I currently am using a combination of ASP.NET Core Identity and IdentityServer4 for my IdP.
If I have a client application that uses my IdP, and I want to give already authenticated users in this client application the ability to change their password, where do I put that change password logic?
Do I redirect the user back to some page in the IdP to allow them to change their password there, then redirect them back to the client app once complete? Or do I add all of the .NET Core Identity packages into the client app and add the change password functionality there?
You will need access to the IDP database to change the password, so it makes sense to keep the change password logic with IDP, if you have two separate applications.
I would redirect the user back to a page within your IDP application as then you can share that logic between any other client applications that are using your IDP app.