May 24, 2018 01:25 PM|mgebhard|LINK
My best guess is you are trying to build a custom identity server using JWT and OAuth?
The first step is understanding the OAuth specs. I've read different parts of the spec several times over the last year or so. IMHO, this is the best way to learn spec.
You'll also want make sure you understand how JWTs work.
How the API understand this token without registering API with Indentity Provider?
Commonly, it is the API's responsibility for validating the JWT. JWTs are signed by public/private keys to detect if the payload changed. Once the client has the JWT, there is no need to visit the token service unless refreshing the token. There are other
approaches like storing the token in a DB and giving the client a key to the token. In this design the client must send the key to the token service and the service validates the token.
Frankly, there is no easy answer to this question.
Here is an older OWIN example that you can port to Core relatively easily.