ios - How to implement oAuth2 between mobile app ASP.NET Web Api and external login provider -

imagine want implement architecture following oauth2 protocol. have asp.net web api service , external identity provider, e.g. google. client navigates google, gets access token , makes request rest service. how verify token? how make web api trust google's tokens?

i have sample uses identity server 3 identity provider (security token service) , have web api running owin middleware makes reference identity server(from startup.cs class) , in way trusts every token issued identity server understandable rest service. how achieve if wanted make direct call google's login , use 3rd party provider?

the way code kind of scenario work :

1. you create google application , access keys , set return url
2. your front end redirects user google's login page, passing app access keys.
3. google authenticates user calls application authorization code.
4. you hit google code , receive access token.
5. with access token can hit google's api , retrieve whatever information have access , can find out more user. normal @ point create link between own membership system , google's oauth2 system. store token later calls , later can use refresh_token mechanism keep talking google's api if need to.

with in mind not need own authorization server, still need resource server ( own rest api ) , build own middleware can understand google's or other provider's tokens, can talk google's api etc.

you implement own version of [authorize] tag system still work in similar way except don't use owin more.