I recently submitted a solution to the Office PnP repo called "Core.SharePointProxyForSpaApps". This solution combines techniques from an article called "Managing Tokens in SharePoint 2013 Single-Page Provider-Hosted Apps" from Scot Hillier and expands on the concept to provide a full sample and utilize the proxy technique which allows for more flexibility.

Why do we need this:
In order for provider hosted apps to request resources from sharepoint it must send an access token for authentication. Currently SharePoint doesn't support the OAuth 2.0 Implicit grant flow so the acces tokens we receive have a longer expiration period and must be protected with more caution.
In other words, we can't expose the access tokens to the client and must make requests through our server; however we still want to use the same programming model of having all the logic on the client. To have the best of both worlds we use a custom WebAPI controller which acts as proxy add access token to requests and passing them through to sharepoint.

Video showing how to get started using the Office PnP repo in Visual Studio 2013 as well as a walk through of the sample explaining the logic and flow of data in more detail.

Youtube: http://youtu.be/ezsGMyMK3-k

References:

Core.SharePointProxyForSpaApps: https://github.com/OfficeDev/PnP/tree/master/Samples/Core.SharePointProxyForSpaApps

Office PnP Repository: https://github.com/OfficeDev/PnP

Office 365 Developer Podcast: Episode 009: http://blogs.office.com/2014/07/31/office-365-developer-podcast-episode-009-vesa-juvonen-steve-walker/

Managing Tokens in SharePoint 2013 Single-Page Provider-Hosted Apps: http://www.itunity.com/article/managing-tokens-sharepoint-2013-singlepage-providerhosted-apps-445