Created sample app for UM registration with password#364
Conversation
…. Will re-style in next commit.
There was a problem hiding this comment.
Pull request overview
Adds a new IdentityServer v8 sample (“UserManagementPasswordRegistration”) that demonstrates creating a user via OTP registration and then setting/resetting a password, including an Aspire AppHost that runs Mailpit for OTP email simulation.
Changes:
- Introduces a new Razor Pages app implementing registration, OTP verification, login, forgot-password, and set/reset password flows using Duende User Management.
- Adds an Aspire AppHost that provisions Mailpit and injects SMTP settings into the sample app.
- Adds associated static assets (Bootstrap/jQuery, styling, logos) and wires the projects into solution files.
Reviewed changes
Copilot reviewed 46 out of 106 changed files in this pull request and generated 13 comments.
Show a summary per file
| File | Description |
|---|---|
| samples.slnx | Adds the new sample folder/projects to the repo solution index. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/UserManagementPasswordRegistration.csproj | New web project for the password-registration sample. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Program.cs | App composition (IdentityServer + UserManagement + auth + DB migration/bootstrap). |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/UserAttributes.cs | Defines/bootstraps profile schema attributes (name, favorite dinosaur, email). |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/OtpCookie.cs | Protected cookie storage for OTP state between requests. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/PasswordValidators/BlocklistPasswordValidator.cs | Sample password validator rejecting common passwords. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/appsettings.json | Base configuration (SMTP + logging). |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/appsettings.Development.json | Development logging configuration. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Properties/launchSettings.json | Launch profile for the sample web app. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Pages/_ViewImports.cshtml | Razor imports/namespace/tag helpers. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Pages/_ViewStart.cshtml | Razor layout selection. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Pages/Shared/_Layout.cshtml | Main UI layout, CSS/JS includes, nav/footer. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Pages/Shared/_ValidationScriptsPartial.cshtml | Client validation script includes. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Pages/Index.cshtml | Home page UX for authenticated/anonymous users. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Pages/Index.cshtml.cs | Loads claims/profile attributes for the home page. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Pages/Register.cshtml | Registration (email capture) form. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Pages/Register.cshtml.cs | Sends OTP and stores state in OTP cookie. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Pages/CompleteRegistration.cshtml | OTP entry and Mailpit guidance. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Pages/CompleteRegistration.cshtml.cs | Verifies OTP, creates profile, signs in, redirects to set password. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Pages/Login.cshtml | Username/password login form and forgot-password link. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Pages/Login.cshtml.cs | Password authentication and sign-in. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Pages/ForgotPassword.cshtml | Forgot-password (OTP send) form. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Pages/ForgotPassword.cshtml.cs | Sends OTP for password reset and stores state in OTP cookie. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Pages/CompleteForgotPassword.cshtml | OTP entry for reset flow. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Pages/CompleteForgotPassword.cshtml.cs | Verifies OTP and redirects to reset password. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Pages/SetPassword.cshtml | Set-password form (post-registration). |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Pages/SetPassword.cshtml.cs | Validates and sets password, signs user out. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Pages/ResetPassword.cshtml | Reset-password form (post-forgot-password). |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Pages/ResetPassword.cshtml.cs | Validates and resets password, signs user out. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Pages/Account.cshtml | Profile editing form. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Pages/Account.cshtml.cs | Reads/updates profile attributes and re-issues auth cookie. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Pages/Logout.cshtml | Logout confirmation page. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/Pages/Logout.cshtml.cs | Performs sign-out. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/wwwroot/css/site.scss | Sample styling (source). |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/wwwroot/css/site.css | Compiled CSS for the sample styling. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/wwwroot/css/site.min.css | Minified CSS for the sample styling. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/wwwroot/css/bootstrap-overrides.css | Duende theme overrides on top of Bootstrap. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/wwwroot/duende-logo.svg | Sample logo asset. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/wwwroot/duende-white.svg | Sample logo asset (white). |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/wwwroot/lib/jquery/LICENSE.txt | Third-party license file for jQuery. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/wwwroot/lib/jquery-validation/LICENSE.md | Third-party license for jquery-validation. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/wwwroot/lib/jquery-validation/dist/jquery.validate.min.js | Third-party client validation library. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/wwwroot/lib/jquery-validation/dist/additional-methods.min.js | Third-party validation extensions. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/wwwroot/lib/jquery-validation-unobtrusive/LICENSE.txt | Third-party license for unobtrusive validation. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/wwwroot/lib/jquery-validation-unobtrusive/dist/jquery.validate.unobtrusive.js | Third-party unobtrusive validation library. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/wwwroot/lib/jquery-validation-unobtrusive/dist/jquery.validate.unobtrusive.min.js | Minified unobtrusive validation library. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/wwwroot/lib/bootstrap/LICENSE | Third-party license for Bootstrap. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/wwwroot/lib/bootstrap/dist/css/bootstrap-reboot.rtl.min.css | Bootstrap asset (reboot RTL min). |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/wwwroot/lib/bootstrap/dist/css/bootstrap-reboot.rtl.css | Bootstrap asset (reboot RTL). |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/wwwroot/lib/bootstrap/dist/css/bootstrap-reboot.min.css | Bootstrap asset (reboot min). |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration/wwwroot/lib/bootstrap/dist/css/bootstrap-reboot.css | Bootstrap asset (reboot). |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration.slnx | Solution file for the new sample. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration.AppHost/UserManagementPasswordRegistration.AppHost.csproj | Aspire AppHost project for the sample environment. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration.AppHost/AppHost.cs | Composes Mailpit + sample app and injects SMTP env vars. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration.AppHost/appsettings.json | AppHost logging configuration. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration.AppHost/appsettings.Development.json | AppHost development logging configuration. |
| IdentityServer/v8/UserManagementPasswordRegistration/UserManagementPasswordRegistration.AppHost/Properties/launchSettings.json | Launch profiles for Aspire AppHost. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
…ple, and simplified the aspire launch url
maartenba
left a comment
There was a problem hiding this comment.
Awesome! @ProgrammerAL can you also link it in the docs with a short description? (in https://docs.duendesoftware.com/identityserver/samples/usermanagement/)
Co-authored-by: Maarten Balliauw <maarten@balliauw.be>
…irectory. Renamed the sample from UserManagementPasswordRegistration to just PasswordRegistration. Including directories, namespaces, and project names
maartenba
left a comment
There was a problem hiding this comment.
One more suggestion (expand the comment a bit), other than that LGTM!
| internal static class StringExtensions | ||
| { | ||
| /// <summary> | ||
| /// Takes an email string and puts it into the way it's stored in the database |
There was a problem hiding this comment.
| /// Takes an email string and puts it into the way it's stored in the database | |
| /// Duende User Management respects the email RFC, where the part before the @ is case-sensitive | |
| /// and the domain itself is not. | |
| /// | |
| /// aaa@aaa.com and AaA@aaa.com are different email addresses. | |
| /// | |
| /// In this sample, we are normalizing the email address so that the sample app treats | |
| /// these 2 examples as the same. |
Created sample "UserManagementPasswordRegistration" to show off how to create a new account in UM, and then set a password.