教程 http://bitoftech.net/2015/02/16/implement-oauth-json-web-tokens-authentication-in-asp-net-web-api-and-identity-2/
源码 https://github.com/ChuckTest/AspNetWebApi2/
对应到commit的编号25df01a25c0aa8cada67474c3788272cace428db
发现是忘记step 6了
Step 6: Consume JSON Web Tokens
Now if we tried to obtain an access token by sending a request to the end point “oauth/token” then try to access one of the protected end points we’ll receive 401 Unauthorized status, the reason for this that our API doesn’t understand those JWT tokens issued by our API yet, to fix this we need to the following: