In Web API 2, you used to be able to create an endpoint to issue a token by setting up an OAuth Authorization Server via middleware like below:
//Set up our auth server options.
var OAuthServerOptions = new OAuthAuthorizationServerOptions()
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = new SimpleAuthorizationServerProvider()
// Sets up the token issue endpoint using the options above
Don't waste your time looking for an
OAuthAuthorizationServerMiddleware alternative in ASP.NET 5, the ASP.NET team simply decided not to port it: https://github.com/aspnet/Security/issues/83
I suggest having a look to AspNet.Security.OpenIdConnect.Server, an advanced fork of the OAuth2 authorization server middleware that comes with Katana 3: there's an OWIN/Katana 3 version, and an ASP.NET 5 version that supports both the full .NET framework and .NET Core.
To learn more about this project, I'd recommend reading http://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-introduction/.