Web API uses the Resource Owner Password Flow defined in OAuth2. This is a quick post on how you can return additional properties when access token is requested by calling the token endpoint with a "grant_type" of "password".
When you created a ASP.NET Web API Project, insider the project, under “Providers” folder there will be a class named “ApplicationOAuthProvider”. As you know, the method which gets called when token endpoint is called, is “GrantResourceOwnerCredentials” and it returns a Task. So this is how you can include additional properties about the resource owner along with the access token. Simply add the values to AuthenticationProperties dictionary to store them as state values about the authenticated session.
So this is how the result looks like.