Federated Authentication, JWT, ASP.Net WebAPI and Ajax using ThinkTecture IdentityServer and IdentityModel

Federated Authentication, JWT, ASP.Net WebAPI and Ajax using ThinkTecture
IdentityServer and IdentityModel

In my setup I have three applications running on three different domains:
idsrv.mydomain.com - ThinkTecture IdentityServer
api.mydomain.com - a RESTful API implemented using ASP.Net WebAPI
app.mydomain.com - a light weight HTML/javascript application
I would like the user to log into the app.mydomain.com, and the javascript
ajax calls to go to api.mydomain.com
I have enabled federated authentication on both api.mydomain and
app.mydomain, and switched to JWT tokens in IdentityServer as described
here I also have enabled CORS on the api.
No I can login to app.mydomain.com and see the initial page, but the ajax
requests going to the API are not authenticated so the calls to the API
still fail. The problem is I have no idea where to go from here. I realize
that I have to get the token that was passed to app.mydomain.com and make
that available to the javascript on that page, and send that token along
with each request to my API, but I don't know how to get the token and how
to send it to the API. Any help would be appreciated.
Thanks