The HashPassword method in https://github.com/aspnet/Identity/blob/dev/src/Microsoft.AspNetCore.Identity/PasswordHasher.cs takes in both TUser and plain text password as params, but the user param is never used. This seems to be something new that is added in the AspNetCore implementation. Why?
This is so custom implementations can access things off of the user if they so desire as part of the hashing operation, for example if they wanted the salt to live on the user entity. By default we don't use this behavior but it was requested to enable more advanced scenarios.
Shouldn't IPasswordHasher<TUser> have an overload without TUser then?
Just ignore it if your hasher implementation doesn't care about the user instance.
Most helpful comment
Shouldn't
IPasswordHasher<TUser>have an overload withoutTUserthen?