A few customers have been asking about the proper implementation of an OAuth server using Microsoft's WebAPI 2. I spent some time implementing one (just to be knowledgeable both with OAuth and WebAPI) and struggled to find really good resources for using the OWIN OAuth 2.0 Authorization Server (and middleware). I was able to piece together information from a variety of blogs, forum posts, and other sources, but I realized part way through that there was a need to publish additional information to help others. I have provided the source code for a Visual Studio 2013 Express project implementing the Resource Owner Password Credentials Grant, Refresh Token Grant, and an endpoint for revoking access tokens.
Continue reading this article on the Security PS Blog: http://blog.securityps.com/2014/06/oauth-resource-owner-password.html