Rolling your own security layer on top of your API? Stop it. You'll end up regretting that decision for the lifetime of your API!
Why should you care about OAuth and Identity? What's the difference between authoriation and authenticaiton? Should you just roll your own OAuth implementaiton (No!....)?
I'll make sure you know how to secure your API with OAuth, be it with IdentityServer, or some PaaS. You'll know the difference between all the OAuth flows and where they're applicable. We'll see how to approach this from the server, and the client.