Features

Pages and routes

Area	Routes
Auth	/login, /logout, /register
Password	/forgot-password, /reset-password, /change-password
Profile	/profile, /confirm-email, /confirm-phone
Two-factor	/security, /security/2fa/setup, /security/2fa/verify, /security/2fa/disable, /security/2fa/recovery-codes
Home	/

Shared components: SessionExpirationHandler, PasswordStrengthIndicator. Layouts: MainLayout, AuthLayout.

Services and backend calls

A named "IdentityApi" HttpClient (Polly retry + circuit breaker) backs real REST calls:

Service	Endpoints
AuthService	/api/auth/login, /logout, /register, /refresh; /api/user/confirm-email, /resend-email-confirmation, /confirm-phone, /resend-phone-confirmation
UserService	/api/user/profile (GET/PUT), /api/user/profile/picture, /api/user/account (DELETE)
PasswordService	/api/password/forgot, /reset, /change
TwoFactorService	/api/2fa/status, /enable, /confirm, /disable, /recovery-codes, /recovery-code/verify, /forget-machine

Sessions and security

• TokenStorageService keeps access/refresh tokens (keys from the Authentication config section).
• ISessionRefreshService performs automatic token refresh.
• CORS is enabled (AllowAnyOrigin) for shell integration.

See also

• Solution structure
• Configuration