviders =
      new[] { new SymmetricKeyIssuerSecurityTokenProvider(

                Constants.AS.IssuerName,

                Constants.AS.SigningKey) }

});

…and voila.

The above is not exactly the most brilliant looking API in the world, is it? (speaking the native tongue of the dev :p)…compared to IdentityModel (at least for the simple cases):

authentication.AddJsonWebToken(

    issuer: Constants.AS.IssuerName,   
    audience: Constants.Audience,   
    signingKey: Constants.AS.SigningKey,   
    claimMappings: ClaimMappings.None);

..But we are getting there…stay tuned…

(full sample is here)