Many people asked me how all the moving parts of Thinktecture.IdentityModel, IdentityServer and ASP.NET and Web API relate to each other. And quite frankly, reading my old blog posts does not always help – a lot of things have changed, some links are broken etc…
I decided to re-write my big Web API security sample – and this time I will properly document it while I go. Topics will include authentication scenarios (Basic Authentication, SAML, JWT, session tokens, Hawk), authorization, auditing and other Web API security extensibility points.
You can also follow the status here.
Stay tuned.
leastprivilege.com 
Looking forward to this!
do these samples require an active Authorization server (the constants file has https://identity.thinktecture.com/sample/issue/oauth2/token) running? If the “Webhost” can perform that function I can’t seem to figure out how to configure it/change the constants file
Yep – we have hosted the sample idsrv for you.
If I had my own idsrv, what all would need to change? I think i have the thumbprint and signing keys correct, but can’t get the Win 8 app to authenticate against the sample
I guess you need to register the OAuth2 client and the corresponding redirect URI
I have a case in which a MVC app is using WS-federation against my IdSrv. The MVC app user is authenticated on the IdSrv auth-form and redirected back to the MVC app and a JWT token is generated. Now, the MVC contains jQuery/AJAX making requests to a backend service.
From th MVC app I can inspect the users claims and this works perfectly. But is it possible also to get the encrypted JWT token? I need it to parse along in the jQuery/AJAX requests mentioned before. (I’ve browsed the sample solution, but I haven’t found the solution yet…).
Hope you can help me.