Identityserver4: Add forgot password/reset password workflow for ASP.NET sample UI

Hi, I would like to contribute some of the requested samples. As I am going to need them myself.

If I read correctly they would have to be comitted to: IdentityServer4.AspNetIdentity/src/Host/Quickstart/ in seperate feature folders

@mhtsbt Actually, elsewhere: https://github.com/IdentityServer/IdentityServer4/issues/1971#issuecomment-356751798

This would be the source of these additional features and would then be copied to our templates once complete. The quickstart is created from the templates.

Hi guys, is there any kind of sample I could look at? I’d like to add that feature to my existing workflow and just saw this.

Thanks!

Just build an asp app in vs selecting indivual autn. It only takes 5mins to get running.

@TomCJones - I understand how to build a reset password system, either using Identity Framework or homegrown.

It would be created on the Identity server itself, but how does one handle redirecting back to the relevant client?

For instance:

1. Visit 'Client App 1'
2. Click login link, or try to access protected content
3. Redirect to Identity server login page for that app.
4. Click forgot password link, email gets sent
5. Click link inside email, set new password on Identity server
6. Automatically login the user to identity server, no need to login with new password
7. Since the user is now at the identity server, how can we find out the url for the relevant Client App, and is there a way to complete the originally intended login there without multiple redirects?

It would be created on the Identity server itself, but how does one handle redirecting back to the relevant client?

I think that's really hard to do. Resetting a password (via email) is async and could take time. The client most likely has timed out waiting for the OIDC response. In short, I never bother to do what you're wanting to do.

@brockallen
I wondered if something like that would be the case, as I couldn't think of an obvious solution to it.

Since, I have one primary client, and just a few secondary clients, so I might just keep track of the client name in the reset url, and then do a redirect from the controller to a protected page on the relevant site to re-initiate a sign in process.

Sure, if you have one main place you could send the user once that workflow is done, then send them there. That it better than nothing.

You should be able to send them to a page that automatically initiates a login. You can also store the most recent client they visited in the user record, which could be where the last logon attempt occurred.

We decided that we will not provide/maintain a UI based on ASP.NET Identity that supports the full account management lifecycle.

7. Since the user is now at the identity server, how can we find out the url for the relevant Client App, and is there a way to complete the originally intended login there without multiple redirects?

Surely you just add the clientid and redirect url to the generated link that you add to the email? When that link is clicked, you will definitely need to verify that the url in the querystring is one of the allowed urls for the client but that should work fine no?

Once you have that in the querystring then you can do what you like can't you?

Julian Grahame

@julianwesleyan - yes, that's pretty much the approach we went for in the end.

@benosman - awesome that's what I'm doing now.

Hey @benosman or @julianwesleyan do you have any public repo or could you share a sample of what you're doing, I'm about to start this process, any help is much appreciated.

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.