Beware when using Microsoft.Owin.Security.OAuth and Microsoft.AspNet.WebApi.Cors
Recently, I helped colleague securing his ASP.NET WebApi. The WebApi was called from SharePoint Online using JavaScript. We thought that an integration with OAuth would be simple for CORS (cross-origin resource sharing) but we took a week to figure out what went wrong with mash up code.
Tags