Thanks for the write-up. It's actually my favourite article on the subject. However, one thing that always seems to be missing from all articles is how to implement this in a rest flow.

Redirecting the user to a server route is a little suboptimal `Get()` to begin with. But when the redirection happens it's not enough to just give a json response to the user. We have to store the JWT on the user's browser even if the server is hosted at a different domain.

I'm still not 100% how to do this.