Most modern applications require security. However, single page applications (SPAs) introduce unique challenges when it comes to authentication. In general, traditional session-based authentication isn't a good fit for stateless SPAs. A better approach is to use OAuth tokens provided by a security token service. In this talk, we are going to look at how to build Angular applications that use token-based authentication. Our security token service will be running IdentityServer, an OpenID Connect provider and OAuth 2.0 server framework for ASP.NET.