AccountController.cs

[AllowAnonymous]
[HttpGet]
[Route("confirm-signup", Name = "ConfirmSignUpRoute")]
public async Task<IHttpActionResult> ConfirmSignUp(string userId = "", string code = "")
{
    IdentityResult confirmEmailResult = await this.AppUserManager.ConfirmEmailAsync(userId, code);

    if (!confirmEmailResult.Succeeded)
    {
        return GetErrorResult(confirmEmailResult);
    }

    IdentityResult addToRolesResult = await this.AppUserManager.AddToRolesAsync(userId, new string[] { "User", "Admin" });

    if (!addToRolesResult.Succeeded)
    {
        ModelState.AddModelError("", "Failed to add user roles");
        return BadRequest(ModelState);
    }

    ApplicationUser user = await this.AppUserManager.FindByIdAsync(userId);

    // ########################################
    // return token a `GRANT-ACCESS` token to allow client app to login
    // ########################################
    var tokenResult = this.AppUserManager.GenerateUserTokenAsync("GRANT-ACCESS", userId);
    string token = tokenResult.Result;

    Uri redirectLocation = new Uri(string.Format("http://localhost:45258/#/confirm-signup?user={0}&token={1}", 
        Uri.EscapeDataString(user.UserName), Uri.EscapeDataString(token)));

    return Redirect(redirectLocation);

    //Uri locationHeader = new Uri(Url.Link("GetUserById", new { id = user.Id }));
    //return Created(locationHeader, TheModelFactory.Create(user));
}

app.js

$stateProvider
  .state('confirm-signup', {
      url: '/confirm-signup?user&token',
      views: {
          "main": {
              controller: 'ConfirmSignUpCtrl',
              templateUrl: 'signup/confirm-signup.tpl.html'
          }
      },
      data: {pageTitle: 'Confirm Sign Up'},
      resolve: {
          isConfirmSuccessful: ['$stateParams', 'authService', function ($stateParams, authService) {

              if ($stateParams.user !== undefined && $stateParams.token !== undefined) {

                  var vm = {
                      username: $stateParams.user,
                      password: $stateParams.token
                  };

                  // login using token as password
                  authService
                      .login(vm)
                      .then(function (response) {
                          $location.path('/confirm-details');
                      },
                      function (err) {
                          $scope.message = err.error_description;
                      });
              }

              return false;
          }]
      }
  });

CustomOAuthProvider.cs

public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
    var allowedOrigin = "*";

    context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });

    var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>();

    ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);

    if (user == null)
    {
        user = await userManager.FindByNameAsync(context.UserName);

        if (user == null)
        {
            context.SetError("invalid_grant", "The user name or password is incorrect.");
            return;
        }

        string token = context.Password;
        bool result = await userManager.VerifyUserTokenAsync(user.Id, "GRANT-ACCESS", token);
        
        if (result == false)
        {
            context.SetError("invalid_grant", "The user was found but the password was incorrect.");
            return;
        }
    }

    if (!user.EmailConfirmed)
    {
        context.SetError("invalid_grant", "User did not confirm email.");
        return;
    }

    ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, "JWT");

    var ticket = new AuthenticationTicket(oAuthIdentity, null);

    context.Validated(ticket);
}