Secure your ASP.NET Core 2.0 API (part 1 - issuing a JWT)