diff --git a/MicrosoftEntraIDMultiApis/MultiMicrosoftEntraIDWebApi/MultiMicrosoftEntraIDWebApi.csproj b/MicrosoftEntraIDMultiApis/MultiMicrosoftEntraIDWebApi/MultiMicrosoftEntraIDWebApi.csproj
index d1364f0..ee550ab 100644
--- a/MicrosoftEntraIDMultiApis/MultiMicrosoftEntraIDWebApi/MultiMicrosoftEntraIDWebApi.csproj
+++ b/MicrosoftEntraIDMultiApis/MultiMicrosoftEntraIDWebApi/MultiMicrosoftEntraIDWebApi.csproj
@@ -7,10 +7,10 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Identity.Web" Version="4.1.1" />
+    <PackageReference Include="Microsoft.Identity.Web" Version="4.3.0" />
     <PackageReference Include="OpenIddict.Validation.AspNetCore" Version="7.2.0" />
     <PackageReference Include="OpenIddict.Validation.SystemNetHttp" Version="7.2.0" />
-    <PackageReference Include="Swashbuckle.AspNetCore" Version="10.0.1" />
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="10.1.4" />
 
     <PackageReference Include="Serilog.AspNetCore" Version="10.0.0" />
     <PackageReference Include="Serilog.Extensions.Logging" Version="10.0.0" />
diff --git a/MicrosoftEntraIDMultiApis/TestMultiApis/Pages/Shared/_Layout.cshtml b/MicrosoftEntraIDMultiApis/TestMultiApis/Pages/Shared/_Layout.cshtml
index d76dda2..003a17e 100644
--- a/MicrosoftEntraIDMultiApis/TestMultiApis/Pages/Shared/_Layout.cshtml
+++ b/MicrosoftEntraIDMultiApis/TestMultiApis/Pages/Shared/_Layout.cshtml
@@ -44,7 +44,7 @@
 
     <footer class="border-top footer text-muted">
         <div class="container">
-            &copy; 2025 - Razor Microsoft Entra ID
+            &copy; 2026 - Razor Microsoft Entra ID
         </div>
     </footer>
 
diff --git a/MicrosoftEntraIDMultiApis/TestMultiApis/TestMultiApis.csproj b/MicrosoftEntraIDMultiApis/TestMultiApis/TestMultiApis.csproj
index 4d64fc7..0531e3d 100644
--- a/MicrosoftEntraIDMultiApis/TestMultiApis/TestMultiApis.csproj
+++ b/MicrosoftEntraIDMultiApis/TestMultiApis/TestMultiApis.csproj
@@ -8,10 +8,10 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Identity.Web" Version="4.1.1" />
-    <PackageReference Include="Microsoft.Identity.Web.UI" Version="4.1.1" />
-    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="1.3.0" />
-    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders.TagHelpers" Version="1.3.0" />
+    <PackageReference Include="Microsoft.Identity.Web" Version="4.3.0" />
+    <PackageReference Include="Microsoft.Identity.Web.UI" Version="4.3.0" />
+    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="1.3.1" />
+    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders.TagHelpers" Version="1.3.1" />
 
     <PackageReference Include="Serilog.AspNetCore" Version="10.0.0" />
     <PackageReference Include="Serilog.Extensions.Logging" Version="10.0.0" />
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/IdentityHostingStartup.cs b/MultiIdentityProvider/IdentityProvider/Areas/Identity/IdentityHostingStartup.cs
index e7ccb35..b317425 100644
--- a/MultiIdentityProvider/IdentityProvider/Areas/Identity/IdentityHostingStartup.cs
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/IdentityHostingStartup.cs
@@ -1,5 +1,5 @@
-[assembly: HostingStartup(typeof(OpeniddictServer.Areas.Identity.IdentityHostingStartup))]
-namespace OpeniddictServer.Areas.Identity
+[assembly: HostingStartup(typeof(IdentityProvider.Areas.Identity.IdentityHostingStartup))]
+namespace IdentityProvider.Areas.Identity
 {
     public class IdentityHostingStartup : IHostingStartup
     {
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Login.cshtml b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Login.cshtml
index 5f165ae..8d46dd5 100644
--- a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Login.cshtml
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Login.cshtml
@@ -1,39 +1,44 @@
 @page
+@using IdentityProvider
+@using IdentityProvider.Areas.Identity
+@using IdentityProvider.Areas.Identity.Pages
+@using IdentityProvider.Areas.Identity.Pages.Account
+@using IdentityProvider.Data
+@using IdentityProvider.Passkeys
 @model LoginModel
 
 @{
     ViewData["Title"] = "Log in";
 }
 
+
 <h1>@ViewData["Title"]</h1>
 <div class="row">
     <div class="col-md-4">
         <section>
             <form id="account" method="post">
-                <h3>Use a local account to log in.</h3>
+                <h2>Use a local account to log in.</h2>
                 <hr />
-                <div asp-validation-summary="ModelOnly" class="text-danger"></div>
-
-                <div class="mb-3">
-                    <label asp-for="Input.Email" class="form-label"></label>
-                    <input asp-for="Input.Email" class="form-control" autocomplete="username" aria-required="true" aria-describedby="emailHelp" />
-                    <div id="emailHelp" class="form-text">We'll never share your email with anyone else.</div>
+                <div asp-validation-summary="ModelOnly" class="text-danger" role="alert"></div>
+                <div class="form-floating mb-3">
+                    <input asp-for="Input.Email" class="form-control" autocomplete="username" aria-required="true" placeholder="name@example.com" />
+                    <label asp-for="Input.Email" class="form-label">Email</label>
                     <span asp-validation-for="Input.Email" class="text-danger"></span>
                 </div>
-                <div class="mb-3">
-                    <label asp-for="Input.Password" class="form-label"></label>
-                    <input asp-for="Input.Password" class="form-control" autocomplete="current-password" aria-required="true" />
+                <div class="form-floating mb-3">
+                    <input asp-for="Input.Password" class="form-control" autocomplete="current-password" aria-required="true" placeholder="password" />
+                    <label asp-for="Input.Password" class="form-label">Password</label>
                     <span asp-validation-for="Input.Password" class="text-danger"></span>
                 </div>
-                <div class="mb-3 form-check">
-                    <input type="checkbox" class="form-check-input" asp-for="Input.RememberMe">
-                    <label class="form-check-label" asp-for="Input.RememberMe">@Html.DisplayNameFor(m => m.Input.RememberMe)</label>
+                <div class="checkbox mb-3">
+                    <label asp-for="Input.RememberMe" class="form-label">
+                        <input class="form-check-input" asp-for="Input.RememberMe" />
+                        @Html.DisplayNameFor(m => m.Input.RememberMe)
+                    </label>
                 </div>
-
                 <div>
                     <button id="login-submit" type="submit" class="w-100 btn btn-lg btn-primary">Log in</button>
                 </div>
-                <br />
                 <div>
                     <p>
                         <a id="forgot-password" asp-page="./ForgotPassword">Forgot your password?</a>
@@ -45,6 +50,13 @@
                         <a id="resend-confirmation" asp-page="./ResendEmailConfirmation">Resend email confirmation</a>
                     </p>
                 </div>
+
+                <hr />
+
+                <passkey-submit operation="@PasskeyOperation.Request" name="Input.Passkey" email-name="Input.Email" class="btn btn-outline-primary position-relative" formnovalidate>
+                    Log in with a passkey
+                </passkey-submit>
+
             </form>
         </section>
     </div>
@@ -57,8 +69,10 @@
                 {
                     <div>
                         <p>
-                            There are no external authentication services configured. See this <a href="https://go.microsoft.com/fwlink/?LinkID=532715">article
-                            about setting up this ASP.NET application to support logging in via external services</a>.
+                            There are no external authentication services configured. See this <a href="https://go.microsoft.com/fwlink/?LinkID=532715">
+                                article
+                                about setting up this ASP.NET application to support logging in via external services
+                            </a>.
                         </p>
                     </div>
                 }
@@ -67,9 +81,9 @@
                     <form id="external-account" asp-page="./ExternalLogin" asp-route-returnUrl="@Model.ReturnUrl" method="post" class="form-horizontal">
                         <div>
                             <p>
-                                @foreach (var provider in Model.ExternalLogins)
+                                @foreach (var provider in Model.ExternalLogins!)
                                 {
-                                    <button type="submit" class="w-100 btn btn-lg btn-primary" name="provider" value="@provider.Name" title="Log in using your @provider.DisplayName account">@provider.DisplayName</button>
+                                    <button type="submit" class="btn btn-primary" name="provider" value="@provider.Name" title="Log in using your @provider.DisplayName account">@provider.DisplayName</button>
                                 }
                             </p>
                         </div>
@@ -81,6 +95,7 @@
 </div>
 
 @section Scripts {
-    <script src="~/lib/jquery-validation/dist/jquery.validate.min.js"></script>
-    <script src="~/lib/jquery-validation-unobtrusive/dist/jquery.validate.unobtrusive.min.js"></script>
+    <partial name="_ValidationScriptsPartial" />
+    <script src="~/js/passkey-submit.js" asp-append-version="true"></script>
 }
+
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Login.cshtml.cs b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Login.cshtml.cs
index ed13c11..7d9e054 100644
--- a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Login.cshtml.cs
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Login.cshtml.cs
@@ -2,143 +2,142 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 #nullable disable
 
-using Fido2Identity;
 using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.RazorPages;
-using OpeniddictServer.Data;
+using IdentityProvider.Data;
 using System.ComponentModel.DataAnnotations;
 
-namespace OpeniddictServer.Areas.Identity.Pages.Account
+namespace IdentityProvider.Areas.Identity.Pages.Account;
+
+[AllowAnonymous]
+public class LoginModel : PageModel
 {
-    public class LoginModel : PageModel
-    {
-        private readonly SignInManager<ApplicationUser> _signInManager;
-        private readonly Fido2Store _fido2Store;
-        private readonly ILogger<LoginModel> _logger;
+    private readonly SignInManager<ApplicationUser> _signInManager;
+    private readonly ILogger<LoginModel> _logger;
 
-        public LoginModel(SignInManager<ApplicationUser> signInManager,
-            Fido2Store fido2Store,
-            ILogger<LoginModel> logger)
-        {
-            _signInManager = signInManager;
-            _fido2Store = fido2Store;
-            _logger = logger;
-        }
+    public LoginModel(SignInManager<ApplicationUser> signInManager, ILogger<LoginModel> logger)
+    {
+        _signInManager = signInManager;
+        _logger = logger;
+    }
 
+    /// <summary>
+    ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
+    ///     directly from your code. This API may change or be removed in future releases.
+    /// </summary>
+    [BindProperty]
+    public InputModel Input { get; set; }
+
+    /// <summary>
+    ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
+    ///     directly from your code. This API may change or be removed in future releases.
+    /// </summary>
+    public IList<AuthenticationScheme> ExternalLogins { get; set; }
+
+    /// <summary>
+    ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
+    ///     directly from your code. This API may change or be removed in future releases.
+    /// </summary>
+    public string ReturnUrl { get; set; }
+
+    /// <summary>
+    ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
+    ///     directly from your code. This API may change or be removed in future releases.
+    /// </summary>
+    [TempData]
+    public string ErrorMessage { get; set; }
+
+    /// <summary>
+    ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
+    ///     directly from your code. This API may change or be removed in future releases.
+    /// </summary>
+    public class InputModel
+    {
         /// <summary>
         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
         ///     directly from your code. This API may change or be removed in future releases.
         /// </summary>
-        [BindProperty]
-        public InputModel Input { get; set; }
+        [Required]
+        [EmailAddress]
+        public string Email { get; set; }
 
         /// <summary>
         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
         ///     directly from your code. This API may change or be removed in future releases.
         /// </summary>
-        public IList<AuthenticationScheme> ExternalLogins { get; set; }
+        [Required]
+        [DataType(DataType.Password)]
+        public string Password { get; set; }
 
         /// <summary>
         ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
         ///     directly from your code. This API may change or be removed in future releases.
         /// </summary>
-        public string ReturnUrl { get; set; }
+        [Display(Name = "Remember me?")]
+        public bool RememberMe { get; set; }
 
-        /// <summary>
-        ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-        ///     directly from your code. This API may change or be removed in future releases.
-        /// </summary>
-        [TempData]
-        public string ErrorMessage { get; set; }
+        public PasskeyInputModel Passkey { get; set; }
+    }
 
-        /// <summary>
-        ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-        ///     directly from your code. This API may change or be removed in future releases.
-        /// </summary>
-        public class InputModel
+    public async Task OnGetAsync(string returnUrl = null)
+    {
+        if (!string.IsNullOrEmpty(ErrorMessage))
         {
-            /// <summary>
-            ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-            ///     directly from your code. This API may change or be removed in future releases.
-            /// </summary>
-            [Required]
-            [EmailAddress]
-            public string Email { get; set; }
-
-            /// <summary>
-            ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-            ///     directly from your code. This API may change or be removed in future releases.
-            /// </summary>
-            [Required]
-            [DataType(DataType.Password)]
-            public string Password { get; set; }
-
-            /// <summary>
-            ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-            ///     directly from your code. This API may change or be removed in future releases.
-            /// </summary>
-            [Display(Name = "Remember me?")]
-            public bool RememberMe { get; set; }
+            ModelState.AddModelError(string.Empty, ErrorMessage);
         }
 
-        public async Task OnGetAsync(string returnUrl = null)
-        {
-            if (!string.IsNullOrEmpty(ErrorMessage))
-            {
-                ModelState.AddModelError(string.Empty, ErrorMessage);
-            }
+        returnUrl ??= Url.Content("~/");
+
+        // Clear the existing external cookie to ensure a clean login process
+        await HttpContext.SignOutAsync(IdentityConstants.ExternalScheme);
+
+        ExternalLogins = (await _signInManager.GetExternalAuthenticationSchemesAsync()).ToList();
+
+        ReturnUrl = returnUrl;
+    }
+
+    public async Task<IActionResult> OnPostAsync(string returnUrl = null)
+    {
+        returnUrl ??= Url.Content("~/");
 
-            returnUrl ??= Url.Content("~/");
+        ExternalLogins = (await _signInManager.GetExternalAuthenticationSchemesAsync()).ToList();
 
-            // Clear the existing external cookie to ensure a clean login process
-            await HttpContext.SignOutAsync(IdentityConstants.ExternalScheme);
+        Microsoft.AspNetCore.Identity.SignInResult result = null;
 
-            ExternalLogins = (await _signInManager.GetExternalAuthenticationSchemesAsync()).ToList();
+        if (!string.IsNullOrEmpty(Input.Passkey?.CredentialJson))
+        {
+            // When performing passkey sign-in, don't perform form validation.
+            ModelState.Clear();
 
-            ReturnUrl = returnUrl;
+            result = await _signInManager.PasskeySignInAsync(Input.Passkey.CredentialJson);
+        }
+        else if (ModelState.IsValid)
+        {
+            // This doesn't count login failures towards account lockout
+            // To enable password failures to trigger account lockout, set lockoutOnFailure: true
+            result = await _signInManager.PasswordSignInAsync(Input.Email, Input.Password, Input.RememberMe, lockoutOnFailure: false);
         }
 
-        public async Task<IActionResult> OnPostAsync(string returnUrl = null)
+        if (result.Succeeded)
+        {
+            _logger.LogInformation("User logged in.");
+            return LocalRedirect(returnUrl);
+        }
+        if (result.RequiresTwoFactor)
+        {
+            return RedirectToPage("./LoginWith2fa", new { ReturnUrl = returnUrl, RememberMe = Input.RememberMe });
+        }
+        if (result.IsLockedOut)
+        {
+            _logger.LogWarning("User account locked out.");
+            return RedirectToPage("./Lockout");
+        }
+        else
         {
-            returnUrl ??= Url.Content("~/");
-
-            ExternalLogins = (await _signInManager.GetExternalAuthenticationSchemesAsync()).ToList();
-
-            if (ModelState.IsValid)
-            {
-                // This doesn't count login failures towards account lockout
-                // To enable password failures to trigger account lockout, set lockoutOnFailure: true
-                var result = await _signInManager.PasswordSignInAsync(Input.Email, Input.Password, Input.RememberMe, lockoutOnFailure: false);
-                if (result.Succeeded)
-                {
-                    _logger.LogInformation("User logged in.");
-                    return LocalRedirect(returnUrl);
-                }
-                if (result.RequiresTwoFactor)
-                {
-                    var fido2ItemExistsForUser = await _fido2Store.GetCredentialsByUserNameAsync(Input.Email);
-                    if (fido2ItemExistsForUser.Count > 0)
-                    {
-                        return RedirectToPage("./LoginFido2Mfa", new { ReturnUrl = returnUrl, Input.RememberMe });
-                    }
-
-                    return RedirectToPage("./LoginWith2fa", new { ReturnUrl = returnUrl, RememberMe = Input.RememberMe });
-                }
-                if (result.IsLockedOut)
-                {
-                    _logger.LogWarning("User account locked out.");
-                    return RedirectToPage("./Lockout");
-                }
-                else
-                {
-                    ModelState.AddModelError(string.Empty, "Invalid login attempt.");
-                    return Page();
-                }
-            }
-
-            // If we got this far, something failed, redisplay form
+            ModelState.AddModelError(string.Empty, "Invalid login attempt.");
             return Page();
         }
     }
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/LoginFido2Mfa.cshtml b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/LoginFido2Mfa.cshtml
index 3c29515..4a931fe 100644
--- a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/LoginFido2Mfa.cshtml
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/LoginFido2Mfa.cshtml
@@ -1,5 +1,11 @@
 @page
 
+@using IdentityProvider
+@using IdentityProvider.Areas.Identity
+@using IdentityProvider.Areas.Identity.Pages
+@using IdentityProvider.Areas.Identity.Pages.Account
+@using IdentityProvider.Data
+@using IdentityProvider.Passkeys
 @using Microsoft.AspNetCore.Identity
 @inject SignInManager<ApplicationUser> SignInManager
 @inject UserManager<ApplicationUser> UserManager
@@ -10,7 +16,7 @@
         return Xsrf.GetAndStoreTokens(this.HttpContext).RequestToken;
     }
 }
-@model OpeniddictServer.Areas.Identity.Pages.Account.MfaModel
+@model IdentityProvider.Areas.Identity.Pages.Account.MfaModel
 @{
     ViewData["Title"] = "Login with Fido2 MFA";
 }
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/LoginFido2Mfa.cshtml.cs b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/LoginFido2Mfa.cshtml.cs
index 8f7dba6..70a6823 100644
--- a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/LoginFido2Mfa.cshtml.cs
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/LoginFido2Mfa.cshtml.cs
@@ -2,7 +2,7 @@
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.RazorPages;
 
-namespace OpeniddictServer.Areas.Identity.Pages.Account;
+namespace IdentityProvider.Areas.Identity.Pages.Account;
 
 [AllowAnonymous]
 public class MfaModel : PageModel
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ChangePassword.cshtml b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ChangePassword.cshtml
new file mode 100644
index 0000000..0033d05
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ChangePassword.cshtml
@@ -0,0 +1,36 @@
+@page
+@model ChangePasswordModel
+@{
+    ViewData["Title"] = "Change password";
+    ViewData["ActivePage"] = ManageNavPages.ChangePassword;
+}
+
+<h3>@ViewData["Title"]</h3>
+<partial name="_StatusMessage" for="StatusMessage" />
+<div class="row">
+    <div class="col-md-6">
+        <form id="change-password-form" method="post">
+            <div asp-validation-summary="All" class="text-danger"></div>
+            <div class="form-group">
+                <label asp-for="Input.OldPassword"></label>
+                <input asp-for="Input.OldPassword" class="form-control" autocomplete="current-password" aria-required="true" />
+                <span asp-validation-for="Input.OldPassword" class="text-danger"></span>
+            </div>
+            <div class="form-group">
+                <label asp-for="Input.NewPassword"></label>
+                <input asp-for="Input.NewPassword" class="form-control" autocomplete="new-password" aria-required="true" />
+                <span asp-validation-for="Input.NewPassword" class="text-danger"></span>
+            </div>
+            <div class="form-group">
+                <label asp-for="Input.ConfirmPassword"></label>
+                <input asp-for="Input.ConfirmPassword" class="form-control" autocomplete="new-password" aria-required="true" />
+                <span asp-validation-for="Input.ConfirmPassword" class="text-danger"></span>
+            </div>
+            <button type="submit" class="btn btn-primary">Update password</button>
+        </form>
+    </div>
+</div>
+
+@section Scripts {
+    <partial name="_ValidationScriptsPartial" />
+}
\ No newline at end of file
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ChangePassword.cshtml.cs b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ChangePassword.cshtml.cs
new file mode 100644
index 0000000..e5f9853
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ChangePassword.cshtml.cs
@@ -0,0 +1,96 @@
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+using IdentityProvider.Data;
+using System.ComponentModel.DataAnnotations;
+
+namespace IdentityProvider.Areas.Identity.Pages.Account.Manage;
+
+public class ChangePasswordModel : PageModel
+{
+    private readonly UserManager<ApplicationUser> _userManager;
+    private readonly SignInManager<ApplicationUser> _signInManager;
+    private readonly ILogger<ChangePasswordModel> _logger;
+
+    public ChangePasswordModel(
+        UserManager<ApplicationUser> userManager,
+        SignInManager<ApplicationUser> signInManager,
+        ILogger<ChangePasswordModel> logger)
+    {
+        _userManager = userManager;
+        _signInManager = signInManager;
+        _logger = logger;
+    }
+
+    [BindProperty]
+    public InputModel Input { get; set; } = new InputModel();
+
+    [TempData]
+    public string StatusMessage { get; set; } = string.Empty;
+
+    public class InputModel
+    {
+        [Required]
+        [DataType(DataType.Password)]
+        [Display(Name = "Current password")]
+        public string OldPassword { get; set; } = string.Empty;
+
+        [Required]
+        [StringLength(100, ErrorMessage = "The {0} must be at least {2} and at max {1} characters long.", MinimumLength = 6)]
+        [DataType(DataType.Password)]
+        [Display(Name = "New password")]
+        public string NewPassword { get; set; } = string.Empty;
+
+        [DataType(DataType.Password)]
+        [Display(Name = "Confirm new password")]
+        [Compare("NewPassword", ErrorMessage = "The new password and confirmation password do not match.")]
+        public string ConfirmPassword { get; set; } = string.Empty;
+    }
+
+    public async Task<IActionResult> OnGetAsync()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        var hasPassword = await _userManager.HasPasswordAsync(user);
+        if (!hasPassword)
+        {
+            return RedirectToPage("./SetPassword");
+        }
+
+        return Page();
+    }
+
+    public async Task<IActionResult> OnPostAsync()
+    {
+        if (!ModelState.IsValid)
+        {
+            return Page();
+        }
+
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        var changePasswordResult = await _userManager.ChangePasswordAsync(user, Input.OldPassword, Input.NewPassword);
+        if (!changePasswordResult.Succeeded)
+        {
+            foreach (var error in changePasswordResult.Errors)
+            {
+                ModelState.AddModelError(string.Empty, error.Description);
+            }
+            return Page();
+        }
+
+        await _signInManager.RefreshSignInAsync(user);
+        _logger.LogInformation("User changed their password successfully.");
+        StatusMessage = "Your password has been changed.";
+
+        return RedirectToPage();
+    }
+}
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/DeletePersonalData.cshtml b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/DeletePersonalData.cshtml
new file mode 100644
index 0000000..173ffc4
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/DeletePersonalData.cshtml
@@ -0,0 +1,33 @@
+@page
+@model DeletePersonalDataModel
+@{
+    ViewData["Title"] = "Delete Personal Data";
+    ViewData["ActivePage"] = ManageNavPages.PersonalData;
+}
+
+<h3>@ViewData["Title"]</h3>
+
+<div class="alert alert-warning" role="alert">
+    <p>
+        <strong>Deleting this data will permanently remove your account, and this cannot be recovered.</strong>
+    </p>
+</div>
+
+<div>
+    <form id="delete-user" method="post" class="form-group">
+        <div asp-validation-summary="All" class="text-danger"></div>
+        @if (Model.RequirePassword)
+        {
+            <div class="form-group">
+                <label asp-for="Input.Password"></label>
+                <input asp-for="Input.Password" class="form-control" autocomplete="current-password" aria-required="true" />
+                <span asp-validation-for="Input.Password" class="text-danger"></span>
+            </div>
+        }
+        <button class="btn btn-danger" type="submit">Delete data and close my account</button>
+    </form>
+</div>
+
+@section Scripts {
+    <partial name="_ValidationScriptsPartial" />
+}
\ No newline at end of file
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/DeletePersonalData.cshtml.cs b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/DeletePersonalData.cshtml.cs
new file mode 100644
index 0000000..960aa84
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/DeletePersonalData.cshtml.cs
@@ -0,0 +1,80 @@
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+using IdentityProvider.Data;
+using System.ComponentModel.DataAnnotations;
+
+namespace IdentityProvider.Areas.Identity.Pages.Account.Manage;
+
+public class DeletePersonalDataModel : PageModel
+{
+    private readonly UserManager<ApplicationUser> _userManager;
+    private readonly SignInManager<ApplicationUser> _signInManager;
+    private readonly ILogger<DeletePersonalDataModel> _logger;
+
+    public DeletePersonalDataModel(
+        UserManager<ApplicationUser> userManager,
+        SignInManager<ApplicationUser> signInManager,
+        ILogger<DeletePersonalDataModel> logger)
+    {
+        _userManager = userManager;
+        _signInManager = signInManager;
+        _logger = logger;
+    }
+
+    [BindProperty]
+    public InputModel Input { get; set; } = new InputModel();
+
+    public class InputModel
+    {
+        [Required]
+        [DataType(DataType.Password)]
+        public string Password { get; set; } = string.Empty;
+    }
+
+    public bool RequirePassword { get; set; }
+
+    public async Task<IActionResult> OnGet()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        RequirePassword = await _userManager.HasPasswordAsync(user);
+        return Page();
+    }
+
+    public async Task<IActionResult> OnPostAsync()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        RequirePassword = await _userManager.HasPasswordAsync(user);
+        if (RequirePassword)
+        {
+            if (!await _userManager.CheckPasswordAsync(user, Input.Password))
+            {
+                ModelState.AddModelError(string.Empty, "Incorrect password.");
+                return Page();
+            }
+        }
+
+        var result = await _userManager.DeleteAsync(user);
+        var userId = await _userManager.GetUserIdAsync(user);
+        if (!result.Succeeded)
+        {
+            throw new InvalidOperationException($"Unexpected error occurred deleting user with ID '{userId}'.");
+        }
+
+        await _signInManager.SignOutAsync();
+
+        _logger.LogInformation("User with ID '{UserId}' deleted themselves.", userId);
+
+        return Redirect("~/");
+    }
+}
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Disable2fa.cshtml b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Disable2fa.cshtml
index 31ecb7e..2b84b9a 100644
--- a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Disable2fa.cshtml
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Disable2fa.cshtml
@@ -14,12 +14,12 @@
     </p>
     <p>
         Disabling 2FA does not change the keys used in authenticator apps. If you wish to change the key
-        used in an authenticator app you should <a asp-page="./ResetAuthenticator">reset your authenticator keys.</a>
+        used in an authenticator app you should <a asp-page="/Account/Manage/ResetAuthenticator">reset your authenticator keys.</a>
     </p>
 </div>
 
 <div>
-    <form method="post">
+    <form method="post" class="form-group">
         <button class="btn btn-danger" type="submit">Disable 2FA</button>
     </form>
 </div>
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Disable2fa.cshtml.cs b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Disable2fa.cshtml.cs
index 817a15b..1f62306 100644
--- a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Disable2fa.cshtml.cs
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Disable2fa.cshtml.cs
@@ -1,74 +1,58 @@
-// Licensed to the .NET Foundation under one or more agreements.
-// The .NET Foundation licenses this file to you under the MIT license.
-#nullable disable
-
-using Fido2Identity;
-using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.RazorPages;
-using OpeniddictServer.Data;
+using IdentityProvider.Data;
+
+namespace IdentityProvider.Areas.Identity.Pages.Account.Manage;
 
-namespace OpeniddictServer.Areas.Identity.Pages.Account.Manage
+public class Disable2faModel : PageModel
 {
-    public class Disable2faModel : PageModel
+    private readonly UserManager<ApplicationUser> _userManager;
+    private readonly ILogger<Disable2faModel> _logger;
+
+    public Disable2faModel(
+        UserManager<ApplicationUser> userManager,
+        ILogger<Disable2faModel> logger)
     {
-        private readonly UserManager<ApplicationUser> _userManager;
-        private readonly ILogger<Disable2faModel> _logger;
-        private readonly Fido2Store _fido2Store;
+        _userManager = userManager;
+        _logger = logger;
+    }
 
-        public Disable2faModel(
-            UserManager<ApplicationUser> userManager,
-            Fido2Store fido2Store,
-            ILogger<Disable2faModel> logger)
+    [TempData]
+    public string StatusMessage { get; set; } = string.Empty;
+
+    public async Task<IActionResult> OnGet()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
         {
-            _userManager = userManager;
-            _fido2Store = fido2Store;
-            _logger = logger;
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
         }
 
-        /// <summary>
-        ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-        ///     directly from your code. This API may change or be removed in future releases.
-        /// </summary>
-        [TempData]
-        public string StatusMessage { get; set; }
-
-        public async Task<IActionResult> OnGet()
+        if (!await _userManager.GetTwoFactorEnabledAsync(user))
         {
-            var user = await _userManager.GetUserAsync(User);
-            if (user == null)
-            {
-                return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
-            }
+            throw new InvalidOperationException($"Cannot disable 2FA for user with ID '{_userManager.GetUserId(User)}' as it's not currently enabled.");
+        }
 
-            if (!await _userManager.GetTwoFactorEnabledAsync(user))
-            {
-                throw new InvalidOperationException($"Cannot disable 2FA for user as it's not currently enabled.");
-            }
+        return Page();
+    }
 
-            return Page();
+    public async Task<IActionResult> OnPostAsync()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
         }
 
-        public async Task<IActionResult> OnPostAsync()
+        var disable2faResult = await _userManager.SetTwoFactorEnabledAsync(user, false);
+        if (!disable2faResult.Succeeded)
         {
-            var user = await _userManager.GetUserAsync(User);
-            if (user == null)
-            {
-                return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
-            }
-
-            // remove Fido2 MFA if it exists
-            await _fido2Store.RemoveCredentialsByUserNameAsync(user.UserName);
-
-            var disable2faResult = await _userManager.SetTwoFactorEnabledAsync(user, false);
-            if (!disable2faResult.Succeeded)
-            {
-                throw new InvalidOperationException($"Unexpected error occurred disabling 2FA.");
-            }
-
-            _logger.LogInformation("User with ID '{UserId}' has disabled 2fa.", _userManager.GetUserId(User));
-            StatusMessage = "2fa has been disabled. You can reenable 2fa when you setup an authenticator app";
-            return RedirectToPage("./TwoFactorAuthentication");
+            throw new InvalidOperationException($"Unexpected error occurred disabling 2FA for user with ID '{_userManager.GetUserId(User)}'.");
         }
+
+        _logger.LogInformation("User with ID '{UserId}' has disabled 2fa.", _userManager.GetUserId(User));
+        StatusMessage = "2fa has been disabled. You can reenable 2fa when you setup an authenticator app";
+        return RedirectToPage("./TwoFactorAuthentication");
     }
 }
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/DownloadPersonalData.cshtml b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/DownloadPersonalData.cshtml
new file mode 100644
index 0000000..35db45c
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/DownloadPersonalData.cshtml
@@ -0,0 +1,12 @@
+@page
+@model DownloadPersonalDataModel
+@{
+    ViewData["Title"] = "Download Your Data";
+    ViewData["ActivePage"] = ManageNavPages.PersonalData;
+}
+
+<h3>@ViewData["Title"]</h3>
+
+@section Scripts {
+    <partial name="_ValidationScriptsPartial" />
+}
\ No newline at end of file
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/DownloadPersonalData.cshtml.cs b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/DownloadPersonalData.cshtml.cs
new file mode 100644
index 0000000..049b142
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/DownloadPersonalData.cshtml.cs
@@ -0,0 +1,50 @@
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+using IdentityProvider.Data;
+using System.Text.Json;
+
+namespace IdentityProvider.Areas.Identity.Pages.Account.Manage;
+
+public class DownloadPersonalDataModel : PageModel
+{
+    private readonly UserManager<ApplicationUser> _userManager;
+    private readonly ILogger<DownloadPersonalDataModel> _logger;
+
+    public DownloadPersonalDataModel(
+        UserManager<ApplicationUser> userManager,
+        ILogger<DownloadPersonalDataModel> logger)
+    {
+        _userManager = userManager;
+        _logger = logger;
+    }
+
+    public async Task<IActionResult> OnPostAsync()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        _logger.LogInformation("User with ID '{UserId}' asked for their personal data.", _userManager.GetUserId(User));
+
+        // Only include personal data for download
+        var personalData = new Dictionary<string, string>();
+        var personalDataProps = typeof(ApplicationUser).GetProperties().Where(
+                        prop => Attribute.IsDefined(prop, typeof(PersonalDataAttribute)));
+        foreach (var p in personalDataProps)
+        {
+            personalData.Add(p.Name, p.GetValue(user)?.ToString() ?? "null");
+        }
+
+        var logins = await _userManager.GetLoginsAsync(user);
+        foreach (var l in logins)
+        {
+            personalData.Add($"{l.LoginProvider} external login provider key", l.ProviderKey);
+        }
+
+        Response.Headers.Append("Content-Disposition", "attachment; filename=PersonalData.json");
+        return new FileContentResult(JsonSerializer.SerializeToUtf8Bytes(personalData), "application/json");
+    }
+}
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Email.cshtml b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Email.cshtml
new file mode 100644
index 0000000..07628f5
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Email.cshtml
@@ -0,0 +1,43 @@
+@page
+@model EmailModel
+@{
+    ViewData["Title"] = "Manage Email";
+    ViewData["ActivePage"] = ManageNavPages.Email;
+}
+
+<h4>@ViewData["Title"]</h4>
+<partial name="_StatusMessage" model="Model.StatusMessage" />
+<div class="row">
+    <div class="col-md-6">
+        <form id="email-form" method="post">
+            <div asp-validation-summary="All" class="text-danger"></div>
+            <div class="form-group">
+                <label asp-for="Email"></label>
+                @if (Model.IsEmailConfirmed)
+                {
+                    <div class="input-group">
+                        <input asp-for="Email" class="form-control" disabled />
+                        <div class="input-group-append">
+                            <span class="input-group-text text-success font-weight-bold">✓</span>
+                        </div>
+                    </div>
+                }
+                 else
+                {
+                    <input asp-for="Email" class="form-control" disabled />
+                    <button id="email-verification" type="submit" asp-page-handler="SendVerificationEmail" class="btn btn-link">Send verification email</button>
+                }
+            </div>
+            <div class="form-group">
+                <label asp-for="Input.NewEmail"></label>
+                <input asp-for="Input.NewEmail" class="form-control" autocomplete="email" aria-required="true" />
+                <span asp-validation-for="Input.NewEmail" class="text-danger"></span>
+            </div>
+            <button id="change-email-button" type="submit" asp-page-handler="ChangeEmail" class="btn btn-primary">Change email</button>
+        </form>
+    </div>
+</div>
+
+@section Scripts {
+    <partial name="_ValidationScriptsPartial" />
+}
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Email.cshtml.cs b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Email.cshtml.cs
new file mode 100644
index 0000000..2e66d42
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Email.cshtml.cs
@@ -0,0 +1,143 @@
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Identity.UI.Services;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+using Microsoft.AspNetCore.WebUtilities;
+using IdentityProvider.Data;
+using System.ComponentModel.DataAnnotations;
+using System.Text;
+using System.Text.Encodings.Web;
+
+namespace IdentityProvider.Areas.Identity.Pages.Account.Manage;
+
+public partial class EmailModel : PageModel
+{
+    private readonly UserManager<ApplicationUser> _userManager;
+    private readonly SignInManager<ApplicationUser> _signInManager;
+    private readonly IEmailSender _emailSender;
+
+    public EmailModel(
+        UserManager<ApplicationUser> userManager,
+        SignInManager<ApplicationUser> signInManager,
+        IEmailSender emailSender)
+    {
+        _userManager = userManager;
+        _signInManager = signInManager;
+        _emailSender = emailSender;
+    }
+
+    public string Username { get; set; } = string.Empty;
+
+    public string Email { get; set; } = string.Empty;
+
+    public bool IsEmailConfirmed { get; set; }
+
+    [TempData]
+    public string StatusMessage { get; set; } = string.Empty;
+
+    [BindProperty]
+    public InputModel Input { get; set; } = new InputModel();
+
+    public class InputModel
+    {
+        [Required]
+        [EmailAddress]
+        [Display(Name = "New email")]
+        public string NewEmail { get; set; } = string.Empty;
+    }
+
+    private async Task LoadAsync(ApplicationUser user)
+    {
+        var email = await _userManager.GetEmailAsync(user);
+        Email = email!;
+
+        Input = new InputModel
+        {
+            NewEmail = email!,
+        };
+
+        IsEmailConfirmed = await _userManager.IsEmailConfirmedAsync(user);
+    }
+
+    public async Task<IActionResult> OnGetAsync()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        await LoadAsync(user);
+        return Page();
+    }
+
+    public async Task<IActionResult> OnPostChangeEmailAsync()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        if (!ModelState.IsValid)
+        {
+            await LoadAsync(user);
+            return Page();
+        }
+
+        var email = await _userManager.GetEmailAsync(user);
+        if (Input.NewEmail != email)
+        {
+            var userId = await _userManager.GetUserIdAsync(user);
+            var code = await _userManager.GenerateChangeEmailTokenAsync(user, Input.NewEmail);
+            code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code));
+            var callbackUrl = Url.Page(
+                "/Account/ConfirmEmailChange",
+                pageHandler: null,
+                values: new { userId = userId, email = Input.NewEmail, code = code },
+                protocol: Request.Scheme);
+            await _emailSender.SendEmailAsync(
+                Input.NewEmail,
+                "Confirm your email",
+                $"Please confirm your account by <a href='{HtmlEncoder.Default.Encode(callbackUrl!)}'>clicking here</a>.");
+
+            StatusMessage = "Confirmation link to change email sent. Please check your email.";
+            return RedirectToPage();
+        }
+
+        StatusMessage = "Your email is unchanged.";
+        return RedirectToPage();
+    }
+
+    public async Task<IActionResult> OnPostSendVerificationEmailAsync()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        if (!ModelState.IsValid)
+        {
+            await LoadAsync(user);
+            return Page();
+        }
+
+        var userId = await _userManager.GetUserIdAsync(user);
+        var email = await _userManager.GetEmailAsync(user);
+        var code = await _userManager.GenerateEmailConfirmationTokenAsync(user);
+        code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code));
+        var callbackUrl = Url.Page(
+            "/Account/ConfirmEmail",
+            pageHandler: null,
+            values: new { userId, code },
+            protocol: Request.Scheme);
+        await _emailSender.SendEmailAsync(
+            email!,
+            "Confirm your email",
+            $"Please confirm your account by <a href='{HtmlEncoder.Default.Encode(callbackUrl!)}'>clicking here</a>.");
+
+        StatusMessage = "Verification email sent. Please check your email.";
+        return RedirectToPage();
+    }
+}
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/EnableAuthenticator.cshtml b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/EnableAuthenticator.cshtml
new file mode 100644
index 0000000..07893a0
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/EnableAuthenticator.cshtml
@@ -0,0 +1,56 @@
+@page
+@model EnableAuthenticatorModel
+@{
+    ViewData["Title"] = "Configure authenticator app";
+    ViewData["ActivePage"] = ManageNavPages.TwoFactorAuthentication;
+}
+
+<partial name="_StatusMessage" for="StatusMessage" />
+<h3>@ViewData["Title"]</h3>
+<div>
+    <p>To use an authenticator app go through the following steps:</p>
+    <ol class="list">
+        <li>
+            <p>
+                Download a two-factor authenticator app like Microsoft Authenticator for
+                <a href="https://go.microsoft.com/fwlink/?Linkid=825072">Android</a> and
+                <a href="https://go.microsoft.com/fwlink/?Linkid=825073">iOS</a> or
+                Google Authenticator for
+                <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&amp;hl=en">Android</a> and
+                <a href="https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8">iOS</a>.
+            </p>
+        </li>
+        <li>
+            <p>Scan the QR Code or enter this key <kbd>@Model.SharedKey</kbd> into your two factor authenticator app. Spaces and casing do not matter.</p>
+            <div class="alert alert-info">Learn how to <a href="https://go.microsoft.com/fwlink/?Linkid=852423">enable QR code generation</a>.</div>
+            <div id="qrCode"></div>
+            <div id="qrCodeData" data-url="@Html.Raw(@Model.AuthenticatorUri)"></div>
+        </li>
+        <li>
+            <p>
+                Once you have scanned the QR code or input the key above, your two factor authentication app will provide you
+                with a unique code. Enter the code in the confirmation box below.
+            </p>
+            <div class="row">
+                <div class="col-md-6">
+                    <form id="send-code" method="post">
+                        <div class="form-group">
+                            <label asp-for="Input.Code" class="control-label">Verification Code</label>
+                            <input asp-for="Input.Code" class="form-control" autocomplete="off" />
+                            <span asp-validation-for="Input.Code" class="text-danger"></span>
+                        </div>
+                        <button type="submit" class="btn btn-primary">Verify</button>
+                        <div asp-validation-summary="ModelOnly" class="text-danger"></div>
+                    </form>
+                </div>
+            </div>
+        </li>
+    </ol>
+</div>
+
+@section Scripts {
+    <partial name="_ValidationScriptsPartial" />
+
+    <script asp-add-nonce type="text/javascript" src="~/lib/qrcode/qrcode.js"></script>
+    <script asp-add-nonce type="text/javascript" src="~/js/qr.js"></script>
+}
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/EnableAuthenticator.cshtml.cs b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/EnableAuthenticator.cshtml.cs
new file mode 100644
index 0000000..382c749
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/EnableAuthenticator.cshtml.cs
@@ -0,0 +1,150 @@
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+using IdentityProvider.Data;
+using System.ComponentModel.DataAnnotations;
+using System.Text;
+using System.Text.Encodings.Web;
+
+namespace IdentityProvider.Areas.Identity.Pages.Account.Manage;
+
+public class EnableAuthenticatorModel : PageModel
+{
+    private readonly UserManager<ApplicationUser> _userManager;
+    private readonly ILogger<EnableAuthenticatorModel> _logger;
+    private readonly UrlEncoder _urlEncoder;
+
+    private const string AuthenticatorUriFormat = "otpauth://totp/{0}:{1}?secret={2}&issuer={0}&digits=6";
+
+    public EnableAuthenticatorModel(
+        UserManager<ApplicationUser> userManager,
+        ILogger<EnableAuthenticatorModel> logger,
+        UrlEncoder urlEncoder)
+    {
+        _userManager = userManager;
+        _logger = logger;
+        _urlEncoder = urlEncoder;
+    }
+
+    public string SharedKey { get; set; } = string.Empty;
+
+    public string AuthenticatorUri { get; set; } = string.Empty;
+
+    [TempData]
+    public string[] RecoveryCodes { get; set; } = [];
+
+    [TempData]
+    public string StatusMessage { get; set; } = string.Empty;
+
+    [BindProperty]
+    public InputModel Input { get; set; } = new InputModel();
+
+    public class InputModel
+    {
+        [Required]
+        [StringLength(7, ErrorMessage = "The {0} must be at least {2} and at max {1} characters long.", MinimumLength = 6)]
+        [DataType(DataType.Text)]
+        [Display(Name = "Verification Code")]
+        public string Code { get; set; } = string.Empty;
+    }
+
+    public async Task<IActionResult> OnGetAsync()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        await LoadSharedKeyAndQrCodeUriAsync(user);
+
+        return Page();
+    }
+
+    public async Task<IActionResult> OnPostAsync()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        if (!ModelState.IsValid)
+        {
+            await LoadSharedKeyAndQrCodeUriAsync(user);
+            return Page();
+        }
+
+        // Strip spaces and hypens
+        var verificationCode = Input.Code.Replace(" ", string.Empty).Replace("-", string.Empty);
+
+        var is2faTokenValid = await _userManager.VerifyTwoFactorTokenAsync(
+            user, _userManager.Options.Tokens.AuthenticatorTokenProvider, verificationCode);
+
+        if (!is2faTokenValid)
+        {
+            ModelState.AddModelError("Input.Code", "Verification code is invalid.");
+            await LoadSharedKeyAndQrCodeUriAsync(user);
+            return Page();
+        }
+
+        await _userManager.SetTwoFactorEnabledAsync(user, true);
+        var userId = await _userManager.GetUserIdAsync(user);
+        _logger.LogInformation("User with ID '{UserId}' has enabled 2FA with an authenticator app.", userId);
+
+        StatusMessage = "Your authenticator app has been verified.";
+
+        if (await _userManager.CountRecoveryCodesAsync(user) == 0)
+        {
+            var recoveryCodes = await _userManager.GenerateNewTwoFactorRecoveryCodesAsync(user, 10);
+            RecoveryCodes = recoveryCodes!.ToArray();
+            return RedirectToPage("./ShowRecoveryCodes");
+        }
+        else
+        {
+            return RedirectToPage("./TwoFactorAuthentication");
+        }
+    }
+
+    private async Task LoadSharedKeyAndQrCodeUriAsync(ApplicationUser user)
+    {
+        // Load the authenticator key & QR code URI to display on the form
+        var unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);
+        if (string.IsNullOrEmpty(unformattedKey))
+        {
+            await _userManager.ResetAuthenticatorKeyAsync(user);
+            unformattedKey = await _userManager.GetAuthenticatorKeyAsync(user);
+        }
+
+        SharedKey = FormatKey(unformattedKey!);
+
+        var email = await _userManager.GetEmailAsync(user);
+        AuthenticatorUri = GenerateQrCodeUri(email!, unformattedKey!);
+    }
+
+    private string FormatKey(string unformattedKey)
+    {
+        var result = new StringBuilder();
+        int currentPosition = 0;
+        while (currentPosition + 4 < unformattedKey.Length)
+        {
+            result.Append(unformattedKey.Substring(currentPosition, 4)).Append(" ");
+            currentPosition += 4;
+        }
+        if (currentPosition < unformattedKey.Length)
+        {
+            result.Append(unformattedKey.Substring(currentPosition));
+        }
+
+        return result.ToString().ToLowerInvariant();
+    }
+
+    private string GenerateQrCodeUri(string email, string unformattedKey)
+    {
+        return string.Format(
+            AuthenticatorUriFormat,
+            _urlEncoder.Encode("AheadIdentityProvider"),
+            _urlEncoder.Encode(email),
+            unformattedKey);
+    }
+}
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ExternalLogins.cshtml b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ExternalLogins.cshtml
new file mode 100644
index 0000000..203fb22
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ExternalLogins.cshtml
@@ -0,0 +1,56 @@
+@page
+@model ExternalLoginsModel
+@{
+    ViewData["Title"] = "Manage your external logins";
+    ViewData["ActivePage"] = ManageNavPages.ExternalLogins;
+}
+
+<partial name="_StatusMessage" for="StatusMessage" />
+@if (Model.CurrentLogins?.Count > 0)
+{
+    <h4>Registered Logins</h4>
+    <table class="table">
+        <tbody>
+            @foreach (var login in Model.CurrentLogins)
+            {
+                <tr>
+                    <td id="@($"login-provider-{login.LoginProvider}")">@login.ProviderDisplayName</td>
+                    <td>
+                        @if (Model.ShowRemoveButton)
+                        {
+                            <form id="@($"remove-login-{login.LoginProvider}")" asp-page-handler="RemoveLogin" method="post">
+                                <div>
+                                    <input asp-for="@login.LoginProvider" name="LoginProvider" type="hidden" />
+                                    <input asp-for="@login.ProviderKey" name="ProviderKey" type="hidden" />
+                                    <button type="submit" class="btn btn-primary" title="Remove this @login.ProviderDisplayName login from your account">Remove</button>
+                                </div>
+                            </form>
+                        }
+                        else
+                        {
+                            @: &nbsp;
+                        }
+                    </td>
+                </tr>
+            }
+        </tbody>
+    </table>
+}
+@if (Model.OtherLogins?.Count > 0)
+{
+    <h3>Add another service to log in.</h3>
+    <hr />
+    <form id="link-login-form" asp-page-handler="LinkLogin" method="post" class="form-horizontal">
+        <div id="socialLoginList">
+            <p>
+                @foreach (var provider in Model.OtherLogins)
+                {
+                    if (provider.Name != "UNKNOWNAPI")
+                    {
+                        <button id="@($"link-login-button-{provider.Name}")" type="submit" class="btn btn-primary" name="provider" value="@provider.Name" title="Log in using your @provider.DisplayName account">@provider.DisplayName</button>
+                    }
+                }
+            </p>
+        </div>
+    </form>
+}
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ExternalLogins.cshtml.cs b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ExternalLogins.cshtml.cs
new file mode 100644
index 0000000..a3b512f
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ExternalLogins.cshtml.cs
@@ -0,0 +1,105 @@
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+using IdentityProvider.Data;
+
+namespace IdentityProvider.Areas.Identity.Pages.Account.Manage;
+
+public class ExternalLoginsModel : PageModel
+{
+    private readonly UserManager<ApplicationUser> _userManager;
+    private readonly SignInManager<ApplicationUser> _signInManager;
+
+    public ExternalLoginsModel(
+        UserManager<ApplicationUser> userManager,
+        SignInManager<ApplicationUser> signInManager)
+    {
+        _userManager = userManager;
+        _signInManager = signInManager;
+    }
+
+    public IList<UserLoginInfo> CurrentLogins { get; set; } = [];
+
+    public IList<AuthenticationScheme> OtherLogins { get; set; } = [];
+
+    public bool ShowRemoveButton { get; set; }
+
+    [TempData]
+    public string StatusMessage { get; set; } = string.Empty;
+
+    public async Task<IActionResult> OnGetAsync()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID 'user.Id'.");
+        }
+
+        CurrentLogins = await _userManager.GetLoginsAsync(user);
+        OtherLogins = (await _signInManager.GetExternalAuthenticationSchemesAsync())
+            .Where(auth => CurrentLogins.All(ul => auth.Name != ul.LoginProvider))
+            .ToList();
+        ShowRemoveButton = user.PasswordHash != null || CurrentLogins.Count > 1;
+        return Page();
+    }
+
+    public async Task<IActionResult> OnPostRemoveLoginAsync(string loginProvider, string providerKey)
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID 'user.Id'.");
+        }
+
+        var result = await _userManager.RemoveLoginAsync(user, loginProvider, providerKey);
+        if (!result.Succeeded)
+        {
+            StatusMessage = "The external login was not removed.";
+            return RedirectToPage();
+        }
+
+        await _signInManager.RefreshSignInAsync(user);
+        StatusMessage = "The external login was removed.";
+        return RedirectToPage();
+    }
+
+    public async Task<IActionResult> OnPostLinkLoginAsync(string provider)
+    {
+        // Clear the existing external cookie to ensure a clean login process
+        await HttpContext.SignOutAsync(IdentityConstants.ExternalScheme);
+
+        // Request a redirect to the external login provider to link a login for the current user
+        var redirectUrl = Url.Page("./ExternalLogins", pageHandler: "LinkLoginCallback");
+        var properties = _signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl, _userManager.GetUserId(User));
+        return new ChallengeResult(provider, properties);
+    }
+
+    public async Task<IActionResult> OnGetLinkLoginCallbackAsync()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID 'user.Id'.");
+        }
+
+        var info = await _signInManager.GetExternalLoginInfoAsync(user.Id);
+        if (info == null)
+        {
+            throw new InvalidOperationException($"Unexpected error occurred loading external login info for user with ID '{user.Id}'.");
+        }
+
+        var result = await _userManager.AddLoginAsync(user, info);
+        if (!result.Succeeded)
+        {
+            StatusMessage = "The external login was not added. External logins can only be associated with one account.";
+            return RedirectToPage();
+        }
+
+        // Clear the existing external cookie to ensure a clean login process
+        await HttpContext.SignOutAsync(IdentityConstants.ExternalScheme);
+
+        StatusMessage = "The external login was added.";
+        return RedirectToPage();
+    }
+}
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Fido2Mfa.cshtml b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Fido2Mfa.cshtml
deleted file mode 100644
index 331500f..0000000
--- a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Fido2Mfa.cshtml
+++ /dev/null
@@ -1,62 +0,0 @@
-@page "/Fido2Mfa/{handler?}"
-@using Microsoft.AspNetCore.Identity
-@inject SignInManager<ApplicationUser> SignInManager
-@inject UserManager<ApplicationUser> UserManager
-@inject Microsoft.AspNetCore.Antiforgery.IAntiforgery Xsrf
-@functions{
-    public string? GetAntiXsrfRequestToken()
-    {
-        return Xsrf.GetAndStoreTokens(this.HttpContext).RequestToken;
-    }
-}
-@model OpeniddictServer.Areas.Identity.Pages.Account.Manage.MfaModel
-@{
-    Layout = "_Layout.cshtml";
-    ViewData["Title"] = "Two-factor authentication (2FA)";
-    ViewData["ActivePage"] = ManageNavPages.Fido2Mfa;
-}
-
-<h4>@ViewData["Title"]</h4>
-<div class="section">
-    <div class="container">
-        <h1 class="title is-1">2FA/MFA</h1>
-        <div class="content"><p>This is scenario where we just want to use FIDO as the MFA. The user register and logins with their username and password. For demo purposes, we trigger the MFA registering on sign up.</p></div>
-        <div class="notification is-danger" style="display:none">
-            Please note: Your browser does not seem to support WebAuthn yet. <a href="https://caniuse.com/#search=webauthn" target="_blank">Supported browsers</a>
-        </div>
-
-        <div class="columns">
-            <div class="column is-4">
-
-                <h3 class="title is-3">Add a Fido2 MFA</h3>
-                <form action="/Fido2Mfa" method="post" id="register">
-                    <input type="hidden" id="RequestVerificationToken" name="RequestVerificationToken" value="@GetAntiXsrfRequestToken()">
-                    <div class="field">
-                        <label class="label">Username</label>
-                        <div class="control has-icons-left has-icons-right">
-                            <input class="form-control" type="text" readonly placeholder="email" value="@User.Identity?.Name" name="username" required>
-                        </div>
-                    </div>
-
-                    <div class="field" style="margin-top:10px;">
-                        <div class="control">
-                            <button class="btn btn-primary">Add FIDO2 MFA</button>
-                        </div>
-                    </div>
-                </form>
-            </div>
-        </div>
-
-
-        <div id="fido2mfadisplay"></div>
-
-    </div>
-</div>
-
-
-<div style="display:none" id="fido2TapYourSecurityKeyToFinishRegistration">FIDO2_TAP_YOUR_SECURITY_KEY_TO_FINISH_REGISTRATION</div>
-<div style="display:none" id="fido2RegistrationError">FIDO2_REGISTRATION_ERROR</div>
-
-<script src="~/js/helpers.js"></script>
-<script src="~/js/instant.js"></script>
-<script src="~/js/mfa.register.js"></script>
\ No newline at end of file
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Fido2Mfa.cshtml.cs b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Fido2Mfa.cshtml.cs
deleted file mode 100644
index c83d168..0000000
--- a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Fido2Mfa.cshtml.cs
+++ /dev/null
@@ -1,14 +0,0 @@
-using Microsoft.AspNetCore.Mvc.RazorPages;
-
-namespace OpeniddictServer.Areas.Identity.Pages.Account.Manage;
-
-public class MfaModel : PageModel
-{
-    public void OnGet()
-    {
-    }
-
-    public void OnPost()
-    {
-    }
-}
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/GenerateRecoveryCodes.cshtml b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/GenerateRecoveryCodes.cshtml
new file mode 100644
index 0000000..14efa7d
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/GenerateRecoveryCodes.cshtml
@@ -0,0 +1,27 @@
+@page
+@model GenerateRecoveryCodesModel
+@{
+    ViewData["Title"] = "Generate two-factor authentication (2FA) recovery codes";
+    ViewData["ActivePage"] = ManageNavPages.TwoFactorAuthentication;
+}
+
+<partial name="_StatusMessage" for="StatusMessage" />
+<h3>@ViewData["Title"]</h3>
+<div class="alert alert-warning" role="alert">
+    <p>
+        <span class="glyphicon glyphicon-warning-sign"></span>
+        <strong>Put these codes in a safe place.</strong>
+    </p>
+    <p>
+        If you lose your device and don't have the recovery codes you will lose access to your account.
+    </p>
+    <p>
+        Generating new recovery codes does not change the keys used in authenticator apps. If you wish to change the key
+        used in an authenticator app you should <a asp-page="/Account/Manage/ResetAuthenticator">reset your authenticator keys.</a>
+    </p>
+</div>
+<div>
+    <form method="post" class="form-group">
+        <button class="btn btn-danger" type="submit">Generate Recovery Codes</button>
+    </form>
+</div>
\ No newline at end of file
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/GenerateRecoveryCodes.cshtml.cs b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/GenerateRecoveryCodes.cshtml.cs
new file mode 100644
index 0000000..999bacd
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/GenerateRecoveryCodes.cshtml.cs
@@ -0,0 +1,67 @@
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+using IdentityProvider.Data;
+
+namespace IdentityProvider.Areas.Identity.Pages.Account.Manage;
+
+public class GenerateRecoveryCodesModel : PageModel
+{
+    private readonly UserManager<ApplicationUser> _userManager;
+    private readonly ILogger<GenerateRecoveryCodesModel> _logger;
+
+    public GenerateRecoveryCodesModel(
+        UserManager<ApplicationUser> userManager,
+        ILogger<GenerateRecoveryCodesModel> logger)
+    {
+        _userManager = userManager;
+        _logger = logger;
+    }
+
+    [TempData]
+    public string[] RecoveryCodes { get; set; } = [];
+
+    [TempData]
+    public string StatusMessage { get; set; } = string.Empty;
+
+    public async Task<IActionResult> OnGetAsync()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        var isTwoFactorEnabled = await _userManager.GetTwoFactorEnabledAsync(user);
+        if (!isTwoFactorEnabled)
+        {
+            var userId = await _userManager.GetUserIdAsync(user);
+            throw new InvalidOperationException($"Cannot generate recovery codes for user with ID '{userId}' because they do not have 2FA enabled.");
+        }
+
+        return Page();
+    }
+
+    public async Task<IActionResult> OnPostAsync()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        var isTwoFactorEnabled = await _userManager.GetTwoFactorEnabledAsync(user);
+        var userId = await _userManager.GetUserIdAsync(user);
+        if (!isTwoFactorEnabled)
+        {
+            throw new InvalidOperationException($"Cannot generate recovery codes for user with ID '{userId}' as they do not have 2FA enabled.");
+        }
+
+        var recoveryCodes = await _userManager.GenerateNewTwoFactorRecoveryCodesAsync(user, 10);
+        RecoveryCodes = recoveryCodes!.ToArray();
+
+        _logger.LogInformation("User with ID '{UserId}' has generated new 2FA recovery codes.", userId);
+        StatusMessage = "You have generated new recovery codes.";
+        return RedirectToPage("./ShowRecoveryCodes");
+    }
+}
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Index.cshtml b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Index.cshtml
new file mode 100644
index 0000000..b317056
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Index.cshtml
@@ -0,0 +1,42 @@
+@page
+@model IndexModel
+@using IdentityProvider
+@using IdentityProvider.Areas.Identity
+@using IdentityProvider.Areas.Identity.Pages
+@using IdentityProvider.Areas.Identity.Pages.Account
+@using IdentityProvider.Areas.Identity.Pages.Account.Manage
+@using IdentityProvider.Data
+@using IdentityProvider.Passkeys
+@using Microsoft.AspNetCore.Identity
+@inject UserManager<ApplicationUser> UserManager
+@{
+    ViewData["Title"] = "Profile";
+    ViewData["ActivePage"] = ManageNavPages.Index;
+
+    var user = await UserManager.GetUserAsync(User);
+}
+
+<h3>@ViewData["Title"]</h3>
+<partial name="_StatusMessage" model="Model.StatusMessage" />
+<div class="row">
+    <div class="col-md-6">
+        <form id="profile-form" method="post">
+            <div asp-validation-summary="ModelOnly" class="text-danger"></div>
+
+            <div class="form-group">
+                <label asp-for="Username"></label>
+                <input asp-for="Username" class="form-control" disabled />
+            </div>
+            <div class="form-group">
+                <label asp-for="Input.PhoneNumber"></label>
+                <input asp-for="Input.PhoneNumber" class="form-control" />
+                <span asp-validation-for="Input.PhoneNumber" class="text-danger"></span>
+            </div>
+            <button id="update-profile-button" type="submit" class="btn btn-primary">Save</button>
+        </form>
+    </div>
+</div>
+
+@section Scripts {
+    <partial name="_ValidationScriptsPartial" />
+}
\ No newline at end of file
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Index.cshtml.cs b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Index.cshtml.cs
new file mode 100644
index 0000000..45a164b
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/Index.cshtml.cs
@@ -0,0 +1,91 @@
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+using IdentityProvider.Data;
+using System.ComponentModel.DataAnnotations;
+
+namespace IdentityProvider.Areas.Identity.Pages.Account.Manage;
+
+public partial class IndexModel : PageModel
+{
+    private readonly UserManager<ApplicationUser> _userManager;
+    private readonly SignInManager<ApplicationUser> _signInManager;
+
+    public IndexModel(
+        UserManager<ApplicationUser> userManager,
+        SignInManager<ApplicationUser> signInManager)
+    {
+        _userManager = userManager;
+        _signInManager = signInManager;
+    }
+
+    public string Username { get; set; } = string.Empty;
+
+    [TempData]
+    public string StatusMessage { get; set; } = string.Empty;
+
+    [BindProperty]
+    public InputModel Input { get; set; } = new InputModel();
+
+    public class InputModel
+    {
+        [Phone]
+        [Display(Name = "Phone number")]
+        public string PhoneNumber { get; set; } = string.Empty;
+    }
+
+    private async Task LoadAsync(ApplicationUser user)
+    {
+        var userName = await _userManager.GetUserNameAsync(user);
+        var phoneNumber = await _userManager.GetPhoneNumberAsync(user);
+
+        Username = userName!;
+
+        Input = new InputModel
+        {
+            PhoneNumber = phoneNumber!
+        };
+    }
+
+    public async Task<IActionResult> OnGetAsync()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        await LoadAsync(user);
+        return Page();
+    }
+
+    public async Task<IActionResult> OnPostAsync()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        if (!ModelState.IsValid)
+        {
+            await LoadAsync(user);
+            return Page();
+        }
+
+        var phoneNumber = await _userManager.GetPhoneNumberAsync(user);
+        if (Input.PhoneNumber != phoneNumber)
+        {
+            var setPhoneResult = await _userManager.SetPhoneNumberAsync(user, Input.PhoneNumber);
+            if (!setPhoneResult.Succeeded)
+            {
+                StatusMessage = "Unexpected error when trying to set phone number.";
+                return RedirectToPage();
+            }
+        }
+
+        await _signInManager.RefreshSignInAsync(user);
+        StatusMessage = "Your profile has been updated";
+        return RedirectToPage();
+    }
+}
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ManageNavPages.cs b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ManageNavPages.cs
index a5ed650..7f609f9 100644
--- a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ManageNavPages.cs
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ManageNavPages.cs
@@ -1,126 +1,45 @@
-// Licensed to the .NET Foundation under one or more agreements.
-// The .NET Foundation licenses this file to you under the MIT license.
-#nullable disable
+using Microsoft.AspNetCore.Mvc.Rendering;
 
-using Microsoft.AspNetCore.Mvc.Rendering;
+namespace IdentityProvider.Areas.Identity.Pages.Account.Manage;
 
-namespace OpeniddictServer.Areas.Identity.Pages.Account.Manage
+public static class ManageNavPages
 {
-    /// <summary>
-    ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-    ///     directly from your code. This API may change or be removed in future releases.
-    /// </summary>
-    public static class ManageNavPages
+    public static string Index => "Index";
+
+    public static string Email => "Email";
+
+    public static string ChangePassword => "ChangePassword";
+
+    public static string DownloadPersonalData => "DownloadPersonalData";
+
+    public static string DeletePersonalData => "DeletePersonalData";
+
+    public static string ExternalLogins => "ExternalLogins";
+
+    public static string PersonalData => "PersonalData";
+
+    public static string TwoFactorAuthentication => "TwoFactorAuthentication";
+
+    public static string IndexNavClass(ViewContext viewContext) => PageNavClass(viewContext, Index);
+
+    public static string EmailNavClass(ViewContext viewContext) => PageNavClass(viewContext, Email);
+
+    public static string ChangePasswordNavClass(ViewContext viewContext) => PageNavClass(viewContext, ChangePassword);
+
+    public static string DownloadPersonalDataNavClass(ViewContext viewContext) => PageNavClass(viewContext, DownloadPersonalData);
+
+    public static string DeletePersonalDataNavClass(ViewContext viewContext) => PageNavClass(viewContext, DeletePersonalData);
+
+    public static string ExternalLoginsNavClass(ViewContext viewContext) => PageNavClass(viewContext, ExternalLogins);
+
+    public static string PersonalDataNavClass(ViewContext viewContext) => PageNavClass(viewContext, PersonalData);
+
+    public static string TwoFactorAuthenticationNavClass(ViewContext viewContext) => PageNavClass(viewContext, TwoFactorAuthentication);
+
+    private static string PageNavClass(ViewContext viewContext, string page)
     {
-        /// <summary>
-        ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-        ///     directly from your code. This API may change or be removed in future releases.
-        /// </summary>
-        public static string Index => "Index";
-
-        /// <summary>
-        ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-        ///     directly from your code. This API may change or be removed in future releases.
-        /// </summary>
-        public static string Email => "Email";
-
-        /// <summary>
-        ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-        ///     directly from your code. This API may change or be removed in future releases.
-        /// </summary>
-        public static string ChangePassword => "ChangePassword";
-
-        /// <summary>
-        ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-        ///     directly from your code. This API may change or be removed in future releases.
-        /// </summary>
-        public static string DownloadPersonalData => "DownloadPersonalData";
-
-        /// <summary>
-        ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-        ///     directly from your code. This API may change or be removed in future releases.
-        /// </summary>
-        public static string DeletePersonalData => "DeletePersonalData";
-
-        /// <summary>
-        ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-        ///     directly from your code. This API may change or be removed in future releases.
-        /// </summary>
-        public static string ExternalLogins => "ExternalLogins";
-
-        /// <summary>
-        ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-        ///     directly from your code. This API may change or be removed in future releases.
-        /// </summary>
-        public static string PersonalData => "PersonalData";
-
-        /// <summary>
-        ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-        ///     directly from your code. This API may change or be removed in future releases.
-        /// </summary>
-        public static string TwoFactorAuthentication => "TwoFactorAuthentication";
-
-        public static string Fido2Mfa => "Fido2Mfa";
-
-        /// <summary>
-        ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-        ///     directly from your code. This API may change or be removed in future releases.
-        /// </summary>
-        public static string IndexNavClass(ViewContext viewContext) => PageNavClass(viewContext, Index);
-
-        /// <summary>
-        ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-        ///     directly from your code. This API may change or be removed in future releases.
-        /// </summary>
-        public static string EmailNavClass(ViewContext viewContext) => PageNavClass(viewContext, Email);
-
-        /// <summary>
-        ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-        ///     directly from your code. This API may change or be removed in future releases.
-        /// </summary>
-        public static string ChangePasswordNavClass(ViewContext viewContext) => PageNavClass(viewContext, ChangePassword);
-
-        /// <summary>
-        ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-        ///     directly from your code. This API may change or be removed in future releases.
-        /// </summary>
-        public static string DownloadPersonalDataNavClass(ViewContext viewContext) => PageNavClass(viewContext, DownloadPersonalData);
-
-        /// <summary>
-        ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-        ///     directly from your code. This API may change or be removed in future releases.
-        /// </summary>
-        public static string DeletePersonalDataNavClass(ViewContext viewContext) => PageNavClass(viewContext, DeletePersonalData);
-
-        /// <summary>
-        ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-        ///     directly from your code. This API may change or be removed in future releases.
-        /// </summary>
-        public static string ExternalLoginsNavClass(ViewContext viewContext) => PageNavClass(viewContext, ExternalLogins);
-
-        /// <summary>
-        ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-        ///     directly from your code. This API may change or be removed in future releases.
-        /// </summary>
-        public static string PersonalDataNavClass(ViewContext viewContext) => PageNavClass(viewContext, PersonalData);
-
-        /// <summary>
-        ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-        ///     directly from your code. This API may change or be removed in future releases.
-        /// </summary>
-        public static string TwoFactorAuthenticationNavClass(ViewContext viewContext) => PageNavClass(viewContext, TwoFactorAuthentication);
-
-        public static string Fido2MfaNavClass(ViewContext viewContext) => PageNavClass(viewContext, Fido2Mfa);
-
-        /// <summary>
-        ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-        ///     directly from your code. This API may change or be removed in future releases.
-        /// </summary>
-        public static string PageNavClass(ViewContext viewContext, string page)
-        {
-            var activePage = viewContext.ViewData["ActivePage"] as string
-                ?? System.IO.Path.GetFileNameWithoutExtension(viewContext.ActionDescriptor.DisplayName);
-            return string.Equals(activePage, page, StringComparison.OrdinalIgnoreCase) ? "active" : null;
-        }
+        var activePage = viewContext.ViewData["ActivePage"] as string
+            ?? System.IO.Path.GetFileNameWithoutExtension(viewContext.ActionDescriptor.DisplayName);
+        return string.Equals(activePage, page, StringComparison.OrdinalIgnoreCase) ? "active" : string.Empty;
     }
 }
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/PersonalData.cshtml b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/PersonalData.cshtml
new file mode 100644
index 0000000..4de320c
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/PersonalData.cshtml
@@ -0,0 +1,27 @@
+@page
+@model PersonalDataModel
+@{
+    ViewData["Title"] = "Personal Data";
+    ViewData["ActivePage"] = ManageNavPages.PersonalData;
+}
+
+<h3>@ViewData["Title"]</h3>
+
+<div class="row">
+    <div class="col-md-6">
+        <p>Your account contains personal data that you have given us. This page allows you to download or delete that data.</p>
+        <p>
+            <strong>Deleting this data will permanently remove your account, and this cannot be recovered.</strong>
+        </p>
+        <form id="download-data" asp-page="DownloadPersonalData" method="post" class="form-group">
+            <button class="btn btn-primary" type="submit">Download</button>
+        </form>
+        <p>
+            <a id="delete" role="button" asp-page="DeletePersonalData" class="btn btn-secondary">Delete</a>
+        </p>
+    </div>
+</div>
+
+@section Scripts {
+    <partial name="_ValidationScriptsPartial" />
+}
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/PersonalData.cshtml.cs b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/PersonalData.cshtml.cs
new file mode 100644
index 0000000..9eb8473
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/PersonalData.cshtml.cs
@@ -0,0 +1,31 @@
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+using IdentityProvider.Data;
+
+namespace IdentityProvider.Areas.Identity.Pages.Account.Manage;
+
+public class PersonalDataModel : PageModel
+{
+    private readonly UserManager<ApplicationUser> _userManager;
+    private readonly ILogger<PersonalDataModel> _logger;
+
+    public PersonalDataModel(
+        UserManager<ApplicationUser> userManager,
+        ILogger<PersonalDataModel> logger)
+    {
+        _userManager = userManager;
+        _logger = logger;
+    }
+
+    public async Task<IActionResult> OnGet()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        return Page();
+    }
+}
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ResetAuthenticator.cshtml b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ResetAuthenticator.cshtml
new file mode 100644
index 0000000..081c824
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ResetAuthenticator.cshtml
@@ -0,0 +1,24 @@
+@page
+@model ResetAuthenticatorModel
+@{
+    ViewData["Title"] = "Reset authenticator key";
+    ViewData["ActivePage"] = ManageNavPages.TwoFactorAuthentication;
+}
+
+<partial name="_StatusMessage" for="StatusMessage" />
+<h4>@ViewData["Title"]</h4>
+<div class="alert alert-warning" role="alert">
+    <p>
+        <span class="glyphicon glyphicon-warning-sign"></span>
+        <strong>If you reset your authenticator key your authenticator app will not work until you reconfigure it.</strong>
+    </p>
+    <p>
+        This process disables 2FA until you verify your authenticator app.
+        If you do not complete your authenticator app configuration you may lose access to your account.
+    </p>
+</div>
+<div>
+    <form id="reset-authenticator-form" method="post" class="form-group">
+        <button id="reset-authenticator-button" class="btn btn-danger" type="submit">Reset authenticator key</button>
+    </form>
+</div>
\ No newline at end of file
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ResetAuthenticator.cshtml.cs b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ResetAuthenticator.cshtml.cs
new file mode 100644
index 0000000..c69df3a
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ResetAuthenticator.cshtml.cs
@@ -0,0 +1,55 @@
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+using IdentityProvider.Data;
+
+namespace IdentityProvider.Areas.Identity.Pages.Account.Manage;
+
+public class ResetAuthenticatorModel : PageModel
+{
+    UserManager<ApplicationUser> _userManager;
+    private readonly SignInManager<ApplicationUser> _signInManager;
+    ILogger<ResetAuthenticatorModel> _logger;
+
+    public ResetAuthenticatorModel(
+        UserManager<ApplicationUser> userManager,
+        SignInManager<ApplicationUser> signInManager,
+        ILogger<ResetAuthenticatorModel> logger)
+    {
+        _userManager = userManager;
+        _signInManager = signInManager;
+        _logger = logger;
+    }
+
+    [TempData]
+    public string StatusMessage { get; set; } = string.Empty;
+
+    public async Task<IActionResult> OnGet()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        return Page();
+    }
+
+    public async Task<IActionResult> OnPostAsync()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        await _userManager.SetTwoFactorEnabledAsync(user, false);
+        await _userManager.ResetAuthenticatorKeyAsync(user);
+        _logger.LogInformation("User with ID '{UserId}' has reset their authentication app key.", user.Id);
+
+        await _signInManager.RefreshSignInAsync(user);
+        StatusMessage = "Your authenticator app key has been reset, you will need to configure your authenticator app using the new key.";
+
+        return RedirectToPage("./EnableAuthenticator");
+    }
+}
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/SetPassword.cshtml b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/SetPassword.cshtml
new file mode 100644
index 0000000..aa8433a
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/SetPassword.cshtml
@@ -0,0 +1,35 @@
+@page
+@model SetPasswordModel
+@{
+    ViewData["Title"] = "Set password";
+    ViewData["ActivePage"] = ManageNavPages.ChangePassword;
+}
+
+<h3>Set your password</h3>
+<partial name="_StatusMessage" for="StatusMessage" />
+<p class="text-info">
+    You do not have a local username/password for this site. Add a local
+    account so you can log in without an external login.
+</p>
+<div class="row">
+    <div class="col-md-6">
+        <form id="set-password-form" method="post">
+            <div asp-validation-summary="ModelOnly" class="text-danger"></div>
+            <div class="form-group">
+                <label asp-for="Input.NewPassword"></label>
+                <input asp-for="Input.NewPassword" class="form-control" />
+                <span asp-validation-for="Input.NewPassword" class="text-danger"></span>
+            </div>
+            <div class="form-group">
+                <label asp-for="Input.ConfirmPassword"></label>
+                <input asp-for="Input.ConfirmPassword" class="form-control" />
+                <span asp-validation-for="Input.ConfirmPassword" class="text-danger"></span>
+            </div>
+            <button type="submit" class="btn btn-primary">Set password</button>
+        </form>
+    </div>
+</div>
+
+@section Scripts {
+    <partial name="_ValidationScriptsPartial" />
+}
\ No newline at end of file
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/SetPassword.cshtml.cs b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/SetPassword.cshtml.cs
new file mode 100644
index 0000000..17f0219
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/SetPassword.cshtml.cs
@@ -0,0 +1,88 @@
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+using IdentityProvider.Data;
+using System.ComponentModel.DataAnnotations;
+
+namespace IdentityProvider.Areas.Identity.Pages.Account.Manage;
+
+public class SetPasswordModel : PageModel
+{
+    private readonly UserManager<ApplicationUser> _userManager;
+    private readonly SignInManager<ApplicationUser> _signInManager;
+
+    public SetPasswordModel(
+        UserManager<ApplicationUser> userManager,
+        SignInManager<ApplicationUser> signInManager)
+    {
+        _userManager = userManager;
+        _signInManager = signInManager;
+    }
+
+    [BindProperty]
+    public InputModel Input { get; set; } = new InputModel();
+
+    [TempData]
+    public string StatusMessage { get; set; } = string.Empty;
+
+    public class InputModel
+    {
+        [Required]
+        [StringLength(100, ErrorMessage = "The {0} must be at least {2} and at max {1} characters long.", MinimumLength = 6)]
+        [DataType(DataType.Password)]
+        [Display(Name = "New password")]
+        public string NewPassword { get; set; } = string.Empty;
+
+        [DataType(DataType.Password)]
+        [Display(Name = "Confirm new password")]
+        [Compare("NewPassword", ErrorMessage = "The new password and confirmation password do not match.")]
+        public string ConfirmPassword { get; set; } = string.Empty;
+    }
+
+    public async Task<IActionResult> OnGetAsync()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        var hasPassword = await _userManager.HasPasswordAsync(user);
+
+        if (hasPassword)
+        {
+            return RedirectToPage("./ChangePassword");
+        }
+
+        return Page();
+    }
+
+    public async Task<IActionResult> OnPostAsync()
+    {
+        if (!ModelState.IsValid)
+        {
+            return Page();
+        }
+
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        var addPasswordResult = await _userManager.AddPasswordAsync(user, Input.NewPassword);
+        if (!addPasswordResult.Succeeded)
+        {
+            foreach (var error in addPasswordResult.Errors)
+            {
+                ModelState.AddModelError(string.Empty, error.Description);
+            }
+            return Page();
+        }
+
+        await _signInManager.RefreshSignInAsync(user);
+        StatusMessage = "Your password has been set.";
+
+        return RedirectToPage();
+    }
+}
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml
new file mode 100644
index 0000000..c13a2fb
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml
@@ -0,0 +1,25 @@
+@page
+@model ShowRecoveryCodesModel
+@{
+    ViewData["Title"] = "Recovery codes";
+    ViewData["ActivePage"] = "TwoFactorAuthentication";
+}
+
+<partial name="_StatusMessage" for="StatusMessage" />
+<h3>@ViewData["Title"]</h3>
+<div class="alert alert-warning" role="alert">
+    <p>
+        <strong>Put these codes in a safe place.</strong>
+    </p>
+    <p>
+        If you lose your device and don't have the recovery codes you will lose access to your account.
+    </p>
+</div>
+<div class="row">
+    <div class="col-md-12">
+        @for (var row = 0; row < Model.RecoveryCodes.Length; row += 2)
+        {
+            <code class="recovery-code">@Model.RecoveryCodes[row]</code><text>&nbsp;</text><code class="recovery-code">@Model.RecoveryCodes[row + 1]</code><br />
+        }
+    </div>
+</div>
\ No newline at end of file
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml.cs b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml.cs
new file mode 100644
index 0000000..201e06d
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/ShowRecoveryCodes.cshtml.cs
@@ -0,0 +1,23 @@
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+
+namespace IdentityProvider.Areas.Identity.Pages.Account.Manage;
+
+public class ShowRecoveryCodesModel : PageModel
+{
+    [TempData]
+    public string[] RecoveryCodes { get; set; } = [];
+
+    [TempData]
+    public string StatusMessage { get; set; } = string.Empty;
+
+    public IActionResult OnGet()
+    {
+        if (RecoveryCodes == null || RecoveryCodes.Length == 0)
+        {
+            return RedirectToPage("./TwoFactorAuthentication");
+        }
+
+        return Page();
+    }
+}
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/TwoFactorAuthentication.cshtml b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/TwoFactorAuthentication.cshtml
index 9ceade8..83dacef 100644
--- a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/TwoFactorAuthentication.cshtml
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/TwoFactorAuthentication.cshtml
@@ -1,5 +1,4 @@
 @page
-@using Microsoft.AspNetCore.Http.Features
 @model TwoFactorAuthenticationModel
 @{
     ViewData["Title"] = "Two-factor authentication (2FA)";
@@ -8,67 +7,53 @@
 
 <partial name="_StatusMessage" for="StatusMessage" />
 <h3>@ViewData["Title"]</h3>
-@{
-    var consentFeature = HttpContext.Features.Get<ITrackingConsentFeature>();
-    @if (consentFeature?.CanTrack ?? true)
+@if (Model.Is2faEnabled)
+{
+    if (Model.RecoveryCodesLeft == 0)
     {
-        @if (Model.Is2faEnabled)
-        {
-            if (Model.RecoveryCodesLeft == 0)
-            {
-                <div class="alert alert-danger">
-                    <strong>You have no recovery codes left.</strong>
-                    <p>You must <a asp-page="./GenerateRecoveryCodes">generate a new set of recovery codes</a> before you can log in with a recovery code.</p>
-                </div>
-            }
-            else if (Model.RecoveryCodesLeft == 1)
-            {
-                <div class="alert alert-danger">
-                    <strong>You have 1 recovery code left.</strong>
-                    <p>You can <a asp-page="./GenerateRecoveryCodes">generate a new set of recovery codes</a>.</p>
-                </div>
-            }
-            else if (Model.RecoveryCodesLeft <= 3)
-            {
-                <div class="alert alert-warning">
-                    <strong>You have @Model.RecoveryCodesLeft recovery codes left.</strong>
-                    <p>You should <a asp-page="./GenerateRecoveryCodes">generate a new set of recovery codes</a>.</p>
-                </div>
-            }
-
-            if (Model.IsMachineRemembered)
-            {
-                <form method="post" style="display: inline-block">
-                    <button type="submit" class="btn btn-primary">Forget this browser</button>
-                </form>
-            }
-            <a asp-page="./Disable2fa" class="btn btn-primary">Disable 2FA</a>
-            <a asp-page="./GenerateRecoveryCodes" class="btn btn-primary">Reset recovery codes</a>
-        }
-
-        <h4>Authenticator app</h4>
-        @if (!Model.HasAuthenticator)
-        {
-            <a id="enable-authenticator" asp-page="./EnableAuthenticator" class="btn btn-primary">Add authenticator app</a>
-        }
-        else
-        {
-            <a id="enable-authenticator" asp-page="./EnableAuthenticator" class="btn btn-primary">Set up authenticator app</a>
-            <a id="reset-authenticator" asp-page="./ResetAuthenticator" class="btn btn-primary">Reset authenticator app</a>
-        }
+        <div class="alert alert-danger">
+            <strong>You have no recovery codes left.</strong>
+            <p>You must <a asp-page="/Account/Manage/GenerateRecoveryCodes">generate a new set of recovery codes</a> before you can log in with a recovery code.</p>
+        </div>
     }
-    else
+    else if (Model.RecoveryCodesLeft == 1)
     {
         <div class="alert alert-danger">
-            <strong>Privacy and cookie policy have not been accepted.</strong>
-            <p>You must accept the policy before you can enable two factor authentication.</p>
+            <strong>You have 1 recovery code left.</strong>
+            <p>You can <a asp-page="/Account/Manage/GenerateRecoveryCodes">generate a new set of recovery codes</a>.</p>
+        </div>
+    }
+    else if (Model.RecoveryCodesLeft <= 3)
+    {
+        <div class="alert alert-warning">
+            <strong>You have @Model.RecoveryCodesLeft recovery codes left.</strong>
+            <p>You should <a asp-page="/Account/Manage/GenerateRecoveryCodes">generate a new set of recovery codes</a>.</p>
         </div>
     }
+
+    if (Model.IsMachineRemembered)
+    {
+        <form method="post" style="display: inline-block">
+            <button type="submit" class="btn btn-primary">Forget this browser</button>
+        </form>
+    }
+    <a asp-page="/Account/Manage/Disable2fa" class="btn btn-primary">Disable 2FA</a>
+    <a asp-page="/Account/Manage/GenerateRecoveryCodes" class="btn btn-primary">Reset recovery codes</a>
 }
 
-<a id="enable-fido2mfa" asp-page="./Fido2Mfa" class="btn btn-primary">Add Fido2 MFA</a>
+<h4>Authenticator app</h4>
+@if (!Model.HasAuthenticator)
+{
+    <a id="enable-authenticator" asp-page="/Account/Manage/EnableAuthenticator" class="btn btn-primary">Add authenticator app</a>
+}
+else
+{
+    <a id="enable-authenticator" asp-page="/Account/Manage/EnableAuthenticator" class="btn btn-primary">Setup authenticator app</a>
+    <a id="reset-authenticator" asp-page="/Account/Manage/ResetAuthenticator" class="btn btn-primary">Reset authenticator app</a>
+}
+
+<a asp-page="/Account/Passkeys" class="btn btn-primary">Setup passkeys</a>
 
 @section Scripts {
-    <script src="~/lib/jquery-validation/dist/jquery.validate.min.js"></script>
-    <script src="~/lib/jquery-validation-unobtrusive/dist/jquery.validate.unobtrusive.min.js"></script>
-}
+    <partial name="_ValidationScriptsPartial" />
+}
\ No newline at end of file
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/TwoFactorAuthentication.cshtml.cs b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/TwoFactorAuthentication.cshtml.cs
index c1a7fe6..91c3022 100644
--- a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/TwoFactorAuthentication.cshtml.cs
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/TwoFactorAuthentication.cshtml.cs
@@ -1,85 +1,66 @@
-// Licensed to the .NET Foundation under one or more agreements.
-// The .NET Foundation licenses this file to you under the MIT license.
-#nullable disable
-
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.RazorPages;
-using OpeniddictServer.Data;
+using IdentityProvider.Data;
+
+namespace IdentityProvider.Areas.Identity.Pages.Account.Manage;
 
-namespace OpeniddictServer.Areas.Identity.Pages.Account.Manage
+public class TwoFactorAuthenticationModel : PageModel
 {
-    public class TwoFactorAuthenticationModel : PageModel
-    {
-        private readonly UserManager<ApplicationUser> _userManager;
-        private readonly SignInManager<ApplicationUser> _signInManager;
+    private const string AuthenicatorUriFormat = "otpauth://totp/{0}:{1}?secret={2}&issuer={0}";
 
-        public TwoFactorAuthenticationModel(
-            UserManager<ApplicationUser> userManager, SignInManager<ApplicationUser> signInManager)
-        {
-            _userManager = userManager;
-            _signInManager = signInManager;
-        }
+    private readonly UserManager<ApplicationUser> _userManager;
+    private readonly SignInManager<ApplicationUser> _signInManager;
+    private readonly ILogger<TwoFactorAuthenticationModel> _logger;
+
+    public TwoFactorAuthenticationModel(
+        UserManager<ApplicationUser> userManager,
+        SignInManager<ApplicationUser> signInManager,
+        ILogger<TwoFactorAuthenticationModel> logger)
+    {
+        _userManager = userManager;
+        _signInManager = signInManager;
+        _logger = logger;
+    }
 
-        /// <summary>
-        ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-        ///     directly from your code. This API may change or be removed in future releases.
-        /// </summary>
-        public bool HasAuthenticator { get; set; }
+    public bool HasAuthenticator { get; set; }
 
-        /// <summary>
-        ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-        ///     directly from your code. This API may change or be removed in future releases.
-        /// </summary>
-        public int RecoveryCodesLeft { get; set; }
+    public int RecoveryCodesLeft { get; set; }
 
-        /// <summary>
-        ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-        ///     directly from your code. This API may change or be removed in future releases.
-        /// </summary>
-        [BindProperty]
-        public bool Is2faEnabled { get; set; }
+    [BindProperty]
+    public bool Is2faEnabled { get; set; }
 
-        /// <summary>
-        ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-        ///     directly from your code. This API may change or be removed in future releases.
-        /// </summary>
-        public bool IsMachineRemembered { get; set; }
+    public bool IsMachineRemembered { get; set; }
 
-        /// <summary>
-        ///     This API supports the ASP.NET Core Identity default UI infrastructure and is not intended to be used
-        ///     directly from your code. This API may change or be removed in future releases.
-        /// </summary>
-        [TempData]
-        public string StatusMessage { get; set; }
+    [TempData]
+    public string StatusMessage { get; set; } = string.Empty;
 
-        public async Task<IActionResult> OnGetAsync()
+    public async Task<IActionResult> OnGet()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
         {
-            var user = await _userManager.GetUserAsync(User);
-            if (user == null)
-            {
-                return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
-            }
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
 
-            HasAuthenticator = await _userManager.GetAuthenticatorKeyAsync(user) != null;
-            Is2faEnabled = await _userManager.GetTwoFactorEnabledAsync(user);
-            IsMachineRemembered = await _signInManager.IsTwoFactorClientRememberedAsync(user);
-            RecoveryCodesLeft = await _userManager.CountRecoveryCodesAsync(user);
+        HasAuthenticator = await _userManager.GetAuthenticatorKeyAsync(user) != null;
+        Is2faEnabled = await _userManager.GetTwoFactorEnabledAsync(user);
+        IsMachineRemembered = await _signInManager.IsTwoFactorClientRememberedAsync(user);
+        RecoveryCodesLeft = await _userManager.CountRecoveryCodesAsync(user);
 
-            return Page();
-        }
+        return Page();
+    }
 
-        public async Task<IActionResult> OnPostAsync()
+    public async Task<IActionResult> OnPost()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
         {
-            var user = await _userManager.GetUserAsync(User);
-            if (user == null)
-            {
-                return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
-            }
-
-            await _signInManager.ForgetTwoFactorClientAsync();
-            StatusMessage = "The current browser has been forgotten. When you login again from this browser you will be prompted for your 2fa code.";
-            return RedirectToPage();
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
         }
+
+        await _signInManager.ForgetTwoFactorClientAsync();
+        StatusMessage = "The current browser has been forgotten. When you login again from this browser you will be prompted for your 2fa code.";
+        return RedirectToPage();
     }
 }
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/_ManageNav.cshtml b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/_ManageNav.cshtml
index d58ebc4..e2f2f67 100644
--- a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/_ManageNav.cshtml
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/_ManageNav.cshtml
@@ -1,15 +1,34 @@
-@inject SignInManager<ApplicationUser> SignInManager
+@using IdentityProvider
+@using IdentityProvider.Areas.Identity
+@using IdentityProvider.Areas.Identity.Pages
+@using IdentityProvider.Areas.Identity.Pages.Account
+@using IdentityProvider.Areas.Identity.Pages.Account.Manage
+@using IdentityProvider.Data
+@using IdentityProvider.Passkeys
+@using Microsoft.AspNetCore.Identity
+@inject SignInManager<ApplicationUser> SignInManager
+@inject UserManager<ApplicationUser> UserManager
 @{
     var hasExternalLogins = (await SignInManager.GetExternalAuthenticationSchemesAsync()).Any();
+    var user = await UserManager.GetUserAsync(User);
+    var notEntraIDUserWithNoPassword = await UserManager.HasPasswordAsync(user!);
 }
 <ul class="nav nav-pills flex-column">
-    <li class="nav-item"><a class="nav-link @ManageNavPages.IndexNavClass(ViewContext)" id="profile" asp-page="./Index">Profile</a></li>
-    <li class="nav-item"><a class="nav-link @ManageNavPages.EmailNavClass(ViewContext)" id="email" asp-page="./Email">Email</a></li>
-    <li class="nav-item"><a class="nav-link @ManageNavPages.ChangePasswordNavClass(ViewContext)" id="change-password" asp-page="./ChangePassword">Password</a></li>
-    @if (hasExternalLogins)
+    <li class="nav-item"><a class="nav-link @ManageNavPages.IndexNavClass(ViewContext)" id="profile" asp-page="/Account/Manage/Index">Profile</a></li>
+    @if (notEntraIDUserWithNoPassword)
     {
-        <li id="external-logins" class="nav-item"><a id="external-login" class="nav-link @ManageNavPages.ExternalLoginsNavClass(ViewContext)" asp-page="./ExternalLogins">External logins</a></li>
+        <li class="nav-item"><a class="nav-link @ManageNavPages.EmailNavClass(ViewContext)" id="email" asp-page="/Account/Manage/Email">Email</a></li>
+        <li class="nav-item"><a class="nav-link @ManageNavPages.ChangePasswordNavClass(ViewContext)" id="change-password" asp-page="/Account/Manage/ChangePassword">Password</a></li>
     }
-    <li class="nav-item"><a class="nav-link @ManageNavPages.TwoFactorAuthenticationNavClass(ViewContext)" id="two-factor" asp-page="./TwoFactorAuthentication">Two-factor authentication</a></li>
-    <li class="nav-item"><a class="nav-link @ManageNavPages.PersonalDataNavClass(ViewContext)" id="personal-data" asp-page="./PersonalData">Personal data</a></li>
+    @*  @if (hasExternalLogins) *@
+    @if (!notEntraIDUserWithNoPassword) // Add logic to allow update of users to Entra ID
+    {
+        <li id="external-logins" class="nav-item"><a id="external-login" class="nav-link @ManageNavPages.ExternalLoginsNavClass(ViewContext)" asp-page="/Account/Manage/ExternalLogins">External logins</a></li>
+    }
+    @if (notEntraIDUserWithNoPassword)
+    {
+        <li class="nav-item"><a class="nav-link @ManageNavPages.TwoFactorAuthenticationNavClass(ViewContext)" id="two-factor" asp-page="/Account/Manage/TwoFactorAuthentication">Two-factor authentication</a></li>
+    }
+
+    <li class="nav-item"><a class="nav-link @ManageNavPages.PersonalDataNavClass(ViewContext)" id="personal-data" asp-page="/Account/Manage/PersonalData">Personal data</a></li>
 </ul>
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/_StatusMessage.cshtml b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/_StatusMessage.cshtml
new file mode 100644
index 0000000..208a424
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/_StatusMessage.cshtml
@@ -0,0 +1,10 @@
+@model string
+
+@if (!String.IsNullOrEmpty(Model))
+{
+    var statusMessageClass = Model.StartsWith("Error") ? "danger" : "success";
+    <div class="alert alert-@statusMessageClass alert-dismissible" role="alert">
+        <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>
+        @Model
+    </div>
+}
\ No newline at end of file
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/_ViewImports.cshtml b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/_ViewImports.cshtml
index cb8f362..646fd85 100644
--- a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/_ViewImports.cshtml
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Manage/_ViewImports.cshtml
@@ -1 +1,7 @@
-@using OpeniddictServer.Areas.Identity.Pages.Account.Manage
+@using IdentityProvider
+@using IdentityProvider.Areas.Identity
+@using IdentityProvider.Areas.Identity.Pages
+@using IdentityProvider.Areas.Identity.Pages.Account
+@using IdentityProvider.Areas.Identity.Pages.Account.Manage
+@using IdentityProvider.Data
+@using IdentityProvider.Passkeys
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Passkeys.cshtml b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Passkeys.cshtml
new file mode 100644
index 0000000..d500546
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Passkeys.cshtml
@@ -0,0 +1,49 @@
+@page
+@using System.Buffers.Text
+@using IdentityProvider
+@using IdentityProvider.Areas.Identity
+@using IdentityProvider.Areas.Identity.Pages
+@using IdentityProvider.Areas.Identity.Pages.Account
+@using IdentityProvider.Data
+@using IdentityProvider.Passkeys
+@model IdentityProvider.Areas.Identity.Pages.Account.PasskeysModel
+@{
+    ViewData["Title"] = "Manage your passkeys";
+}
+
+<partial name="_StatusMessage" for="StatusMessage" />
+<h3>@ViewData["Title"]</h3>
+
+@if (Model.CurrentPasskeys?.Count > 0)
+{
+        <table class="table">
+        <tbody>
+        @foreach (var passkey in Model.CurrentPasskeys)
+        {
+            var credentialId = Base64Url.EncodeToString(passkey.CredentialId);
+            <tr>
+                <td class="align-middle">@(passkey.Name ?? "Unnamed passkey")</td>
+                <td class="align-middle">
+                    <form asp-page-handler="UpdatePasskey" method="post">
+                        <input type="hidden" name="Input.CredentialId" value="@credentialId"/>
+                        <button type="submit" name="Input.Action" value="rename" class="btn btn-primary" title="Rename this passkey">Rename</button>
+                        <button type="submit" name="Input.Action" value="delete" class="btn btn-danger" title="Remove this passkey from your account">Remove</button>
+                    </form>
+                </td>
+            </tr>
+        }
+        </tbody>
+        </table>
+}
+else
+{
+    <p>No passkeys are registered.</p>
+}
+
+<form asp-page-handler="AddPasskey" method="post" class="mt-2">
+    <passkey-submit operation="@PasskeyOperation.Create" name="Input.Passkey" class="btn btn-primary">Add a new passkey</passkey-submit>
+</form>
+
+@section Scripts {
+    <script src="~/js/passkey-submit.js" asp-append-version="true"></script>
+}
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Passkeys.cshtml.cs b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Passkeys.cshtml.cs
new file mode 100644
index 0000000..44a29d9
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/Passkeys.cshtml.cs
@@ -0,0 +1,140 @@
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+using IdentityProvider.Data;
+using System.Buffers.Text;
+using System.Diagnostics.CodeAnalysis;
+
+namespace IdentityProvider.Areas.Identity.Pages.Account;
+
+public class PasskeysModel : PageModel
+{
+    private readonly UserManager<ApplicationUser> _userManager;
+    private readonly SignInManager<ApplicationUser> _signInManager;
+
+    public PasskeysModel(
+        UserManager<ApplicationUser> userManager,
+        SignInManager<ApplicationUser> signInManager)
+    {
+        _userManager = userManager;
+        _signInManager = signInManager;
+    }
+
+    public IList<UserPasskeyInfo> CurrentPasskeys { get; set; }
+
+    [BindProperty]
+    public InputModel? Input { get; set; }
+
+    public class InputModel
+    {
+        public string? CredentialId { get; set; }
+
+        public string? Action { get; set; }
+
+        public PasskeyInputModel? Passkey { get; set; }
+    }
+
+    [TempData]
+    public string StatusMessage { get; set; }
+
+    public async Task<IActionResult> OnGetAsync()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        CurrentPasskeys = await _userManager.GetPasskeysAsync(user);
+        return Page();
+    }
+
+    public async Task<IActionResult> OnPostUpdatePasskeyAsync()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        if (string.IsNullOrEmpty(Input?.CredentialId))
+        {
+            StatusMessage = "Could not find the passkey.";
+            return RedirectToPage();
+        }
+
+        byte[] credentialId;
+        try
+        {
+            credentialId = Base64Url.DecodeFromChars(Input.CredentialId);
+        }
+        catch (FormatException)
+        {
+            StatusMessage = "The specified passkey ID had an invalid format.";
+            return RedirectToPage();
+        }
+
+        switch (Input?.Action)
+        {
+            case "rename":
+                return RedirectToPage("./RenamePasskey", new { id = Input.CredentialId });
+            case "delete":
+                return await DeletePasskey(user, credentialId);
+            default:
+                StatusMessage = "Unknown action.";
+                return RedirectToPage();
+        }
+    }
+
+    private async Task<IActionResult> DeletePasskey([NotNull] ApplicationUser user, byte[] credentialId)
+    {
+        var result = await _userManager.RemovePasskeyAsync(user, credentialId);
+        if (!result.Succeeded)
+        {
+            var userId = await _userManager.GetUserIdAsync(user);
+            throw new InvalidOperationException($"Unexpected error occurred removing passkey for user with ID '{userId}'.");
+        }
+
+        StatusMessage = "The passkey was removed.";
+        return RedirectToPage();
+    }
+
+    public async Task<IActionResult> OnPostAddPasskeyAsync()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        if (!string.IsNullOrEmpty(Input?.Passkey?.Error))
+        {
+            StatusMessage = $"Could not add a passkey: {Input.Passkey.Error}";
+            return RedirectToPage();
+        }
+
+        if (string.IsNullOrEmpty(Input?.Passkey?.CredentialJson))
+        {
+            StatusMessage = "The browser did not provide a passkey.";
+            return RedirectToPage();
+        }
+
+        var attestationResult = await _signInManager.PerformPasskeyAttestationAsync(Input.Passkey.CredentialJson);
+        if (!attestationResult.Succeeded)
+        {
+            StatusMessage = $"Could not add the passkey: {attestationResult.Failure.Message}.";
+            return RedirectToPage();
+        }
+
+        var setPasskeyResult = await _userManager.AddOrUpdatePasskeyAsync(user, attestationResult.Passkey);
+        if (!setPasskeyResult.Succeeded)
+        {
+            StatusMessage = "The passkey could not be added to your account.";
+            return RedirectToPage();
+        }
+
+        // Immediately prompt the user to enter a name for the credential
+        StatusMessage = "The passkey was added to your account. You can now use it to sign in. Give it an easy to remember name.";
+        return RedirectToPage("./RenamePasskey", new { id = Base64Url.EncodeToString(attestationResult.Passkey.CredentialId) });
+    }
+}
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/RenamePasskey.cshtml b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/RenamePasskey.cshtml
new file mode 100644
index 0000000..f32534b
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/RenamePasskey.cshtml
@@ -0,0 +1,34 @@
+@page
+@model IdentityProvider.Areas.Identity.Pages.Account.RenamePasskeyModel
+@{
+    ViewData["Title"] = "Rename passkey";
+}
+
+<partial name="_StatusMessage" for="StatusMessage" />
+
+@if (Model.Input?.Name is { } name)
+{
+    <h4>Enter a new name for your "@name" passkey</h4>
+}
+else
+{
+    <h4>Enter a name for your passkey</h4>
+}
+
+<form method="post">
+    <input asp-for="Input.CredentialId" type="hidden" />
+    <div class="mb-3">
+        <label asp-for="Input.Name" autocomplete="none" autofocus></label>
+        <input asp-for="Input.Name" class="form-control"/>
+        <span asp-validation-for="Input.Name" class="text-danger"></span>
+    </div>
+    <div>
+        <button type="submit" class="btn btn-primary">Rename</button>
+    </div>
+</form>
+
+@section Scripts {
+    <script>
+        $('#Input_Name').focus();
+    </script>
+}
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/RenamePasskey.cshtml.cs b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/RenamePasskey.cshtml.cs
new file mode 100644
index 0000000..af7b7d1
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/RenamePasskey.cshtml.cs
@@ -0,0 +1,115 @@
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.RazorPages;
+using Microsoft.EntityFrameworkCore;
+using IdentityProvider.Data;
+using System.Buffers.Text;
+
+namespace IdentityProvider.Areas.Identity.Pages.Account;
+
+public class RenamePasskeyModel : PageModel
+{
+    private readonly UserManager<ApplicationUser> _userManager;
+    private readonly ApplicationDbContext _dbContext;
+
+    public RenamePasskeyModel(
+        UserManager<ApplicationUser> userManager,
+        ApplicationDbContext dbContext)
+    {
+        _userManager = userManager;
+        _dbContext = dbContext;
+    }
+
+    [BindProperty] public InputModel? Input { get; set; }
+
+    public class InputModel
+    {
+        public string? CredentialId { get; set; }
+
+        public string? Name { get; set; }
+    }
+
+    [TempData]
+    public string StatusMessage { get; set; }
+
+    public async Task<IActionResult> OnGetAsync(string id)
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        byte[] credentialId;
+        try
+        {
+            credentialId = Base64Url.DecodeFromChars(id);
+        }
+        catch (FormatException)
+        {
+            StatusMessage = "The specified passkey ID had an invalid format.";
+            return RedirectToPage("./Passkeys");
+        }
+
+        var passkey = await _userManager.GetPasskeyAsync(user, credentialId);
+        if (passkey == null)
+        {
+            return NotFound($"Unable to load passkey ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        Input = new InputModel
+        {
+            CredentialId = id,
+            Name = passkey.Name
+        };
+
+        return Page();
+    }
+
+    public async Task<IActionResult> OnPostAsync()
+    {
+        var user = await _userManager.GetUserAsync(User);
+        if (user == null)
+        {
+            return NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        byte[] credentialId;
+        try
+        {
+            credentialId = Base64Url.DecodeFromChars(Input?.CredentialId);
+        }
+        catch (FormatException)
+        {
+            StatusMessage = "The specified passkey ID had an invalid format.";
+            return RedirectToPage("./Passkeys");
+        }
+
+        var passkey = await _userManager.GetPasskeyAsync(user, credentialId);
+        if (passkey == null)
+        {
+            return NotFound($"Unable to load passkey ID '{_userManager.GetUserId(User)}'.");
+        }
+
+        // Rename
+        passkey.Name = Input?.Name;
+
+        var result = await _userManager.AddOrUpdatePasskeyAsync(user, passkey);
+        if (!result.Succeeded)
+        {
+            var userId = await _userManager.GetUserIdAsync(user);
+            throw new InvalidOperationException($"Unexpected error occurred removing passkey for user with ID '{userId}'.");
+        }
+
+        // REVIEW: Only one of the .NET 10 user stores update the Name property of the passkey. Doing direct database access here to ensure the name is stored.
+        var passkeyEntity = await _dbContext.UserPasskeys.SingleOrDefaultAsync(userPasskey => userPasskey.CredentialId.SequenceEqual(credentialId));
+        if (passkeyEntity != null)
+        {
+            passkeyEntity.Data.Name = Input?.Name;
+            await _dbContext.SaveChangesAsync();
+        }
+
+        StatusMessage = "The passkey was updated.";
+        return RedirectToPage("./Passkeys");
+    }
+}
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/_ViewImports.cshtml b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/_ViewImports.cshtml
index c63caa3..68c3b23 100644
--- a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/_ViewImports.cshtml
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/Account/_ViewImports.cshtml
@@ -1 +1,6 @@
-@using OpeniddictServer.Areas.Identity.Pages.Account
\ No newline at end of file
+@using IdentityProvider
+@using IdentityProvider.Areas.Identity
+@using IdentityProvider.Areas.Identity.Pages
+@using IdentityProvider.Areas.Identity.Pages.Account
+@using IdentityProvider.Data
+@using IdentityProvider.Passkeys
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/_ValidationScriptsPartial.cshtml b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/_ValidationScriptsPartial.cshtml
index 58713e7..5d1f685 100644
--- a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/_ValidationScriptsPartial.cshtml
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/_ValidationScriptsPartial.cshtml
@@ -1,18 +1,2 @@
-<environment include="Development">
-    <script src="~/Identity/lib/jquery-validation/dist/jquery.validate.js"></script>
-    <script src="~/Identity/lib/jquery-validation-unobtrusive/dist/jquery.validate.unobtrusive.js"></script>
-</environment>
-<environment exclude="Development">
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.17.0/jquery.validate.min.js"
-            asp-fallback-src="~/Identity/lib/jquery-validation/dist/jquery.validate.min.js"
-            asp-fallback-test="window.jQuery && window.jQuery.validator"
-            crossorigin="anonymous"
-            integrity="sha384-rZfj/ogBloos6wzLGpPkkOr/gpkBNLZ6b6yLy4o+ok+t/SAKlL5mvXLr0OXNi1Hp">
-    </script>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-validation-unobtrusive/3.2.11/jquery.validate.unobtrusive.min.js"
-            asp-fallback-src="~/Identity/lib/jquery-validation-unobtrusive/dist/jquery.validate.unobtrusive.min.js"
-            asp-fallback-test="window.jQuery && window.jQuery.validator && window.jQuery.validator.unobtrusive"
-            crossorigin="anonymous"
-            integrity="sha384-R3vNCHsZ+A2Lo3d5A6XNP7fdQkeswQWTIPfiYwSpEP3YV079R+93YzTeZRah7f/F">
-    </script>
-</environment>
+<script src="~/lib/jquery-validation/dist/jquery.validate.min.js"></script>
+<script src="~/lib/jquery-validation-unobtrusive/dist/jquery.validate.unobtrusive.min.js"></script>
diff --git a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/_ViewImports.cshtml b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/_ViewImports.cshtml
index d05cc44..3e4ac31 100644
--- a/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/_ViewImports.cshtml
+++ b/MultiIdentityProvider/IdentityProvider/Areas/Identity/Pages/_ViewImports.cshtml
@@ -1,5 +1,8 @@
-@using Microsoft.AspNetCore.Identity
-@using OpeniddictServer.Areas.Identity
-@using OpeniddictServer.Areas.Identity.Pages
+@using IdentityProvider
+@using IdentityProvider.Areas.Identity
+@using IdentityProvider.Areas.Identity.Pages
+@using IdentityProvider.Data
+@using IdentityProvider.Passkeys
+@using Microsoft.AspNetCore.Identity
 @addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers
-@using OpeniddictServer.Data
+@addTagHelper *, IdentityProvider
diff --git a/MultiIdentityProvider/IdentityProvider/Controllers/AuthorizationController.cs b/MultiIdentityProvider/IdentityProvider/Controllers/AuthorizationController.cs
index d2007d7..573e152 100644
--- a/MultiIdentityProvider/IdentityProvider/Controllers/AuthorizationController.cs
+++ b/MultiIdentityProvider/IdentityProvider/Controllers/AuthorizationController.cs
@@ -13,13 +13,13 @@
 using Microsoft.IdentityModel.Tokens;
 using OpenIddict.Abstractions;
 using OpenIddict.Server.AspNetCore;
-using OpeniddictServer.Data;
-using OpeniddictServer.Helpers;
-using OpeniddictServer.ViewModels.Authorization;
+using IdentityProvider.Data;
+using IdentityProvider.Helpers;
+using IdentityProvider.ViewModels.Authorization;
 using System.Security.Claims;
 using static OpenIddict.Abstractions.OpenIddictConstants;
 
-namespace OpeniddictServer.Controllers;
+namespace IdentityProvider.Controllers;
 
 public class AuthorizationController : Controller
 {
@@ -304,44 +304,49 @@ public async Task<IActionResult> Exchange()
             // Note: the client credentials are automatically validated by OpenIddict:
             // if client_id or client_secret are invalid, this action won't be invoked.
 
-            var application = await _applicationManager.FindByClientIdAsync(request.ClientId);
-            if (application == null)
-            {
-                throw new InvalidOperationException("The application details cannot be found in the database.");
-            }
+            return await HandleExchangeClientCredentialsGrantType(request);
+        }
 
-            // Create the claims-based identity that will be used by OpenIddict to generate tokens.
-            var identity = new ClaimsIdentity(
-                authenticationType: TokenValidationParameters.DefaultAuthenticationType,
-                nameType: Claims.Name,
-                roleType: Claims.Role);
-
-            // Add the claims that will be persisted in the tokens (use the client_id as the subject identifier).
-            identity.AddClaim(Claims.Subject, await _applicationManager.GetClientIdAsync(application));
-            identity.AddClaim(Claims.Name, await _applicationManager.GetDisplayNameAsync(application));
-
-            // Note: In the original OAuth 2.0 specification, the client credentials grant
-            // doesn't return an identity token, which is an OpenID Connect concept.
-            //
-            // As a non-standardized extension, OpenIddict allows returning an id_token
-            // to convey information about the client application when the "openid" scope
-            // is granted (i.e specified when calling principal.SetScopes()). When the "openid"
-            // scope is not explicitly set, no identity token is returned to the client application.
-
-            // Set the list of scopes granted to the client application in access_token.
-            var principal = new ClaimsPrincipal(identity);
-            principal.SetScopes(request.GetScopes());
-            principal.SetResources(await _scopeManager.ListResourcesAsync(principal.GetScopes()).ToListAsync());
-
-            foreach (var claim in principal.Claims)
-            {
-                claim.SetDestinations(GetDestinations(claim, principal));
-            }
+        throw new InvalidOperationException("The specified grant type is not supported.");
+    }
 
-            return SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
+    private async Task<IActionResult> HandleExchangeClientCredentialsGrantType(OpenIddictRequest request)
+    {
+        var application = await _applicationManager.FindByClientIdAsync(request.ClientId);
+        if (application == null)
+        {
+            throw new InvalidOperationException("The application details cannot be found in the database.");
         }
 
-        throw new InvalidOperationException("The specified grant type is not supported.");
+        // Create the claims-based identity that will be used by OpenIddict to generate tokens.
+        var identity = new ClaimsIdentity(
+            authenticationType: TokenValidationParameters.DefaultAuthenticationType,
+            nameType: Claims.Name,
+            roleType: Claims.Role);
+
+        // Add the claims that will be persisted in the tokens (use the client_id as the subject identifier).
+        identity.AddClaim(Claims.Subject, await _applicationManager.GetClientIdAsync(application));
+        identity.AddClaim(Claims.Name, await _applicationManager.GetDisplayNameAsync(application));
+
+        // Note: In the original OAuth 2.0 specification, the client credentials grant
+        // doesn't return an identity token, which is an OpenID Connect concept.
+        //
+        // As a non-standardized extension, OpenIddict allows returning an id_token
+        // to convey information about the client application when the "openid" scope
+        // is granted (i.e specified when calling principal.SetScopes()). When the "openid"
+        // scope is not explicitly set, no identity token is returned to the client application.
+
+        // Set the list of scopes granted to the client application in access_token.
+        var principal = new ClaimsPrincipal(identity);
+        principal.SetScopes(request.GetScopes());
+        principal.SetResources(await _scopeManager.ListResourcesAsync(principal.GetScopes()).ToListAsync());
+
+        foreach (var claim in principal.Claims)
+        {
+            claim.SetDestinations(GetDestinations(claim, principal));
+        }
+
+        return SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
     }
 
     private async Task<IActionResult> HandleExchangeCodeGrantType()
diff --git a/MultiIdentityProvider/IdentityProvider/Controllers/ErrorController.cs b/MultiIdentityProvider/IdentityProvider/Controllers/ErrorController.cs
index c6d3513..9cfdde2 100644
--- a/MultiIdentityProvider/IdentityProvider/Controllers/ErrorController.cs
+++ b/MultiIdentityProvider/IdentityProvider/Controllers/ErrorController.cs
@@ -6,9 +6,9 @@
 
 using Microsoft.AspNetCore;
 using Microsoft.AspNetCore.Mvc;
-using OpeniddictServer.ViewModels.Shared;
+using IdentityProvider.ViewModels.Shared;
 
-namespace OpeniddictServer.Controllers;
+namespace IdentityProvider.Controllers;
 
 public class ErrorController : Controller
 {
diff --git a/MultiIdentityProvider/IdentityProvider/Controllers/HomeController.cs b/MultiIdentityProvider/IdentityProvider/Controllers/HomeController.cs
index e01fd78..32fb0da 100644
--- a/MultiIdentityProvider/IdentityProvider/Controllers/HomeController.cs
+++ b/MultiIdentityProvider/IdentityProvider/Controllers/HomeController.cs
@@ -1,6 +1,6 @@
 using Microsoft.AspNetCore.Mvc;
 
-namespace OpeniddictServer.Controllers;
+namespace IdentityProvider.Controllers;
 
 public class HomeController : Controller
 {
diff --git a/MultiIdentityProvider/IdentityProvider/Controllers/ResourceController.cs b/MultiIdentityProvider/IdentityProvider/Controllers/ResourceController.cs
index bd452e0..94f1e33 100644
--- a/MultiIdentityProvider/IdentityProvider/Controllers/ResourceController.cs
+++ b/MultiIdentityProvider/IdentityProvider/Controllers/ResourceController.cs
@@ -2,9 +2,9 @@
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using OpenIddict.Validation.AspNetCore;
-using OpeniddictServer.Data;
+using IdentityProvider.Data;
 
-namespace OpeniddictServer.Controllers;
+namespace IdentityProvider.Controllers;
 
 [Route("api")]
 public class ResourceController : Controller
diff --git a/MultiIdentityProvider/IdentityProvider/Controllers/UserinfoController.cs b/MultiIdentityProvider/IdentityProvider/Controllers/UserinfoController.cs
index 242265b..5c8ee58 100644
--- a/MultiIdentityProvider/IdentityProvider/Controllers/UserinfoController.cs
+++ b/MultiIdentityProvider/IdentityProvider/Controllers/UserinfoController.cs
@@ -4,10 +4,10 @@
 using Microsoft.AspNetCore.Mvc;
 using OpenIddict.Abstractions;
 using OpenIddict.Server.AspNetCore;
-using OpeniddictServer.Data;
+using IdentityProvider.Data;
 using static OpenIddict.Abstractions.OpenIddictConstants;
 
-namespace OpeniddictServer.Controllers;
+namespace IdentityProvider.Controllers;
 
 public class UserinfoController : Controller
 {
diff --git a/MultiIdentityProvider/IdentityProvider/Data/ApplicationDbContext.cs b/MultiIdentityProvider/IdentityProvider/Data/ApplicationDbContext.cs
index 20dc523..a1578d9 100644
--- a/MultiIdentityProvider/IdentityProvider/Data/ApplicationDbContext.cs
+++ b/MultiIdentityProvider/IdentityProvider/Data/ApplicationDbContext.cs
@@ -1,8 +1,7 @@
-using Fido2Identity;
-using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
+using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore;
 
-namespace OpeniddictServer.Data;
+namespace IdentityProvider.Data;
 
 public class ApplicationDbContext : IdentityDbContext<ApplicationUser>
 {
@@ -11,12 +10,9 @@ public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options)
     {
     }
 
-    public DbSet<FidoStoredCredential> FidoStoredCredential => Set<FidoStoredCredential>();
-
-    protected override void OnModelCreating(ModelBuilder builder)
+    // Override to include passkey model
+    protected override void ConfigureConventions(ModelConfigurationBuilder configurationBuilder)
     {
-        builder.Entity<FidoStoredCredential>().HasKey(m => m.Id);
-
-        base.OnModelCreating(builder);
+        base.ConfigureConventions(configurationBuilder);
     }
 }
\ No newline at end of file
diff --git a/MultiIdentityProvider/IdentityProvider/Data/ApplicationUser.cs b/MultiIdentityProvider/IdentityProvider/Data/ApplicationUser.cs
index 6a2dd70..4a67f37 100644
--- a/MultiIdentityProvider/IdentityProvider/Data/ApplicationUser.cs
+++ b/MultiIdentityProvider/IdentityProvider/Data/ApplicationUser.cs
@@ -1,6 +1,6 @@
 using Microsoft.AspNetCore.Identity;
 
-namespace OpeniddictServer.Data;
+namespace IdentityProvider.Data;
 
 // Add profile data for application users by adding properties to the ApplicationUser class
 public class ApplicationUser : IdentityUser { }
diff --git a/MultiIdentityProvider/IdentityProvider/Data/PasskeyInputModel.cs b/MultiIdentityProvider/IdentityProvider/Data/PasskeyInputModel.cs
new file mode 100644
index 0000000..bba8c40
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Data/PasskeyInputModel.cs
@@ -0,0 +1,7 @@
+namespace IdentityProvider.Data;
+
+public class PasskeyInputModel
+{
+    public string? CredentialJson { get; set; }
+    public string? Error { get; set; }
+}
diff --git a/MultiIdentityProvider/IdentityProvider/Fido2/Fido2Store.cs b/MultiIdentityProvider/IdentityProvider/Fido2/Fido2Store.cs
deleted file mode 100644
index 85b16c2..0000000
--- a/MultiIdentityProvider/IdentityProvider/Fido2/Fido2Store.cs
+++ /dev/null
@@ -1,109 +0,0 @@
-using Fido2NetLib;
-using Microsoft.EntityFrameworkCore;
-using OpeniddictServer.Data;
-using System.Text;
-
-namespace Fido2Identity;
-
-public class Fido2Store
-{
-    private readonly ApplicationDbContext _applicationDbContext;
-
-    public Fido2Store(ApplicationDbContext applicationDbContext)
-    {
-        _applicationDbContext = applicationDbContext;
-    }
-
-    public async Task<ICollection<FidoStoredCredential>> GetCredentialsByUserNameAsync(string username)
-    {
-        return await _applicationDbContext.FidoStoredCredential.Where(c => c.UserName == username).ToListAsync();
-    }
-
-    public async Task RemoveCredentialsByUserNameAsync(string username)
-    {
-        var items = await _applicationDbContext.FidoStoredCredential.Where(c => c.UserName == username).ToListAsync();
-        if (items != null)
-        {
-            foreach (var fido2Key in items)
-            {
-                _applicationDbContext.FidoStoredCredential.Remove(fido2Key);
-            };
-
-            await _applicationDbContext.SaveChangesAsync();
-        }
-    }
-
-    public async Task<FidoStoredCredential?> GetCredentialByIdAsync(byte[] id)
-    {
-        var credentialIdString = Base64Url.Encode(id);
-        //byte[] credentialIdStringByte = Base64Url.Decode(credentialIdString);
-
-        var cred = await _applicationDbContext.FidoStoredCredential
-            .Where(c => c.DescriptorJson != null && c.DescriptorJson.Contains(credentialIdString))
-            .FirstOrDefaultAsync();
-
-        return cred;
-    }
-
-    public Task<ICollection<FidoStoredCredential>> GetCredentialsByUserHandleAsync(byte[] userHandle)
-    {
-        return Task.FromResult<ICollection<FidoStoredCredential>>(
-            _applicationDbContext
-                .FidoStoredCredential.Where(c => c.UserHandle != null && c.UserHandle.SequenceEqual(userHandle))
-                .ToList());
-    }
-
-    public async Task UpdateCounterAsync(byte[] credentialId, uint counter)
-    {
-        var credentialIdString = Base64Url.Encode(credentialId);
-        //byte[] credentialIdStringByte = Base64Url.Decode(credentialIdString);
-
-        var cred = await _applicationDbContext.FidoStoredCredential
-            .Where(c => c.DescriptorJson != null && c.DescriptorJson.Contains(credentialIdString)).FirstOrDefaultAsync();
-
-        if (cred != null)
-        {
-            cred.SignatureCounter = counter;
-            await _applicationDbContext.SaveChangesAsync();
-        }
-    }
-
-    public async Task AddCredentialToUserAsync(Fido2User user, FidoStoredCredential credential)
-    {
-        credential.UserId = user.Id;
-        _applicationDbContext.FidoStoredCredential.Add(credential);
-        await _applicationDbContext.SaveChangesAsync();
-    }
-
-    public async Task<ICollection<Fido2User>> GetUsersByCredentialIdAsync(byte[] credentialId)
-    {
-        var credentialIdString = Base64Url.Encode(credentialId);
-        //byte[] credentialIdStringByte = Base64Url.Decode(credentialIdString);
-
-        var cred = await _applicationDbContext.FidoStoredCredential
-            .Where(c => c.DescriptorJson != null && c.DescriptorJson.Contains(credentialIdString)).FirstOrDefaultAsync();
-
-        if (cred == null || cred.UserId == null)
-        {
-            return new List<Fido2User>();
-        }
-
-        return await _applicationDbContext.Users
-                .Where(u => Encoding.UTF8.GetBytes(u.UserName)
-                .SequenceEqual(cred.UserId))
-                .Select(u => new Fido2User
-                {
-                    DisplayName = u.UserName,
-                    Name = u.UserName,
-                    Id = Encoding.UTF8.GetBytes(u.UserName) // byte representation of userID is required
-                }).ToListAsync();
-    }
-}
-
-public static class Fido2Extenstions
-{
-    public static IEnumerable<T> NotNull<T>(this IEnumerable<T?> enumerable) where T : class
-    {
-        return enumerable.Where(e => e != null).Select(e => e!);
-    }
-}
\ No newline at end of file
diff --git a/MultiIdentityProvider/IdentityProvider/Fido2/Fido2UserTwoFactorTokenProvider.cs b/MultiIdentityProvider/IdentityProvider/Fido2/Fido2UserTwoFactorTokenProvider.cs
deleted file mode 100644
index 121478f..0000000
--- a/MultiIdentityProvider/IdentityProvider/Fido2/Fido2UserTwoFactorTokenProvider.cs
+++ /dev/null
@@ -1,22 +0,0 @@
-using Microsoft.AspNetCore.Identity;
-using OpeniddictServer.Data;
-
-namespace Fido2Identity;
-
-public class Fido2UserTwoFactorTokenProvider : IUserTwoFactorTokenProvider<ApplicationUser>
-{
-    public Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<ApplicationUser> manager, ApplicationUser user)
-    {
-        return Task.FromResult(true);
-    }
-
-    public Task<string> GenerateAsync(string purpose, UserManager<ApplicationUser> manager, ApplicationUser user)
-    {
-        return Task.FromResult("fido2");
-    }
-
-    public Task<bool> ValidateAsync(string purpose, string token, UserManager<ApplicationUser> manager, ApplicationUser user)
-    {
-        return Task.FromResult(true);
-    }
-}
\ No newline at end of file
diff --git a/MultiIdentityProvider/IdentityProvider/Fido2/FidoStoredCredential.cs b/MultiIdentityProvider/IdentityProvider/Fido2/FidoStoredCredential.cs
deleted file mode 100644
index ef69742..0000000
--- a/MultiIdentityProvider/IdentityProvider/Fido2/FidoStoredCredential.cs
+++ /dev/null
@@ -1,60 +0,0 @@
-using Fido2NetLib.Objects;
-using System.ComponentModel.DataAnnotations.Schema;
-using System.Text.Json;
-
-namespace Fido2Identity;
-
-/// <summary>
-/// Represents a WebAuthn credential.
-/// </summary>
-public class FidoStoredCredential
-{
-    /// <summary>
-    /// Gets or sets the primary key for this user.
-    /// </summary>
-    [DatabaseGenerated(DatabaseGeneratedOption.Identity)]
-    public virtual int Id { get; set; }
-
-    /// <summary>
-    /// Gets or sets the user name for this user.
-    /// </summary>
-    public virtual string? UserName { get; set; }
-
-    public virtual byte[]? UserId { get; set; }
-
-    /// <summary>
-    /// Gets or sets the public key for this user.
-    /// </summary>
-    public virtual byte[]? PublicKey { get; set; }
-
-    /// <summary>
-    /// Gets or sets the user handle for this user.
-    /// </summary>
-    public virtual byte[]? UserHandle { get; set; }
-
-    public virtual uint SignatureCounter { get; set; }
-
-    public virtual string? CredType { get; set; }
-
-    /// <summary>
-    /// Gets or sets the registration date for this user.
-    /// </summary>
-    public virtual DateTime RegDate { get; set; }
-
-    /// <summary>
-    /// Gets or sets the Authenticator Attestation GUID (AAGUID) for this user.
-    /// </summary>
-    /// <remarks>
-    /// An AAGUID is a 128-bit identifier indicating the type of the authenticator.
-    /// </remarks>
-    public virtual Guid AaGuid { get; set; }
-
-    [NotMapped]
-    public PublicKeyCredentialDescriptor? Descriptor
-    {
-        get { return string.IsNullOrWhiteSpace(DescriptorJson) ? null : JsonSerializer.Deserialize<PublicKeyCredentialDescriptor>(DescriptorJson); }
-        set { DescriptorJson = JsonSerializer.Serialize(value); }
-    }
-
-    public virtual string? DescriptorJson { get; set; }
-}
diff --git a/MultiIdentityProvider/IdentityProvider/Fido2/MfaFido2RegisterController.cs b/MultiIdentityProvider/IdentityProvider/Fido2/MfaFido2RegisterController.cs
deleted file mode 100644
index 9e26cdb..0000000
--- a/MultiIdentityProvider/IdentityProvider/Fido2/MfaFido2RegisterController.cs
+++ /dev/null
@@ -1,164 +0,0 @@
-using Fido2NetLib;
-using Fido2NetLib.Objects;
-using Microsoft.AspNetCore.Identity;
-using Microsoft.AspNetCore.Mvc;
-using Microsoft.Extensions.Options;
-using OpeniddictServer.Data;
-using System.Text;
-using static Fido2NetLib.Fido2;
-
-namespace Fido2Identity;
-
-[Route("api/[controller]")]
-public class MfaFido2RegisterController : Controller
-{
-    private readonly Fido2 _lib;
-    public static IMetadataService? _mds;
-    private readonly Fido2Store _fido2Store;
-    private readonly UserManager<ApplicationUser> _userManager;
-    private readonly IOptions<Fido2Configuration> _optionsFido2Configuration;
-
-    public MfaFido2RegisterController(
-        Fido2Store fido2Store,
-        UserManager<ApplicationUser> userManager,
-        IOptions<Fido2Configuration> optionsFido2Configuration)
-    {
-        _userManager = userManager;
-        _optionsFido2Configuration = optionsFido2Configuration;
-        _fido2Store = fido2Store;
-
-        _lib = new Fido2(new Fido2Configuration()
-        {
-            ServerDomain = _optionsFido2Configuration.Value.ServerDomain,
-            ServerName = _optionsFido2Configuration.Value.ServerName,
-            Origins = _optionsFido2Configuration.Value.Origins,
-            TimestampDriftTolerance = _optionsFido2Configuration.Value.TimestampDriftTolerance
-        });
-    }
-
-    private static string FormatException(Exception e)
-    {
-        return string.Format("{0}{1}", e.Message, e.InnerException != null ? " (" + e.InnerException.Message + ")" : "");
-    }
-
-    [HttpPost]
-    [ValidateAntiForgeryToken]
-    [Route("/mfamakeCredentialOptions")]
-    public async Task<JsonResult> MakeCredentialOptions([FromForm] string username, [FromForm] string displayName, [FromForm] string attType, [FromForm] string authType, [FromForm] bool requireResidentKey, [FromForm] string userVerification)
-    {
-        try
-        {
-            if (string.IsNullOrEmpty(username))
-            {
-                username = $"{displayName} (Usernameless user created at {DateTime.UtcNow})";
-            }
-
-            var ApplicationUser = await _userManager.FindByEmailAsync(username);
-            var user = new Fido2User
-            {
-                DisplayName = ApplicationUser.UserName,
-                Name = ApplicationUser.UserName,
-                Id = Encoding.UTF8.GetBytes(ApplicationUser.UserName) // byte representation of userID is required
-            };
-
-            // 2. Get user existing keys by username
-            var items = await _fido2Store.GetCredentialsByUserNameAsync(ApplicationUser.UserName);
-            var existingKeys = new List<PublicKeyCredentialDescriptor>();
-            foreach (var publicKeyCredentialDescriptor in items)
-            {
-                if (publicKeyCredentialDescriptor.Descriptor != null)
-                    existingKeys.Add(publicKeyCredentialDescriptor.Descriptor);
-            }
-
-            // 3. Create options
-            var authenticatorSelection = new AuthenticatorSelection
-            {
-                RequireResidentKey = requireResidentKey,
-                UserVerification = userVerification.ToEnum<UserVerificationRequirement>()
-            };
-
-            if (!string.IsNullOrEmpty(authType))
-                authenticatorSelection.AuthenticatorAttachment = authType.ToEnum<AuthenticatorAttachment>();
-
-            var exts = new AuthenticationExtensionsClientInputs
-            {
-                Extensions = true,
-                UserVerificationMethod = true,
-            };
-
-            var options = _lib.RequestNewCredential(
-                user, existingKeys,
-                authenticatorSelection, attType.ToEnum<AttestationConveyancePreference>(), exts);
-
-            // 4. Temporarily store options, session/in-memory cache/redis/db
-            HttpContext.Session.SetString("fido2.attestationOptions", options.ToJson());
-
-            // 5. return options to client
-            return Json(options);
-        }
-        catch (Exception e)
-        {
-            return Json(new CredentialCreateOptions { Status = "error", ErrorMessage = FormatException(e) });
-        }
-    }
-
-    [HttpPost]
-    [ValidateAntiForgeryToken]
-    [Route("/mfamakeCredential")]
-    public async Task<JsonResult> MakeCredential([FromBody] AuthenticatorAttestationRawResponse attestationResponse)
-    {
-        try
-        {
-            // 1. get the options we sent the client
-            var jsonOptions = HttpContext.Session.GetString("fido2.attestationOptions");
-            var options = CredentialCreateOptions.FromJson(jsonOptions);
-
-            // 2. Create callback so that lib can verify credential id is unique to this user
-            async Task<bool> callback(IsCredentialIdUniqueToUserParams args, CancellationToken cancellationToken)
-            {
-                var users = await _fido2Store.GetUsersByCredentialIdAsync(args.CredentialId);
-                if (users.Count > 0) return false;
-
-                return true;
-            }
-
-            // 2. Verify and make the credentials
-            var success = await _lib.MakeNewCredentialAsync(attestationResponse, options, callback);
-
-            if (success.Result != null)
-            {
-                // 3. Store the credentials in db
-                await _fido2Store.AddCredentialToUserAsync(options.User, new FidoStoredCredential
-                {
-                    UserName = options.User.Name,
-                    Descriptor = new PublicKeyCredentialDescriptor(success.Result.CredentialId),
-                    PublicKey = success.Result.PublicKey,
-                    UserHandle = success.Result.User.Id,
-                    SignatureCounter = success.Result.Counter,
-                    CredType = success.Result.CredType,
-                    RegDate = DateTime.Now,
-                    AaGuid = success.Result.Aaguid
-                });
-            }
-
-            // 4. return "ok" to the client
-
-            var user = await _userManager.GetUserAsync(User);
-            if (user == null)
-            {
-                return Json(new CredentialMakeResult("error",
-                        $"Unable to load user with ID '{_userManager.GetUserId(User)}'.",
-                        success.Result));
-            }
-
-            await _userManager.SetTwoFactorEnabledAsync(user, true);
-            var userId = await _userManager.GetUserIdAsync(user);
-
-            return Json(success);
-        }
-        catch (Exception e)
-        {
-            return Json(new CredentialMakeResult("error", FormatException(e), null));
-        }
-    }
-}
\ No newline at end of file
diff --git a/MultiIdentityProvider/IdentityProvider/Fido2/MfaFido2SignInFidoController.cs b/MultiIdentityProvider/IdentityProvider/Fido2/MfaFido2SignInFidoController.cs
deleted file mode 100644
index a2e7090..0000000
--- a/MultiIdentityProvider/IdentityProvider/Fido2/MfaFido2SignInFidoController.cs
+++ /dev/null
@@ -1,157 +0,0 @@
-using Fido2NetLib;
-using Fido2NetLib.Objects;
-using Microsoft.AspNetCore.Identity;
-using Microsoft.AspNetCore.Mvc;
-using Microsoft.Extensions.Options;
-using OpeniddictServer.Data;
-using System.Text;
-
-namespace Fido2Identity;
-
-[Route("api/[controller]")]
-public class MfaFido2SignInFidoController : Controller
-{
-    private readonly Fido2 _lib;
-    private readonly Fido2Store _fido2Store;
-    private readonly SignInManager<ApplicationUser> _signInManager;
-    private readonly IOptions<Fido2Configuration> _optionsFido2Configuration;
-
-    public MfaFido2SignInFidoController(
-        Fido2Store fido2Store,
-        SignInManager<ApplicationUser> signInManager,
-        IOptions<Fido2Configuration> optionsFido2Configuration)
-    {
-        _optionsFido2Configuration = optionsFido2Configuration;
-        _signInManager = signInManager;
-        _fido2Store = fido2Store;
-
-        _lib = new Fido2(new Fido2Configuration()
-        {
-            ServerDomain = _optionsFido2Configuration.Value.ServerDomain,
-            ServerName = _optionsFido2Configuration.Value.ServerName,
-            Origins = _optionsFido2Configuration.Value.Origins,
-            TimestampDriftTolerance = _optionsFido2Configuration.Value.TimestampDriftTolerance
-        });
-    }
-
-    private static string FormatException(Exception e)
-    {
-        return string.Format("{0}{1}", e.Message, e.InnerException != null ? " (" + e.InnerException.Message + ")" : "");
-    }
-
-    [HttpPost]
-    [ValidateAntiForgeryToken]
-    [Route("/mfaassertionOptions")]
-    public async Task<ActionResult> AssertionOptionsPost([FromForm] string username, [FromForm] string userVerification)
-    {
-        try
-        {
-            var ApplicationUser = await _signInManager.GetTwoFactorAuthenticationUserAsync();
-            if (ApplicationUser == null)
-            {
-                throw new InvalidOperationException($"Unable to load two-factor authentication user.");
-            }
-
-            var existingCredentials = new List<PublicKeyCredentialDescriptor>();
-
-            if (!string.IsNullOrEmpty(ApplicationUser.UserName))
-            {
-
-                var user = new Fido2User
-                {
-                    DisplayName = ApplicationUser.UserName,
-                    Name = ApplicationUser.UserName,
-                    Id = Encoding.UTF8.GetBytes(ApplicationUser.UserName) // byte representation of userID is required
-                };
-
-                if (user == null) throw new ArgumentException("Username was not registered");
-
-                // 2. Get registered credentials from database
-                var items = await _fido2Store.GetCredentialsByUserNameAsync(ApplicationUser.UserName);
-                existingCredentials = items.Select(c => c.Descriptor).NotNull().ToList();
-            }
-
-            var exts = new AuthenticationExtensionsClientInputs
-            {
-                UserVerificationMethod = true,
-            };
-            // 3. Create options
-            var uv = string.IsNullOrEmpty(userVerification) ? UserVerificationRequirement.Discouraged : userVerification.ToEnum<UserVerificationRequirement>();
-            var options = _lib.GetAssertionOptions(
-                existingCredentials,
-                uv,
-                exts
-            );
-
-            // 4. Temporarily store options, session/in-memory cache/redis/db
-            HttpContext.Session.SetString("fido2.assertionOptions", options.ToJson());
-
-            // 5. Return options to client
-            return Json(options);
-        }
-
-        catch (Exception e)
-        {
-            return Json(new AssertionOptions { Status = "error", ErrorMessage = FormatException(e) });
-        }
-    }
-
-    [HttpPost]
-    [ValidateAntiForgeryToken]
-    [Route("/mfamakeAssertion")]
-    public async Task<JsonResult> MakeAssertion([FromBody] AuthenticatorAssertionRawResponse clientResponse)
-    {
-        try
-        {
-            // 1. Get the assertion options we sent the client
-            var jsonOptions = HttpContext.Session.GetString("fido2.assertionOptions");
-            var options = AssertionOptions.FromJson(jsonOptions);
-
-            // 2. Get registered credential from database
-            var creds = await _fido2Store.GetCredentialByIdAsync(clientResponse.Id);
-
-            if (creds == null)
-            {
-                throw new Exception("Unknown credentials");
-            }
-
-            // 3. Get credential counter from database
-            var storedCounter = creds.SignatureCounter;
-
-            // 4. Create callback to check if userhandle owns the credentialId
-            IsUserHandleOwnerOfCredentialIdAsync callback = async (args, cancellationToken) =>
-            {
-                var storedCreds = await _fido2Store.GetCredentialsByUserHandleAsync(args.UserHandle);
-                return storedCreds.Any(c => c.Descriptor != null && c.Descriptor.Id.SequenceEqual(args.CredentialId));
-            };
-
-            if (creds.PublicKey == null)
-            {
-                throw new InvalidOperationException($"No public key");
-            }
-
-            // 5. Make the assertion
-            var res = await _lib.MakeAssertionAsync(
-                clientResponse, options, creds.PublicKey, storedCounter, callback);
-
-            // 6. Store the updated counter
-            await _fido2Store.UpdateCounterAsync(res.CredentialId, res.Counter);
-
-            // complete sign-in
-            var user = await _signInManager.GetTwoFactorAuthenticationUserAsync();
-            if (user == null)
-            {
-                throw new InvalidOperationException($"Unable to load two-factor authentication user.");
-            }
-
-            var result = await _signInManager.TwoFactorSignInAsync("FIDO2", string.Empty, false, false);
-
-            // 7. return OK to client
-            return Json(res);
-        }
-        catch (Exception e)
-        {
-            return Json(new AssertionVerificationResult { Status = "error", ErrorMessage = FormatException(e) });
-        }
-    }
-}
diff --git a/MultiIdentityProvider/IdentityProvider/Fido2/PwFido2RegisterController.cs b/MultiIdentityProvider/IdentityProvider/Fido2/PwFido2RegisterController.cs
deleted file mode 100644
index d860548..0000000
--- a/MultiIdentityProvider/IdentityProvider/Fido2/PwFido2RegisterController.cs
+++ /dev/null
@@ -1,175 +0,0 @@
-using Fido2NetLib;
-using Fido2NetLib.Objects;
-using Microsoft.AspNetCore.Identity;
-using Microsoft.AspNetCore.Mvc;
-using Microsoft.Extensions.Options;
-using OpeniddictServer.Data;
-using System.Text;
-using static Fido2NetLib.Fido2;
-
-namespace Fido2Identity;
-
-[Route("api/[controller]")]
-public class PwFido2RegisterController : Controller
-{
-    private readonly Fido2 _lib;
-    private readonly Fido2Store _fido2Store;
-    private readonly UserManager<ApplicationUser> _userManager;
-    private readonly IOptions<Fido2Configuration> _optionsFido2Configuration;
-
-
-    public PwFido2RegisterController(
-        Fido2Store fido2Store,
-        UserManager<ApplicationUser> userManager,
-        IOptions<Fido2Configuration> optionsFido2Configuration)
-    {
-        _userManager = userManager;
-        _optionsFido2Configuration = optionsFido2Configuration;
-        _fido2Store = fido2Store;
-
-        _lib = new Fido2(new Fido2Configuration()
-        {
-            ServerDomain = _optionsFido2Configuration.Value.ServerDomain,
-            ServerName = _optionsFido2Configuration.Value.ServerName,
-            Origins = _optionsFido2Configuration.Value.Origins,
-            TimestampDriftTolerance = _optionsFido2Configuration.Value.TimestampDriftTolerance
-        });
-    }
-
-    private static string FormatException(Exception e)
-    {
-        return string.Format("{0}{1}", e.Message, e.InnerException != null ? " (" + e.InnerException.Message + ")" : "");
-    }
-
-    [HttpPost]
-    [ValidateAntiForgeryToken]
-    [Route("/pwmakeCredentialOptions")]
-    public async Task<JsonResult> MakeCredentialOptions([FromForm] string username, [FromForm] string displayName, [FromForm] string attType, [FromForm] string authType, [FromForm] bool requireResidentKey, [FromForm] string userVerification)
-    {
-        try
-        {
-            if (string.IsNullOrEmpty(username))
-            {
-                username = $"{displayName} (Usernameless user created at {DateTime.UtcNow})";
-            }
-
-            var user = new Fido2User
-            {
-                DisplayName = displayName,
-                Name = username,
-                Id = Encoding.UTF8.GetBytes(username) // byte representation of userID is required
-            };
-
-            // 2. Get user existing keys by username
-            var items = await _fido2Store.GetCredentialsByUserNameAsync(username);
-            var existingKeys = new List<PublicKeyCredentialDescriptor>();
-            foreach (var publicKeyCredentialDescriptor in items)
-            {
-                if (publicKeyCredentialDescriptor.Descriptor != null)
-                    existingKeys.Add(publicKeyCredentialDescriptor.Descriptor);
-            }
-
-            // 3. Create options
-            var authenticatorSelection = new AuthenticatorSelection
-            {
-                RequireResidentKey = requireResidentKey,
-                UserVerification = userVerification.ToEnum<UserVerificationRequirement>()
-            };
-
-            if (!string.IsNullOrEmpty(authType))
-                authenticatorSelection.AuthenticatorAttachment = authType.ToEnum<AuthenticatorAttachment>();
-
-            var exts = new AuthenticationExtensionsClientInputs
-            {
-                Extensions = true,
-                UserVerificationMethod = true,
-            };
-
-            var options = _lib.RequestNewCredential(user, existingKeys, authenticatorSelection, attType.ToEnum<AttestationConveyancePreference>(), exts);
-
-            // 4. Temporarily store options, session/in-memory cache/redis/db
-            HttpContext.Session.SetString("fido2.attestationOptions", options.ToJson());
-
-            // 5. return options to client
-            return Json(options);
-        }
-        catch (Exception e)
-        {
-            return Json(new CredentialCreateOptions { Status = "error", ErrorMessage = FormatException(e) });
-        }
-    }
-
-    [HttpPost]
-    [ValidateAntiForgeryToken]
-    [Route("/pwmakeCredential")]
-    public async Task<JsonResult> MakeCredential([FromBody] AuthenticatorAttestationRawResponse attestationResponse)
-    {
-        try
-        {
-            // 1. get the options we sent the client
-            var jsonOptions = HttpContext.Session.GetString("fido2.attestationOptions");
-            var options = CredentialCreateOptions.FromJson(jsonOptions);
-
-            // 2. Create callback so that lib can verify credential id is unique to this user
-            IsCredentialIdUniqueToUserAsyncDelegate callback = async (args, cancellationToken) =>
-            {
-                var users = await _fido2Store.GetUsersByCredentialIdAsync(args.CredentialId);
-                if (users.Count > 0) return false;
-
-                return true;
-            };
-
-            // 2. Verify and make the credentials
-            var success = await _lib.MakeNewCredentialAsync(attestationResponse, options, callback);
-
-            if (success.Result != null)
-            {
-                // 3. Store the credentials in db
-                await _fido2Store.AddCredentialToUserAsync(options.User, new FidoStoredCredential
-                {
-                    UserName = options.User.Name,
-                    Descriptor = new PublicKeyCredentialDescriptor(success.Result.CredentialId),
-                    PublicKey = success.Result.PublicKey,
-                    UserHandle = success.Result.User.Id,
-                    SignatureCounter = success.Result.Counter,
-                    CredType = success.Result.CredType,
-                    RegDate = DateTime.Now,
-                    AaGuid = success.Result.Aaguid
-                });
-            }
-
-            // 4. return "ok" to the client
-
-            var user = await CreateUser(options.User.Name);
-            // await _userManager.GetUserAsync(User);
-
-            if (user == null)
-            {
-                return Json(new CredentialMakeResult("error",
-                    $"Unable to load user with ID '{_userManager.GetUserId(User)}'.",
-                    success.Result));
-            }
-
-            //await _userManager.SetTwoFactorEnabledAsync(user, true);
-            //var userId = await _userManager.FindByNameAsync(user);
-
-            return Json(success);
-        }
-        catch (Exception e)
-        {
-            return Json(new CredentialMakeResult("error", FormatException(e), null));
-        }
-    }
-
-    private async Task<ApplicationUser> CreateUser(string userEmail)
-    {
-        var user = new ApplicationUser { UserName = userEmail, Email = userEmail, EmailConfirmed = true };
-        var result = await _userManager.CreateAsync(user);
-        if (result.Succeeded)
-        {
-            //await _signInManager.SignInAsync(user, isPersistent: false);
-        }
-
-        return user;
-    }
-}
\ No newline at end of file
diff --git a/MultiIdentityProvider/IdentityProvider/Fido2/PwFido2SignInController.cs b/MultiIdentityProvider/IdentityProvider/Fido2/PwFido2SignInController.cs
deleted file mode 100644
index c2f8def..0000000
--- a/MultiIdentityProvider/IdentityProvider/Fido2/PwFido2SignInController.cs
+++ /dev/null
@@ -1,156 +0,0 @@
-using Fido2NetLib;
-using Fido2NetLib.Objects;
-using Microsoft.AspNetCore.Identity;
-using Microsoft.AspNetCore.Mvc;
-using Microsoft.Extensions.Options;
-using OpeniddictServer.Data;
-using System.Text;
-
-namespace Fido2Identity;
-
-[Route("api/[controller]")]
-public class PwFido2SignInController : Controller
-{
-    private readonly Fido2 _lib;
-    private readonly Fido2Store _fido2Store;
-    private readonly UserManager<ApplicationUser> _userManager;
-    private readonly SignInManager<ApplicationUser> _signInManager;
-    private readonly IOptions<Fido2Configuration> _optionsFido2Configuration;
-
-    public PwFido2SignInController(
-        Fido2Store fido2Store,
-        UserManager<ApplicationUser> userManager,
-        SignInManager<ApplicationUser> signInManager,
-        IOptions<Fido2Configuration> optionsFido2Configuration)
-    {
-        _userManager = userManager;
-        _optionsFido2Configuration = optionsFido2Configuration;
-        _signInManager = signInManager;
-        _userManager = userManager;
-        _fido2Store = fido2Store;
-
-        _lib = new Fido2(new Fido2Configuration()
-        {
-            ServerDomain = _optionsFido2Configuration.Value.ServerDomain,
-            ServerName = _optionsFido2Configuration.Value.ServerName,
-            Origins = _optionsFido2Configuration.Value.Origins,
-            TimestampDriftTolerance = _optionsFido2Configuration.Value.TimestampDriftTolerance
-        });
-    }
-
-    private static string FormatException(Exception e)
-    {
-        return string.Format("{0}{1}", e.Message, e.InnerException != null ? " (" + e.InnerException.Message + ")" : "");
-    }
-
-    [HttpPost]
-    [ValidateAntiForgeryToken]
-    [Route("/pwassertionOptions")]
-    public async Task<ActionResult> AssertionOptionsPost([FromForm] string username, [FromForm] string userVerification)
-    {
-        try
-        {
-
-            var existingCredentials = new List<PublicKeyCredentialDescriptor>();
-
-            if (!string.IsNullOrEmpty(username))
-            {
-                var ApplicationUser = await _userManager.FindByNameAsync(username);
-                var user = new Fido2User
-                {
-                    DisplayName = ApplicationUser.UserName,
-                    Name = ApplicationUser.UserName,
-                    Id = Encoding.UTF8.GetBytes(ApplicationUser.UserName) // byte representation of userID is required
-                };
-
-                if (user == null) throw new ArgumentException("Username was not registered");
-
-                // 2. Get registered credentials from database
-                var items = await _fido2Store.GetCredentialsByUserNameAsync(ApplicationUser.UserName);
-                existingCredentials = items.Select(c => c.Descriptor).NotNull().ToList();
-            }
-
-            var exts = new AuthenticationExtensionsClientInputs
-            {
-                UserVerificationMethod = true,
-            };
-
-            // 3. Create options
-            var uv = string.IsNullOrEmpty(userVerification) ? UserVerificationRequirement.Discouraged : userVerification.ToEnum<UserVerificationRequirement>();
-            var options = _lib.GetAssertionOptions(
-                existingCredentials,
-                uv,
-                exts
-            );
-
-            // 4. Temporarily store options, session/in-memory cache/redis/db
-            HttpContext.Session.SetString("fido2.assertionOptions", options.ToJson());
-
-            // 5. Return options to client
-            return Json(options);
-        }
-
-        catch (Exception e)
-        {
-            return Json(new AssertionOptions { Status = "error", ErrorMessage = FormatException(e) });
-        }
-    }
-
-    [HttpPost]
-    [ValidateAntiForgeryToken]
-    [Route("/pwmakeAssertion")]
-    public async Task<JsonResult> MakeAssertion([FromBody] AuthenticatorAssertionRawResponse clientResponse)
-    {
-        try
-        {
-            // 1. Get the assertion options we sent the client
-            var jsonOptions = HttpContext.Session.GetString("fido2.assertionOptions");
-            var options = AssertionOptions.FromJson(jsonOptions);
-
-            // 2. Get registered credential from database
-            var creds = await _fido2Store.GetCredentialByIdAsync(clientResponse.Id);
-
-            if (creds == null)
-            {
-                throw new Exception("Unknown credentials");
-            }
-
-            // 3. Get credential counter from database
-            var storedCounter = creds.SignatureCounter;
-
-            // 4. Create callback to check if userhandle owns the credentialId
-            IsUserHandleOwnerOfCredentialIdAsync callback = async (args, cancellationToken) =>
-            {
-                var storedCreds = await _fido2Store.GetCredentialsByUserHandleAsync(args.UserHandle);
-                return storedCreds.Any(c => c.Descriptor != null && c.Descriptor.Id.SequenceEqual(args.CredentialId));
-            };
-
-            if (creds.PublicKey == null)
-            {
-                throw new InvalidOperationException($"No public key");
-            }
-
-            // 5. Make the assertion
-            var res = await _lib.MakeAssertionAsync(
-                clientResponse, options, creds.PublicKey, storedCounter, callback);
-
-            // 6. Store the updated counter
-            await _fido2Store.UpdateCounterAsync(res.CredentialId, res.Counter);
-
-            var ApplicationUser = await _userManager.FindByNameAsync(creds.UserName);
-            if (ApplicationUser == null)
-            {
-                throw new InvalidOperationException($"Unable to load user.");
-            }
-
-            await _signInManager.SignInAsync(ApplicationUser, isPersistent: false);
-
-            // 7. return OK to client
-            return Json(res);
-        }
-        catch (Exception e)
-        {
-            return Json(new AssertionVerificationResult { Status = "error", ErrorMessage = FormatException(e) });
-        }
-    }
-}
diff --git a/MultiIdentityProvider/IdentityProvider/Helpers/AsyncEnumerableExtensions.cs b/MultiIdentityProvider/IdentityProvider/Helpers/AsyncEnumerableExtensions.cs
index ccf4aed..56eef10 100644
--- a/MultiIdentityProvider/IdentityProvider/Helpers/AsyncEnumerableExtensions.cs
+++ b/MultiIdentityProvider/IdentityProvider/Helpers/AsyncEnumerableExtensions.cs
@@ -1,4 +1,4 @@
-namespace OpeniddictServer.Helpers;
+namespace IdentityProvider.Helpers;
 
 public static class AsyncEnumerableExtensions
 {
diff --git a/MultiIdentityProvider/IdentityProvider/Helpers/FormValueRequiredAttribute.cs b/MultiIdentityProvider/IdentityProvider/Helpers/FormValueRequiredAttribute.cs
index 7989c18..8fe5628 100644
--- a/MultiIdentityProvider/IdentityProvider/Helpers/FormValueRequiredAttribute.cs
+++ b/MultiIdentityProvider/IdentityProvider/Helpers/FormValueRequiredAttribute.cs
@@ -1,7 +1,7 @@
 using Microsoft.AspNetCore.Mvc.Abstractions;
 using Microsoft.AspNetCore.Mvc.ActionConstraints;
 
-namespace OpeniddictServer.Helpers;
+namespace IdentityProvider.Helpers;
 
 public sealed class FormValueRequiredAttribute : ActionMethodSelectorAttribute
 {
diff --git a/MultiIdentityProvider/IdentityProvider/HostingExtensions.cs b/MultiIdentityProvider/IdentityProvider/HostingExtensions.cs
index 7ef777b..711655b 100644
--- a/MultiIdentityProvider/IdentityProvider/HostingExtensions.cs
+++ b/MultiIdentityProvider/IdentityProvider/HostingExtensions.cs
@@ -1,15 +1,14 @@
-using Fido2Identity;
-using Fido2NetLib;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.EntityFrameworkCore;
-using Microsoft.IdentityModel.JsonWebTokens;
 using Microsoft.IdentityModel.Logging;
-using OpeniddictServer.Data;
+using IdentityProvider.Data;
+using IdentityProvider.Passkeys;
 using Quartz;
 using Serilog;
 using static OpenIddict.Abstractions.OpenIddictConstants;
+using Microsoft.IdentityModel.JsonWebTokens;
 
-namespace OpeniddictServer;
+namespace IdentityProvider;
 
 internal static class HostingExtensions
 {
@@ -21,9 +20,11 @@ public static WebApplication ConfigureServices(this WebApplicationBuilder builde
         services.AddControllersWithViews();
         services.AddRazorPages();
 
+        services.AddHttpContextAccessor();
+
         services.AddDbContext<ApplicationDbContext>(options =>
         {
-            // Configure the context to use Microsoft SQL Server.
+            // Configure the context to use Microsoft SQLite.
             options.UseSqlite(configuration.GetConnectionString("DefaultConnection"));
 
             // Register the entity sets needed by OpenIddict.
@@ -34,14 +35,13 @@ public static WebApplication ConfigureServices(this WebApplicationBuilder builde
 
         services.AddDatabaseDeveloperPageExceptionFilter();
 
-        services.AddIdentity<ApplicationUser, IdentityRole>()
-          .AddEntityFrameworkStores<ApplicationDbContext>()
-          .AddDefaultTokenProviders()
-          .AddDefaultUI()
-          .AddTokenProvider<Fido2UserTwoFactorTokenProvider>("FIDO2");
-
-        services.Configure<Fido2Configuration>(configuration.GetSection("fido2"));
-        services.AddScoped<Fido2Store>();
+        services.AddIdentity<ApplicationUser, IdentityRole>(options =>
+        {
+            options.Stores.SchemaVersion = IdentitySchemaVersions.Version3;
+        })
+        .AddEntityFrameworkStores<ApplicationDbContext>()
+        .AddDefaultTokenProviders()
+        .AddDefaultUI();
 
         services.AddDistributedMemoryCache();
 
@@ -79,21 +79,6 @@ public static WebApplication ConfigureServices(this WebApplicationBuilder builde
             options.UseInMemoryStore();
         });
 
-        services.AddCors(options =>
-        {
-            options.AddPolicy("AllowAllOrigins",
-                builder =>
-                {
-                    builder
-                        .AllowCredentials()
-                        .WithOrigins(
-                            "https://localhost:4200")
-                        .SetIsOriginAllowedToAllowWildcardSubdomains()
-                        .AllowAnyHeader()
-                        .AllowAnyMethod();
-                });
-        });
-
         // Register the Quartz.NET service and configure it to block shutdown until jobs are complete.
         services.AddQuartzHostedService(options => options.WaitForJobsToComplete = true);
 
@@ -162,7 +147,6 @@ public static WebApplication ConfigureServices(this WebApplicationBuilder builde
         // Note: in a real world application, this step should be part of a setup script.
         services.AddHostedService<Worker>();
 
-
         return builder.Build();
     }
 
@@ -185,21 +169,23 @@ public static WebApplication ConfigurePipeline(this WebApplication app)
             //app.UseHsts();
         }
 
-        app.UseCors("AllowAllOrigins");
-
         app.UseHttpsRedirection();
         app.UseStaticFiles();
-
         app.UseRouting();
 
         app.UseAuthentication();
         app.UseAuthorization();
+        app.MapStaticAssets();
+        app.UseAntiforgery();
 
         app.UseSession();
 
+        app.MapPasskeyEndpoints();
+
         app.MapControllers();
         app.MapDefaultControllerRoute();
-        app.MapRazorPages();
+        app.MapRazorPages()
+            .WithStaticAssets();
 
         return app;
     }
diff --git a/MultiIdentityProvider/IdentityProvider/IdentityProvider.csproj b/MultiIdentityProvider/IdentityProvider/IdentityProvider.csproj
index d89eca2..56958b8 100644
--- a/MultiIdentityProvider/IdentityProvider/IdentityProvider.csproj
+++ b/MultiIdentityProvider/IdentityProvider/IdentityProvider.csproj
@@ -9,21 +9,24 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Fido2" Version="3.0.1" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="10.0.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="10.0.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="10.0.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Identity.UI" Version="10.0.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="10.0.0" />
-    <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="10.0.0" />
-    <PackageReference Include="Microsoft.EntityFrameworkCore.Tools" PrivateAssets="All" Version="10.0.0" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="10.0.3" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="10.0.3" />
+    <PackageReference Include="Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore" Version="10.0.3" />
+    <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="10.0.3" />
+    <PackageReference Include="Microsoft.AspNetCore.Identity.UI" Version="10.0.3" />
+    <PackageReference Include="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="10.0.3" />
+    <PackageReference Include="Microsoft.CodeAnalysis.CSharp.Features" Version="5.0.0" />
+    <PackageReference Include="Microsoft.CodeAnalysis.Features" Version="5.0.0" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Tools" PrivateAssets="All" Version="10.0.3" />
+    <PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="10.0.2" />
     <PackageReference Include="OpenIddict.AspNetCore" Version="7.2.0" />
     <PackageReference Include="OpenIddict.EntityFrameworkCore" Version="7.2.0" />
     <PackageReference Include="OpenIddict.Quartz" Version="7.2.0" />
     <PackageReference Include="Quartz.Extensions.Hosting" Version="3.15.1" />
 
     <PackageReference Include="Serilog.AspNetCore" Version="10.0.0" />
-    <PackageReference Include="Serilog.Extensions.Logging" Version="10.0.0" />
+    <PackageReference Include="Serilog.Settings.Configuration" Version="10.0.0" />
+    <PackageReference Include="Serilog.Sinks.Seq" Version="9.0.0" />
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="10.1.4" />
   </ItemGroup>
-
 </Project>
diff --git a/MultiIdentityProvider/IdentityProvider/Migrations/20220827060047_add-fido2.Designer.cs b/MultiIdentityProvider/IdentityProvider/Migrations/20220827060047_add-fido2.Designer.cs
deleted file mode 100644
index cbe48e3..0000000
--- a/MultiIdentityProvider/IdentityProvider/Migrations/20220827060047_add-fido2.Designer.cs
+++ /dev/null
@@ -1,539 +0,0 @@
-// <auto-generated />
-using System;
-using Microsoft.EntityFrameworkCore;
-using Microsoft.EntityFrameworkCore.Infrastructure;
-using Microsoft.EntityFrameworkCore.Migrations;
-using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
-using OpeniddictServer.Data;
-
-#nullable disable
-
-namespace IdentityProvider.Migrations
-{
-    [DbContext(typeof(ApplicationDbContext))]
-    [Migration("20220827060047_add-fido2")]
-    partial class addfido2
-    {
-        protected override void BuildTargetModel(ModelBuilder modelBuilder)
-        {
-#pragma warning disable 612, 618
-            modelBuilder.HasAnnotation("ProductVersion", "6.0.8");
-
-            modelBuilder.Entity("Fido2Identity.FidoStoredCredential", b =>
-                {
-                    b.Property<int>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("INTEGER");
-
-                    b.Property<Guid>("AaGuid")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("CredType")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("DescriptorJson")
-                        .HasColumnType("TEXT");
-
-                    b.Property<byte[]>("PublicKey")
-                        .HasColumnType("BLOB");
-
-                    b.Property<DateTime>("RegDate")
-                        .HasColumnType("TEXT");
-
-                    b.Property<uint>("SignatureCounter")
-                        .HasColumnType("INTEGER");
-
-                    b.Property<byte[]>("UserHandle")
-                        .HasColumnType("BLOB");
-
-                    b.Property<byte[]>("UserId")
-                        .HasColumnType("BLOB");
-
-                    b.Property<string>("UserName")
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("Id");
-
-                    b.ToTable("FidoStoredCredential");
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRole", b =>
-                {
-                    b.Property<string>("Id")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ConcurrencyStamp")
-                        .IsConcurrencyToken()
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Name")
-                        .HasMaxLength(256)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("NormalizedName")
-                        .HasMaxLength(256)
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("NormalizedName")
-                        .IsUnique()
-                        .HasDatabaseName("RoleNameIndex");
-
-                    b.ToTable("AspNetRoles", (string)null);
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
-                {
-                    b.Property<int>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("INTEGER");
-
-                    b.Property<string>("ClaimType")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ClaimValue")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("RoleId")
-                        .IsRequired()
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("RoleId");
-
-                    b.ToTable("AspNetRoleClaims", (string)null);
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
-                {
-                    b.Property<int>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("INTEGER");
-
-                    b.Property<string>("ClaimType")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ClaimValue")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("UserId")
-                        .IsRequired()
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("UserId");
-
-                    b.ToTable("AspNetUserClaims", (string)null);
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
-                {
-                    b.Property<string>("LoginProvider")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ProviderKey")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ProviderDisplayName")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("UserId")
-                        .IsRequired()
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("LoginProvider", "ProviderKey");
-
-                    b.HasIndex("UserId");
-
-                    b.ToTable("AspNetUserLogins", (string)null);
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
-                {
-                    b.Property<string>("UserId")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("RoleId")
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("UserId", "RoleId");
-
-                    b.HasIndex("RoleId");
-
-                    b.ToTable("AspNetUserRoles", (string)null);
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
-                {
-                    b.Property<string>("UserId")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("LoginProvider")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Name")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Value")
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("UserId", "LoginProvider", "Name");
-
-                    b.ToTable("AspNetUserTokens", (string)null);
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreApplication", b =>
-                {
-                    b.Property<string>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ClientId")
-                        .HasMaxLength(100)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ClientSecret")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ConcurrencyToken")
-                        .IsConcurrencyToken()
-                        .HasMaxLength(50)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ConsentType")
-                        .HasMaxLength(50)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("DisplayName")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("DisplayNames")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Permissions")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("PostLogoutRedirectUris")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Properties")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("RedirectUris")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Requirements")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Type")
-                        .HasMaxLength(50)
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("ClientId")
-                        .IsUnique();
-
-                    b.ToTable("OpenIddictApplications", (string)null);
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreAuthorization", b =>
-                {
-                    b.Property<string>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ApplicationId")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ConcurrencyToken")
-                        .IsConcurrencyToken()
-                        .HasMaxLength(50)
-                        .HasColumnType("TEXT");
-
-                    b.Property<DateTime?>("CreationDate")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Properties")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Scopes")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Status")
-                        .HasMaxLength(50)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Subject")
-                        .HasMaxLength(400)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Type")
-                        .HasMaxLength(50)
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("ApplicationId", "Status", "Subject", "Type");
-
-                    b.ToTable("OpenIddictAuthorizations", (string)null);
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreScope", b =>
-                {
-                    b.Property<string>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ConcurrencyToken")
-                        .IsConcurrencyToken()
-                        .HasMaxLength(50)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Description")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Descriptions")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("DisplayName")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("DisplayNames")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Name")
-                        .HasMaxLength(200)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Properties")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Resources")
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("Name")
-                        .IsUnique();
-
-                    b.ToTable("OpenIddictScopes", (string)null);
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreToken", b =>
-                {
-                    b.Property<string>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ApplicationId")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("AuthorizationId")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ConcurrencyToken")
-                        .IsConcurrencyToken()
-                        .HasMaxLength(50)
-                        .HasColumnType("TEXT");
-
-                    b.Property<DateTime?>("CreationDate")
-                        .HasColumnType("TEXT");
-
-                    b.Property<DateTime?>("ExpirationDate")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Payload")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Properties")
-                        .HasColumnType("TEXT");
-
-                    b.Property<DateTime?>("RedemptionDate")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ReferenceId")
-                        .HasMaxLength(100)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Status")
-                        .HasMaxLength(50)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Subject")
-                        .HasMaxLength(400)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Type")
-                        .HasMaxLength(50)
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("AuthorizationId");
-
-                    b.HasIndex("ReferenceId")
-                        .IsUnique();
-
-                    b.HasIndex("ApplicationId", "Status", "Subject", "Type");
-
-                    b.ToTable("OpenIddictTokens", (string)null);
-                });
-
-            modelBuilder.Entity("OpeniddictServer.Data.ApplicationUser", b =>
-                {
-                    b.Property<string>("Id")
-                        .HasColumnType("TEXT");
-
-                    b.Property<int>("AccessFailedCount")
-                        .HasColumnType("INTEGER");
-
-                    b.Property<string>("ConcurrencyStamp")
-                        .IsConcurrencyToken()
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Email")
-                        .HasMaxLength(256)
-                        .HasColumnType("TEXT");
-
-                    b.Property<bool>("EmailConfirmed")
-                        .HasColumnType("INTEGER");
-
-                    b.Property<bool>("LockoutEnabled")
-                        .HasColumnType("INTEGER");
-
-                    b.Property<DateTimeOffset?>("LockoutEnd")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("NormalizedEmail")
-                        .HasMaxLength(256)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("NormalizedUserName")
-                        .HasMaxLength(256)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("PasswordHash")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("PhoneNumber")
-                        .HasColumnType("TEXT");
-
-                    b.Property<bool>("PhoneNumberConfirmed")
-                        .HasColumnType("INTEGER");
-
-                    b.Property<string>("SecurityStamp")
-                        .HasColumnType("TEXT");
-
-                    b.Property<bool>("TwoFactorEnabled")
-                        .HasColumnType("INTEGER");
-
-                    b.Property<string>("UserName")
-                        .HasMaxLength(256)
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("NormalizedEmail")
-                        .HasDatabaseName("EmailIndex");
-
-                    b.HasIndex("NormalizedUserName")
-                        .IsUnique()
-                        .HasDatabaseName("UserNameIndex");
-
-                    b.ToTable("AspNetUsers", (string)null);
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
-                {
-                    b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
-                        .WithMany()
-                        .HasForeignKey("RoleId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
-                {
-                    b.HasOne("OpeniddictServer.Data.ApplicationUser", null)
-                        .WithMany()
-                        .HasForeignKey("UserId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
-                {
-                    b.HasOne("OpeniddictServer.Data.ApplicationUser", null)
-                        .WithMany()
-                        .HasForeignKey("UserId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
-                {
-                    b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
-                        .WithMany()
-                        .HasForeignKey("RoleId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-
-                    b.HasOne("OpeniddictServer.Data.ApplicationUser", null)
-                        .WithMany()
-                        .HasForeignKey("UserId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
-                {
-                    b.HasOne("OpeniddictServer.Data.ApplicationUser", null)
-                        .WithMany()
-                        .HasForeignKey("UserId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreAuthorization", b =>
-                {
-                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreApplication", "Application")
-                        .WithMany("Authorizations")
-                        .HasForeignKey("ApplicationId");
-
-                    b.Navigation("Application");
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreToken", b =>
-                {
-                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreApplication", "Application")
-                        .WithMany("Tokens")
-                        .HasForeignKey("ApplicationId");
-
-                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreAuthorization", "Authorization")
-                        .WithMany("Tokens")
-                        .HasForeignKey("AuthorizationId");
-
-                    b.Navigation("Application");
-
-                    b.Navigation("Authorization");
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreApplication", b =>
-                {
-                    b.Navigation("Authorizations");
-
-                    b.Navigation("Tokens");
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreAuthorization", b =>
-                {
-                    b.Navigation("Tokens");
-                });
-#pragma warning restore 612, 618
-        }
-    }
-}
diff --git a/MultiIdentityProvider/IdentityProvider/Migrations/20240404095401_oidc-update.cs b/MultiIdentityProvider/IdentityProvider/Migrations/20240404095401_oidc-update.cs
deleted file mode 100644
index 22ed3ef..0000000
--- a/MultiIdentityProvider/IdentityProvider/Migrations/20240404095401_oidc-update.cs
+++ /dev/null
@@ -1,59 +0,0 @@
-using Microsoft.EntityFrameworkCore.Migrations;
-
-#nullable disable
-
-namespace IdentityProvider.Migrations
-{
-    /// <inheritdoc />
-    public partial class oidcupdate : Migration
-    {
-        /// <inheritdoc />
-        protected override void Up(MigrationBuilder migrationBuilder)
-        {
-            migrationBuilder.RenameColumn(
-                name: "Type",
-                table: "OpenIddictApplications",
-                newName: "ClientType");
-
-            migrationBuilder.AddColumn<string>(
-                name: "ApplicationType",
-                table: "OpenIddictApplications",
-                type: "TEXT",
-                maxLength: 50,
-                nullable: true);
-
-            migrationBuilder.AddColumn<string>(
-                name: "JsonWebKeySet",
-                table: "OpenIddictApplications",
-                type: "TEXT",
-                nullable: true);
-
-            migrationBuilder.AddColumn<string>(
-                name: "Settings",
-                table: "OpenIddictApplications",
-                type: "TEXT",
-                nullable: true);
-        }
-
-        /// <inheritdoc />
-        protected override void Down(MigrationBuilder migrationBuilder)
-        {
-            migrationBuilder.DropColumn(
-                name: "ApplicationType",
-                table: "OpenIddictApplications");
-
-            migrationBuilder.DropColumn(
-                name: "JsonWebKeySet",
-                table: "OpenIddictApplications");
-
-            migrationBuilder.DropColumn(
-                name: "Settings",
-                table: "OpenIddictApplications");
-
-            migrationBuilder.RenameColumn(
-                name: "ClientType",
-                table: "OpenIddictApplications",
-                newName: "Type");
-        }
-    }
-}
diff --git a/MultiIdentityProvider/IdentityProvider/Migrations/20240404095401_oidc-update.Designer.cs b/MultiIdentityProvider/IdentityProvider/Migrations/20260224203342_InitSts.Designer.cs
similarity index 85%
rename from MultiIdentityProvider/IdentityProvider/Migrations/20240404095401_oidc-update.Designer.cs
rename to MultiIdentityProvider/IdentityProvider/Migrations/20260224203342_InitSts.Designer.cs
index 289a4a5..b5eae2d 100644
--- a/MultiIdentityProvider/IdentityProvider/Migrations/20240404095401_oidc-update.Designer.cs
+++ b/MultiIdentityProvider/IdentityProvider/Migrations/20260224203342_InitSts.Designer.cs
@@ -1,550 +1,585 @@
-// <auto-generated />
-using System;
-using Microsoft.EntityFrameworkCore;
-using Microsoft.EntityFrameworkCore.Infrastructure;
-using Microsoft.EntityFrameworkCore.Migrations;
-using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
-using OpeniddictServer.Data;
-
-#nullable disable
-
-namespace IdentityProvider.Migrations
-{
-    [DbContext(typeof(ApplicationDbContext))]
-    [Migration("20240404095401_oidc-update")]
-    partial class oidcupdate
-    {
-        /// <inheritdoc />
-        protected override void BuildTargetModel(ModelBuilder modelBuilder)
-        {
-#pragma warning disable 612, 618
-            modelBuilder.HasAnnotation("ProductVersion", "8.0.3");
-
-            modelBuilder.Entity("Fido2Identity.FidoStoredCredential", b =>
-                {
-                    b.Property<int>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("INTEGER");
-
-                    b.Property<Guid>("AaGuid")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("CredType")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("DescriptorJson")
-                        .HasColumnType("TEXT");
-
-                    b.Property<byte[]>("PublicKey")
-                        .HasColumnType("BLOB");
-
-                    b.Property<DateTime>("RegDate")
-                        .HasColumnType("TEXT");
-
-                    b.Property<uint>("SignatureCounter")
-                        .HasColumnType("INTEGER");
-
-                    b.Property<byte[]>("UserHandle")
-                        .HasColumnType("BLOB");
-
-                    b.Property<byte[]>("UserId")
-                        .HasColumnType("BLOB");
-
-                    b.Property<string>("UserName")
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("Id");
-
-                    b.ToTable("FidoStoredCredential");
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRole", b =>
-                {
-                    b.Property<string>("Id")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ConcurrencyStamp")
-                        .IsConcurrencyToken()
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Name")
-                        .HasMaxLength(256)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("NormalizedName")
-                        .HasMaxLength(256)
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("NormalizedName")
-                        .IsUnique()
-                        .HasDatabaseName("RoleNameIndex");
-
-                    b.ToTable("AspNetRoles", (string)null);
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
-                {
-                    b.Property<int>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("INTEGER");
-
-                    b.Property<string>("ClaimType")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ClaimValue")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("RoleId")
-                        .IsRequired()
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("RoleId");
-
-                    b.ToTable("AspNetRoleClaims", (string)null);
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
-                {
-                    b.Property<int>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("INTEGER");
-
-                    b.Property<string>("ClaimType")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ClaimValue")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("UserId")
-                        .IsRequired()
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("UserId");
-
-                    b.ToTable("AspNetUserClaims", (string)null);
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
-                {
-                    b.Property<string>("LoginProvider")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ProviderKey")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ProviderDisplayName")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("UserId")
-                        .IsRequired()
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("LoginProvider", "ProviderKey");
-
-                    b.HasIndex("UserId");
-
-                    b.ToTable("AspNetUserLogins", (string)null);
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
-                {
-                    b.Property<string>("UserId")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("RoleId")
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("UserId", "RoleId");
-
-                    b.HasIndex("RoleId");
-
-                    b.ToTable("AspNetUserRoles", (string)null);
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
-                {
-                    b.Property<string>("UserId")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("LoginProvider")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Name")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Value")
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("UserId", "LoginProvider", "Name");
-
-                    b.ToTable("AspNetUserTokens", (string)null);
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreApplication", b =>
-                {
-                    b.Property<string>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ApplicationType")
-                        .HasMaxLength(50)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ClientId")
-                        .HasMaxLength(100)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ClientSecret")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ClientType")
-                        .HasMaxLength(50)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ConcurrencyToken")
-                        .IsConcurrencyToken()
-                        .HasMaxLength(50)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ConsentType")
-                        .HasMaxLength(50)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("DisplayName")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("DisplayNames")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("JsonWebKeySet")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Permissions")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("PostLogoutRedirectUris")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Properties")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("RedirectUris")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Requirements")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Settings")
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("ClientId")
-                        .IsUnique();
-
-                    b.ToTable("OpenIddictApplications", (string)null);
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreAuthorization", b =>
-                {
-                    b.Property<string>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ApplicationId")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ConcurrencyToken")
-                        .IsConcurrencyToken()
-                        .HasMaxLength(50)
-                        .HasColumnType("TEXT");
-
-                    b.Property<DateTime?>("CreationDate")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Properties")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Scopes")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Status")
-                        .HasMaxLength(50)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Subject")
-                        .HasMaxLength(400)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Type")
-                        .HasMaxLength(50)
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("ApplicationId", "Status", "Subject", "Type");
-
-                    b.ToTable("OpenIddictAuthorizations", (string)null);
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreScope", b =>
-                {
-                    b.Property<string>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ConcurrencyToken")
-                        .IsConcurrencyToken()
-                        .HasMaxLength(50)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Description")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Descriptions")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("DisplayName")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("DisplayNames")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Name")
-                        .HasMaxLength(200)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Properties")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Resources")
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("Name")
-                        .IsUnique();
-
-                    b.ToTable("OpenIddictScopes", (string)null);
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreToken", b =>
-                {
-                    b.Property<string>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ApplicationId")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("AuthorizationId")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ConcurrencyToken")
-                        .IsConcurrencyToken()
-                        .HasMaxLength(50)
-                        .HasColumnType("TEXT");
-
-                    b.Property<DateTime?>("CreationDate")
-                        .HasColumnType("TEXT");
-
-                    b.Property<DateTime?>("ExpirationDate")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Payload")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Properties")
-                        .HasColumnType("TEXT");
-
-                    b.Property<DateTime?>("RedemptionDate")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("ReferenceId")
-                        .HasMaxLength(100)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Status")
-                        .HasMaxLength(50)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Subject")
-                        .HasMaxLength(400)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Type")
-                        .HasMaxLength(50)
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("AuthorizationId");
-
-                    b.HasIndex("ReferenceId")
-                        .IsUnique();
-
-                    b.HasIndex("ApplicationId", "Status", "Subject", "Type");
-
-                    b.ToTable("OpenIddictTokens", (string)null);
-                });
-
-            modelBuilder.Entity("OpeniddictServer.Data.ApplicationUser", b =>
-                {
-                    b.Property<string>("Id")
-                        .HasColumnType("TEXT");
-
-                    b.Property<int>("AccessFailedCount")
-                        .HasColumnType("INTEGER");
-
-                    b.Property<string>("ConcurrencyStamp")
-                        .IsConcurrencyToken()
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Email")
-                        .HasMaxLength(256)
-                        .HasColumnType("TEXT");
-
-                    b.Property<bool>("EmailConfirmed")
-                        .HasColumnType("INTEGER");
-
-                    b.Property<bool>("LockoutEnabled")
-                        .HasColumnType("INTEGER");
-
-                    b.Property<DateTimeOffset?>("LockoutEnd")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("NormalizedEmail")
-                        .HasMaxLength(256)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("NormalizedUserName")
-                        .HasMaxLength(256)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("PasswordHash")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("PhoneNumber")
-                        .HasColumnType("TEXT");
-
-                    b.Property<bool>("PhoneNumberConfirmed")
-                        .HasColumnType("INTEGER");
-
-                    b.Property<string>("SecurityStamp")
-                        .HasColumnType("TEXT");
-
-                    b.Property<bool>("TwoFactorEnabled")
-                        .HasColumnType("INTEGER");
-
-                    b.Property<string>("UserName")
-                        .HasMaxLength(256)
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("NormalizedEmail")
-                        .HasDatabaseName("EmailIndex");
-
-                    b.HasIndex("NormalizedUserName")
-                        .IsUnique()
-                        .HasDatabaseName("UserNameIndex");
-
-                    b.ToTable("AspNetUsers", (string)null);
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
-                {
-                    b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
-                        .WithMany()
-                        .HasForeignKey("RoleId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
-                {
-                    b.HasOne("OpeniddictServer.Data.ApplicationUser", null)
-                        .WithMany()
-                        .HasForeignKey("UserId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
-                {
-                    b.HasOne("OpeniddictServer.Data.ApplicationUser", null)
-                        .WithMany()
-                        .HasForeignKey("UserId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
-                {
-                    b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
-                        .WithMany()
-                        .HasForeignKey("RoleId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-
-                    b.HasOne("OpeniddictServer.Data.ApplicationUser", null)
-                        .WithMany()
-                        .HasForeignKey("UserId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-                });
-
-            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
-                {
-                    b.HasOne("OpeniddictServer.Data.ApplicationUser", null)
-                        .WithMany()
-                        .HasForeignKey("UserId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreAuthorization", b =>
-                {
-                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreApplication", "Application")
-                        .WithMany("Authorizations")
-                        .HasForeignKey("ApplicationId");
-
-                    b.Navigation("Application");
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreToken", b =>
-                {
-                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreApplication", "Application")
-                        .WithMany("Tokens")
-                        .HasForeignKey("ApplicationId");
-
-                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreAuthorization", "Authorization")
-                        .WithMany("Tokens")
-                        .HasForeignKey("AuthorizationId");
-
-                    b.Navigation("Application");
-
-                    b.Navigation("Authorization");
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreApplication", b =>
-                {
-                    b.Navigation("Authorizations");
-
-                    b.Navigation("Tokens");
-                });
-
-            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreAuthorization", b =>
-                {
-                    b.Navigation("Tokens");
-                });
-#pragma warning restore 612, 618
-        }
-    }
-}
+// <auto-generated />
+using System;
+using IdentityProvider.Data;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Migrations;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+
+#nullable disable
+
+namespace IdentityProvider.Migrations
+{
+    [DbContext(typeof(ApplicationDbContext))]
+    [Migration("20260224203342_InitSts")]
+    partial class InitSts
+    {
+        /// <inheritdoc />
+        protected override void BuildTargetModel(ModelBuilder modelBuilder)
+        {
+#pragma warning disable 612, 618
+            modelBuilder.HasAnnotation("ProductVersion", "10.0.3");
+
+            modelBuilder.Entity("IdentityProvider.Data.ApplicationUser", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("TEXT");
+
+                    b.Property<int>("AccessFailedCount")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .IsConcurrencyToken()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Email")
+                        .HasMaxLength(256)
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("EmailConfirmed")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<bool>("LockoutEnabled")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<DateTimeOffset?>("LockoutEnd")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("NormalizedEmail")
+                        .HasMaxLength(256)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("NormalizedUserName")
+                        .HasMaxLength(256)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("PasswordHash")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("PhoneNumber")
+                        .HasMaxLength(256)
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("PhoneNumberConfirmed")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("SecurityStamp")
+                        .HasColumnType("TEXT");
+
+                    b.Property<bool>("TwoFactorEnabled")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("UserName")
+                        .HasMaxLength(256)
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("NormalizedEmail")
+                        .HasDatabaseName("EmailIndex");
+
+                    b.HasIndex("NormalizedUserName")
+                        .IsUnique()
+                        .HasDatabaseName("UserNameIndex");
+
+                    b.ToTable("AspNetUsers", (string)null);
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRole", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ConcurrencyStamp")
+                        .IsConcurrencyToken()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Name")
+                        .HasMaxLength(256)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("NormalizedName")
+                        .HasMaxLength(256)
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("NormalizedName")
+                        .IsUnique()
+                        .HasDatabaseName("RoleNameIndex");
+
+                    b.ToTable("AspNetRoles", (string)null);
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("ClaimType")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ClaimValue")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("RoleId")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("RoleId");
+
+                    b.ToTable("AspNetRoleClaims", (string)null);
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("INTEGER");
+
+                    b.Property<string>("ClaimType")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ClaimValue")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("UserId")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserClaims", (string)null);
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
+                {
+                    b.Property<string>("LoginProvider")
+                        .HasMaxLength(128)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ProviderKey")
+                        .HasMaxLength(128)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ProviderDisplayName")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("UserId")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("LoginProvider", "ProviderKey");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserLogins", (string)null);
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserPasskey<string>", b =>
+                {
+                    b.Property<byte[]>("CredentialId")
+                        .HasMaxLength(1024)
+                        .HasColumnType("BLOB");
+
+                    b.Property<string>("UserId")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("CredentialId");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserPasskeys", (string)null);
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
+                {
+                    b.Property<string>("UserId")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("RoleId")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("UserId", "RoleId");
+
+                    b.HasIndex("RoleId");
+
+                    b.ToTable("AspNetUserRoles", (string)null);
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
+                {
+                    b.Property<string>("UserId")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("LoginProvider")
+                        .HasMaxLength(128)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Name")
+                        .HasMaxLength(128)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Value")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("UserId", "LoginProvider", "Name");
+
+                    b.ToTable("AspNetUserTokens", (string)null);
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreApplication", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ApplicationType")
+                        .HasMaxLength(50)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ClientId")
+                        .HasMaxLength(100)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ClientSecret")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ClientType")
+                        .HasMaxLength(50)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasMaxLength(50)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ConsentType")
+                        .HasMaxLength(50)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("DisplayName")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("DisplayNames")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("JsonWebKeySet")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Permissions")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("PostLogoutRedirectUris")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("RedirectUris")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Requirements")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Settings")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("ClientId")
+                        .IsUnique();
+
+                    b.ToTable("OpenIddictApplications", (string)null);
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreAuthorization", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ApplicationId")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasMaxLength(50)
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime?>("CreationDate")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Scopes")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Status")
+                        .HasMaxLength(50)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Subject")
+                        .HasMaxLength(400)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Type")
+                        .HasMaxLength(50)
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("ApplicationId", "Status", "Subject", "Type");
+
+                    b.ToTable("OpenIddictAuthorizations", (string)null);
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreScope", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasMaxLength(50)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Description")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Descriptions")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("DisplayName")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("DisplayNames")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Name")
+                        .HasMaxLength(200)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Resources")
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("Name")
+                        .IsUnique();
+
+                    b.ToTable("OpenIddictScopes", (string)null);
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreToken", b =>
+                {
+                    b.Property<string>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ApplicationId")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("AuthorizationId")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ConcurrencyToken")
+                        .IsConcurrencyToken()
+                        .HasMaxLength(50)
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime?>("CreationDate")
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime?>("ExpirationDate")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Payload")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Properties")
+                        .HasColumnType("TEXT");
+
+                    b.Property<DateTime?>("RedemptionDate")
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("ReferenceId")
+                        .HasMaxLength(100)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Status")
+                        .HasMaxLength(50)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Subject")
+                        .HasMaxLength(400)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("Type")
+                        .HasMaxLength(150)
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("AuthorizationId");
+
+                    b.HasIndex("ReferenceId")
+                        .IsUnique();
+
+                    b.HasIndex("ApplicationId", "Status", "Subject", "Type");
+
+                    b.ToTable("OpenIddictTokens", (string)null);
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
+                {
+                    b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
+                        .WithMany()
+                        .HasForeignKey("RoleId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
+                {
+                    b.HasOne("IdentityProvider.Data.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
+                {
+                    b.HasOne("IdentityProvider.Data.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserPasskey<string>", b =>
+                {
+                    b.HasOne("IdentityProvider.Data.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.OwnsOne("Microsoft.AspNetCore.Identity.IdentityPasskeyData", "Data", b1 =>
+                        {
+                            b1.Property<byte[]>("IdentityUserPasskeyCredentialId");
+
+                            b1.Property<byte[]>("AttestationObject")
+                                .IsRequired();
+
+                            b1.Property<byte[]>("ClientDataJson")
+                                .IsRequired();
+
+                            b1.Property<DateTimeOffset>("CreatedAt");
+
+                            b1.Property<bool>("IsBackedUp");
+
+                            b1.Property<bool>("IsBackupEligible");
+
+                            b1.Property<bool>("IsUserVerified");
+
+                            b1.Property<string>("Name");
+
+                            b1.Property<byte[]>("PublicKey")
+                                .IsRequired();
+
+                            b1.Property<uint>("SignCount");
+
+                            b1.PrimitiveCollection<string>("Transports");
+
+                            b1.HasKey("IdentityUserPasskeyCredentialId");
+
+                            b1.ToTable("AspNetUserPasskeys");
+
+                            b1
+                                .ToJson("Data")
+                                .HasColumnType("TEXT");
+
+                            b1.WithOwner()
+                                .HasForeignKey("IdentityUserPasskeyCredentialId");
+                        });
+
+                    b.Navigation("Data")
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
+                {
+                    b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
+                        .WithMany()
+                        .HasForeignKey("RoleId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("IdentityProvider.Data.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
+                {
+                    b.HasOne("IdentityProvider.Data.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreAuthorization", b =>
+                {
+                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreApplication", "Application")
+                        .WithMany("Authorizations")
+                        .HasForeignKey("ApplicationId");
+
+                    b.Navigation("Application");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreToken", b =>
+                {
+                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreApplication", "Application")
+                        .WithMany("Tokens")
+                        .HasForeignKey("ApplicationId");
+
+                    b.HasOne("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreAuthorization", "Authorization")
+                        .WithMany("Tokens")
+                        .HasForeignKey("AuthorizationId");
+
+                    b.Navigation("Application");
+
+                    b.Navigation("Authorization");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreApplication", b =>
+                {
+                    b.Navigation("Authorizations");
+
+                    b.Navigation("Tokens");
+                });
+
+            modelBuilder.Entity("OpenIddict.EntityFrameworkCore.Models.OpenIddictEntityFrameworkCoreAuthorization", b =>
+                {
+                    b.Navigation("Tokens");
+                });
+#pragma warning restore 612, 618
+        }
+    }
+}
diff --git a/MultiIdentityProvider/IdentityProvider/Migrations/20220827060047_add-fido2.cs b/MultiIdentityProvider/IdentityProvider/Migrations/20260224203342_InitSts.cs
similarity index 90%
rename from MultiIdentityProvider/IdentityProvider/Migrations/20220827060047_add-fido2.cs
rename to MultiIdentityProvider/IdentityProvider/Migrations/20260224203342_InitSts.cs
index 9fe228d..1a1926f 100644
--- a/MultiIdentityProvider/IdentityProvider/Migrations/20220827060047_add-fido2.cs
+++ b/MultiIdentityProvider/IdentityProvider/Migrations/20260224203342_InitSts.cs
@@ -1,11 +1,14 @@
-using Microsoft.EntityFrameworkCore.Migrations;
+using System;
+using Microsoft.EntityFrameworkCore.Migrations;
 
 #nullable disable
 
 namespace IdentityProvider.Migrations
 {
-    public partial class addfido2 : Migration
+    /// <inheritdoc />
+    public partial class InitSts : Migration
     {
+        /// <inheritdoc />
         protected override void Up(MigrationBuilder migrationBuilder)
         {
             migrationBuilder.CreateTable(
@@ -35,7 +38,7 @@ protected override void Up(MigrationBuilder migrationBuilder)
                     PasswordHash = table.Column<string>(type: "TEXT", nullable: true),
                     SecurityStamp = table.Column<string>(type: "TEXT", nullable: true),
                     ConcurrencyStamp = table.Column<string>(type: "TEXT", nullable: true),
-                    PhoneNumber = table.Column<string>(type: "TEXT", nullable: true),
+                    PhoneNumber = table.Column<string>(type: "TEXT", maxLength: 256, nullable: true),
                     PhoneNumberConfirmed = table.Column<bool>(type: "INTEGER", nullable: false),
                     TwoFactorEnabled = table.Column<bool>(type: "INTEGER", nullable: false),
                     LockoutEnd = table.Column<DateTimeOffset>(type: "TEXT", nullable: true),
@@ -47,44 +50,26 @@ protected override void Up(MigrationBuilder migrationBuilder)
                     table.PrimaryKey("PK_AspNetUsers", x => x.Id);
                 });
 
-            migrationBuilder.CreateTable(
-                name: "FidoStoredCredential",
-                columns: table => new
-                {
-                    Id = table.Column<int>(type: "INTEGER", nullable: false)
-                        .Annotation("Sqlite:Autoincrement", true),
-                    UserName = table.Column<string>(type: "TEXT", nullable: true),
-                    UserId = table.Column<byte[]>(type: "BLOB", nullable: true),
-                    PublicKey = table.Column<byte[]>(type: "BLOB", nullable: true),
-                    UserHandle = table.Column<byte[]>(type: "BLOB", nullable: true),
-                    SignatureCounter = table.Column<uint>(type: "INTEGER", nullable: false),
-                    CredType = table.Column<string>(type: "TEXT", nullable: true),
-                    RegDate = table.Column<DateTime>(type: "TEXT", nullable: false),
-                    AaGuid = table.Column<Guid>(type: "TEXT", nullable: false),
-                    DescriptorJson = table.Column<string>(type: "TEXT", nullable: true)
-                },
-                constraints: table =>
-                {
-                    table.PrimaryKey("PK_FidoStoredCredential", x => x.Id);
-                });
-
             migrationBuilder.CreateTable(
                 name: "OpenIddictApplications",
                 columns: table => new
                 {
                     Id = table.Column<string>(type: "TEXT", nullable: false),
+                    ApplicationType = table.Column<string>(type: "TEXT", maxLength: 50, nullable: true),
                     ClientId = table.Column<string>(type: "TEXT", maxLength: 100, nullable: true),
                     ClientSecret = table.Column<string>(type: "TEXT", nullable: true),
+                    ClientType = table.Column<string>(type: "TEXT", maxLength: 50, nullable: true),
                     ConcurrencyToken = table.Column<string>(type: "TEXT", maxLength: 50, nullable: true),
                     ConsentType = table.Column<string>(type: "TEXT", maxLength: 50, nullable: true),
                     DisplayName = table.Column<string>(type: "TEXT", nullable: true),
                     DisplayNames = table.Column<string>(type: "TEXT", nullable: true),
+                    JsonWebKeySet = table.Column<string>(type: "TEXT", nullable: true),
                     Permissions = table.Column<string>(type: "TEXT", nullable: true),
                     PostLogoutRedirectUris = table.Column<string>(type: "TEXT", nullable: true),
                     Properties = table.Column<string>(type: "TEXT", nullable: true),
                     RedirectUris = table.Column<string>(type: "TEXT", nullable: true),
                     Requirements = table.Column<string>(type: "TEXT", nullable: true),
-                    Type = table.Column<string>(type: "TEXT", maxLength: 50, nullable: true)
+                    Settings = table.Column<string>(type: "TEXT", nullable: true)
                 },
                 constraints: table =>
                 {
@@ -156,8 +141,8 @@ protected override void Up(MigrationBuilder migrationBuilder)
                 name: "AspNetUserLogins",
                 columns: table => new
                 {
-                    LoginProvider = table.Column<string>(type: "TEXT", nullable: false),
-                    ProviderKey = table.Column<string>(type: "TEXT", nullable: false),
+                    LoginProvider = table.Column<string>(type: "TEXT", maxLength: 128, nullable: false),
+                    ProviderKey = table.Column<string>(type: "TEXT", maxLength: 128, nullable: false),
                     ProviderDisplayName = table.Column<string>(type: "TEXT", nullable: true),
                     UserId = table.Column<string>(type: "TEXT", nullable: false)
                 },
@@ -172,6 +157,25 @@ protected override void Up(MigrationBuilder migrationBuilder)
                         onDelete: ReferentialAction.Cascade);
                 });
 
+            migrationBuilder.CreateTable(
+                name: "AspNetUserPasskeys",
+                columns: table => new
+                {
+                    CredentialId = table.Column<byte[]>(type: "BLOB", maxLength: 1024, nullable: false),
+                    UserId = table.Column<string>(type: "TEXT", nullable: false),
+                    Data = table.Column<string>(type: "TEXT", nullable: false)
+                },
+                constraints: table =>
+                {
+                    table.PrimaryKey("PK_AspNetUserPasskeys", x => x.CredentialId);
+                    table.ForeignKey(
+                        name: "FK_AspNetUserPasskeys_AspNetUsers_UserId",
+                        column: x => x.UserId,
+                        principalTable: "AspNetUsers",
+                        principalColumn: "Id",
+                        onDelete: ReferentialAction.Cascade);
+                });
+
             migrationBuilder.CreateTable(
                 name: "AspNetUserRoles",
                 columns: table => new
@@ -201,8 +205,8 @@ protected override void Up(MigrationBuilder migrationBuilder)
                 columns: table => new
                 {
                     UserId = table.Column<string>(type: "TEXT", nullable: false),
-                    LoginProvider = table.Column<string>(type: "TEXT", nullable: false),
-                    Name = table.Column<string>(type: "TEXT", nullable: false),
+                    LoginProvider = table.Column<string>(type: "TEXT", maxLength: 128, nullable: false),
+                    Name = table.Column<string>(type: "TEXT", maxLength: 128, nullable: false),
                     Value = table.Column<string>(type: "TEXT", nullable: true)
                 },
                 constraints: table =>
@@ -256,7 +260,7 @@ protected override void Up(MigrationBuilder migrationBuilder)
                     ReferenceId = table.Column<string>(type: "TEXT", maxLength: 100, nullable: true),
                     Status = table.Column<string>(type: "TEXT", maxLength: 50, nullable: true),
                     Subject = table.Column<string>(type: "TEXT", maxLength: 400, nullable: true),
-                    Type = table.Column<string>(type: "TEXT", maxLength: 50, nullable: true)
+                    Type = table.Column<string>(type: "TEXT", maxLength: 150, nullable: true)
                 },
                 constraints: table =>
                 {
@@ -294,6 +298,11 @@ protected override void Up(MigrationBuilder migrationBuilder)
                 table: "AspNetUserLogins",
                 column: "UserId");
 
+            migrationBuilder.CreateIndex(
+                name: "IX_AspNetUserPasskeys_UserId",
+                table: "AspNetUserPasskeys",
+                column: "UserId");
+
             migrationBuilder.CreateIndex(
                 name: "IX_AspNetUserRoles_RoleId",
                 table: "AspNetUserRoles",
@@ -344,6 +353,7 @@ protected override void Up(MigrationBuilder migrationBuilder)
                 unique: true);
         }
 
+        /// <inheritdoc />
         protected override void Down(MigrationBuilder migrationBuilder)
         {
             migrationBuilder.DropTable(
@@ -356,13 +366,13 @@ protected override void Down(MigrationBuilder migrationBuilder)
                 name: "AspNetUserLogins");
 
             migrationBuilder.DropTable(
-                name: "AspNetUserRoles");
+                name: "AspNetUserPasskeys");
 
             migrationBuilder.DropTable(
-                name: "AspNetUserTokens");
+                name: "AspNetUserRoles");
 
             migrationBuilder.DropTable(
-                name: "FidoStoredCredential");
+                name: "AspNetUserTokens");
 
             migrationBuilder.DropTable(
                 name: "OpenIddictScopes");
diff --git a/MultiIdentityProvider/IdentityProvider/Migrations/ApplicationDbContextModelSnapshot.cs b/MultiIdentityProvider/IdentityProvider/Migrations/ApplicationDbContextModelSnapshot.cs
index cd68f30..f773f5b 100644
--- a/MultiIdentityProvider/IdentityProvider/Migrations/ApplicationDbContextModelSnapshot.cs
+++ b/MultiIdentityProvider/IdentityProvider/Migrations/ApplicationDbContextModelSnapshot.cs
@@ -1,9 +1,9 @@
 // <auto-generated />
 using System;
+using IdentityProvider.Data;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore.Infrastructure;
 using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
-using OpeniddictServer.Data;
 
 #nullable disable
 
@@ -15,44 +15,71 @@ partial class ApplicationDbContextModelSnapshot : ModelSnapshot
         protected override void BuildModel(ModelBuilder modelBuilder)
         {
 #pragma warning disable 612, 618
-            modelBuilder.HasAnnotation("ProductVersion", "8.0.3");
+            modelBuilder.HasAnnotation("ProductVersion", "10.0.3");
 
-            modelBuilder.Entity("Fido2Identity.FidoStoredCredential", b =>
+            modelBuilder.Entity("IdentityProvider.Data.ApplicationUser", b =>
                 {
-                    b.Property<int>("Id")
-                        .ValueGeneratedOnAdd()
+                    b.Property<string>("Id")
+                        .HasColumnType("TEXT");
+
+                    b.Property<int>("AccessFailedCount")
                         .HasColumnType("INTEGER");
 
-                    b.Property<Guid>("AaGuid")
+                    b.Property<string>("ConcurrencyStamp")
+                        .IsConcurrencyToken()
                         .HasColumnType("TEXT");
 
-                    b.Property<string>("CredType")
+                    b.Property<string>("Email")
+                        .HasMaxLength(256)
                         .HasColumnType("TEXT");
 
-                    b.Property<string>("DescriptorJson")
+                    b.Property<bool>("EmailConfirmed")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<bool>("LockoutEnabled")
+                        .HasColumnType("INTEGER");
+
+                    b.Property<DateTimeOffset?>("LockoutEnd")
                         .HasColumnType("TEXT");
 
-                    b.Property<byte[]>("PublicKey")
-                        .HasColumnType("BLOB");
+                    b.Property<string>("NormalizedEmail")
+                        .HasMaxLength(256)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("NormalizedUserName")
+                        .HasMaxLength(256)
+                        .HasColumnType("TEXT");
+
+                    b.Property<string>("PasswordHash")
+                        .HasColumnType("TEXT");
 
-                    b.Property<DateTime>("RegDate")
+                    b.Property<string>("PhoneNumber")
+                        .HasMaxLength(256)
                         .HasColumnType("TEXT");
 
-                    b.Property<uint>("SignatureCounter")
+                    b.Property<bool>("PhoneNumberConfirmed")
                         .HasColumnType("INTEGER");
 
-                    b.Property<byte[]>("UserHandle")
-                        .HasColumnType("BLOB");
+                    b.Property<string>("SecurityStamp")
+                        .HasColumnType("TEXT");
 
-                    b.Property<byte[]>("UserId")
-                        .HasColumnType("BLOB");
+                    b.Property<bool>("TwoFactorEnabled")
+                        .HasColumnType("INTEGER");
 
                     b.Property<string>("UserName")
+                        .HasMaxLength(256)
                         .HasColumnType("TEXT");
 
                     b.HasKey("Id");
 
-                    b.ToTable("FidoStoredCredential");
+                    b.HasIndex("NormalizedEmail")
+                        .HasDatabaseName("EmailIndex");
+
+                    b.HasIndex("NormalizedUserName")
+                        .IsUnique()
+                        .HasDatabaseName("UserNameIndex");
+
+                    b.ToTable("AspNetUsers", (string)null);
                 });
 
             modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRole", b =>
@@ -130,9 +157,11 @@ protected override void BuildModel(ModelBuilder modelBuilder)
             modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
                 {
                     b.Property<string>("LoginProvider")
+                        .HasMaxLength(128)
                         .HasColumnType("TEXT");
 
                     b.Property<string>("ProviderKey")
+                        .HasMaxLength(128)
                         .HasColumnType("TEXT");
 
                     b.Property<string>("ProviderDisplayName")
@@ -149,6 +178,23 @@ protected override void BuildModel(ModelBuilder modelBuilder)
                     b.ToTable("AspNetUserLogins", (string)null);
                 });
 
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserPasskey<string>", b =>
+                {
+                    b.Property<byte[]>("CredentialId")
+                        .HasMaxLength(1024)
+                        .HasColumnType("BLOB");
+
+                    b.Property<string>("UserId")
+                        .IsRequired()
+                        .HasColumnType("TEXT");
+
+                    b.HasKey("CredentialId");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("AspNetUserPasskeys", (string)null);
+                });
+
             modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
                 {
                     b.Property<string>("UserId")
@@ -170,9 +216,11 @@ protected override void BuildModel(ModelBuilder modelBuilder)
                         .HasColumnType("TEXT");
 
                     b.Property<string>("LoginProvider")
+                        .HasMaxLength(128)
                         .HasColumnType("TEXT");
 
                     b.Property<string>("Name")
+                        .HasMaxLength(128)
                         .HasColumnType("TEXT");
 
                     b.Property<string>("Value")
@@ -376,7 +424,7 @@ protected override void BuildModel(ModelBuilder modelBuilder)
                         .HasColumnType("TEXT");
 
                     b.Property<string>("Type")
-                        .HasMaxLength(50)
+                        .HasMaxLength(150)
                         .HasColumnType("TEXT");
 
                     b.HasKey("Id");
@@ -391,70 +439,6 @@ protected override void BuildModel(ModelBuilder modelBuilder)
                     b.ToTable("OpenIddictTokens", (string)null);
                 });
 
-            modelBuilder.Entity("OpeniddictServer.Data.ApplicationUser", b =>
-                {
-                    b.Property<string>("Id")
-                        .HasColumnType("TEXT");
-
-                    b.Property<int>("AccessFailedCount")
-                        .HasColumnType("INTEGER");
-
-                    b.Property<string>("ConcurrencyStamp")
-                        .IsConcurrencyToken()
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("Email")
-                        .HasMaxLength(256)
-                        .HasColumnType("TEXT");
-
-                    b.Property<bool>("EmailConfirmed")
-                        .HasColumnType("INTEGER");
-
-                    b.Property<bool>("LockoutEnabled")
-                        .HasColumnType("INTEGER");
-
-                    b.Property<DateTimeOffset?>("LockoutEnd")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("NormalizedEmail")
-                        .HasMaxLength(256)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("NormalizedUserName")
-                        .HasMaxLength(256)
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("PasswordHash")
-                        .HasColumnType("TEXT");
-
-                    b.Property<string>("PhoneNumber")
-                        .HasColumnType("TEXT");
-
-                    b.Property<bool>("PhoneNumberConfirmed")
-                        .HasColumnType("INTEGER");
-
-                    b.Property<string>("SecurityStamp")
-                        .HasColumnType("TEXT");
-
-                    b.Property<bool>("TwoFactorEnabled")
-                        .HasColumnType("INTEGER");
-
-                    b.Property<string>("UserName")
-                        .HasMaxLength(256)
-                        .HasColumnType("TEXT");
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("NormalizedEmail")
-                        .HasDatabaseName("EmailIndex");
-
-                    b.HasIndex("NormalizedUserName")
-                        .IsUnique()
-                        .HasDatabaseName("UserNameIndex");
-
-                    b.ToTable("AspNetUsers", (string)null);
-                });
-
             modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityRoleClaim<string>", b =>
                 {
                     b.HasOne("Microsoft.AspNetCore.Identity.IdentityRole", null)
@@ -466,7 +450,7 @@ protected override void BuildModel(ModelBuilder modelBuilder)
 
             modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserClaim<string>", b =>
                 {
-                    b.HasOne("OpeniddictServer.Data.ApplicationUser", null)
+                    b.HasOne("IdentityProvider.Data.ApplicationUser", null)
                         .WithMany()
                         .HasForeignKey("UserId")
                         .OnDelete(DeleteBehavior.Cascade)
@@ -475,11 +459,62 @@ protected override void BuildModel(ModelBuilder modelBuilder)
 
             modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserLogin<string>", b =>
                 {
-                    b.HasOne("OpeniddictServer.Data.ApplicationUser", null)
+                    b.HasOne("IdentityProvider.Data.ApplicationUser", null)
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserPasskey<string>", b =>
+                {
+                    b.HasOne("IdentityProvider.Data.ApplicationUser", null)
                         .WithMany()
                         .HasForeignKey("UserId")
                         .OnDelete(DeleteBehavior.Cascade)
                         .IsRequired();
+
+                    b.OwnsOne("Microsoft.AspNetCore.Identity.IdentityPasskeyData", "Data", b1 =>
+                        {
+                            b1.Property<byte[]>("IdentityUserPasskeyCredentialId");
+
+                            b1.Property<byte[]>("AttestationObject")
+                                .IsRequired();
+
+                            b1.Property<byte[]>("ClientDataJson")
+                                .IsRequired();
+
+                            b1.Property<DateTimeOffset>("CreatedAt");
+
+                            b1.Property<bool>("IsBackedUp");
+
+                            b1.Property<bool>("IsBackupEligible");
+
+                            b1.Property<bool>("IsUserVerified");
+
+                            b1.Property<string>("Name");
+
+                            b1.Property<byte[]>("PublicKey")
+                                .IsRequired();
+
+                            b1.Property<uint>("SignCount");
+
+                            b1.PrimitiveCollection<string>("Transports");
+
+                            b1.HasKey("IdentityUserPasskeyCredentialId");
+
+                            b1.ToTable("AspNetUserPasskeys");
+
+                            b1
+                                .ToJson("Data")
+                                .HasColumnType("TEXT");
+
+                            b1.WithOwner()
+                                .HasForeignKey("IdentityUserPasskeyCredentialId");
+                        });
+
+                    b.Navigation("Data")
+                        .IsRequired();
                 });
 
             modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserRole<string>", b =>
@@ -490,7 +525,7 @@ protected override void BuildModel(ModelBuilder modelBuilder)
                         .OnDelete(DeleteBehavior.Cascade)
                         .IsRequired();
 
-                    b.HasOne("OpeniddictServer.Data.ApplicationUser", null)
+                    b.HasOne("IdentityProvider.Data.ApplicationUser", null)
                         .WithMany()
                         .HasForeignKey("UserId")
                         .OnDelete(DeleteBehavior.Cascade)
@@ -499,7 +534,7 @@ protected override void BuildModel(ModelBuilder modelBuilder)
 
             modelBuilder.Entity("Microsoft.AspNetCore.Identity.IdentityUserToken<string>", b =>
                 {
-                    b.HasOne("OpeniddictServer.Data.ApplicationUser", null)
+                    b.HasOne("IdentityProvider.Data.ApplicationUser", null)
                         .WithMany()
                         .HasForeignKey("UserId")
                         .OnDelete(DeleteBehavior.Cascade)
diff --git a/MultiIdentityProvider/IdentityProvider/Passkeys/PasskeyEndpointRouteBuilderExtensions.cs b/MultiIdentityProvider/IdentityProvider/Passkeys/PasskeyEndpointRouteBuilderExtensions.cs
new file mode 100644
index 0000000..0ef2f55
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Passkeys/PasskeyEndpointRouteBuilderExtensions.cs
@@ -0,0 +1,57 @@
+using Microsoft.AspNetCore.Antiforgery;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using IdentityProvider.Data;
+
+namespace IdentityProvider.Passkeys;
+
+public static class PasskeyEndpointRouteBuilderExtensions
+{
+    public static IEndpointConventionBuilder MapPasskeyEndpoints(this IEndpointRouteBuilder endpoints)
+    {
+        ArgumentNullException.ThrowIfNull(endpoints);
+
+        var accountGroup = endpoints.MapGroup("/Identity/Account").ExcludeFromDescription();
+
+        accountGroup.MapPost("/PasskeyCreationOptions", async (
+            HttpContext context,
+            [FromServices] UserManager<ApplicationUser> userManager,
+            [FromServices] SignInManager<ApplicationUser> signInManager,
+            [FromServices] IAntiforgery antiforgery) =>
+        {
+            await antiforgery.ValidateRequestAsync(context);
+
+            var user = await userManager.GetUserAsync(context.User);
+            if (user is null)
+            {
+                return Results.NotFound($"Unable to load user with ID '{userManager.GetUserId(context.User)}'.");
+            }
+
+            var userId = await userManager.GetUserIdAsync(user);
+            var userName = await userManager.GetUserNameAsync(user) ?? "User";
+            var optionsJson = await signInManager.MakePasskeyCreationOptionsAsync(new()
+            {
+                Id = userId,
+                Name = userName,
+                DisplayName = userName
+            });
+            return TypedResults.Content(optionsJson, contentType: "application/json");
+        });
+
+        accountGroup.MapPost("/PasskeyRequestOptions", async (
+            HttpContext context,
+            [FromServices] UserManager<ApplicationUser> userManager,
+            [FromServices] SignInManager<ApplicationUser> signInManager,
+            [FromServices] IAntiforgery antiforgery,
+            [FromQuery] string? username) =>
+        {
+            await antiforgery.ValidateRequestAsync(context);
+
+            var user = string.IsNullOrEmpty(username) ? null : await userManager.FindByNameAsync(username);
+            var optionsJson = await signInManager.MakePasskeyRequestOptionsAsync(user);
+            return TypedResults.Content(optionsJson, contentType: "application/json");
+        });
+
+        return accountGroup;
+    }
+}
diff --git a/MultiIdentityProvider/IdentityProvider/Passkeys/PasskeyOperation.cs b/MultiIdentityProvider/IdentityProvider/Passkeys/PasskeyOperation.cs
new file mode 100644
index 0000000..8a4709f
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Passkeys/PasskeyOperation.cs
@@ -0,0 +1,7 @@
+namespace IdentityProvider.Passkeys;
+
+public enum PasskeyOperation
+{
+    Create = 0,
+    Request = 1,
+}
diff --git a/MultiIdentityProvider/IdentityProvider/Passkeys/PasskeySubmitTagHelper.cs b/MultiIdentityProvider/IdentityProvider/Passkeys/PasskeySubmitTagHelper.cs
new file mode 100644
index 0000000..b6dcee9
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/Passkeys/PasskeySubmitTagHelper.cs
@@ -0,0 +1,67 @@
+using Microsoft.AspNetCore.Antiforgery;
+using Microsoft.AspNetCore.Razor.TagHelpers;
+
+namespace IdentityProvider.Passkeys;
+
+[HtmlTargetElement("passkey-submit")]
+public class PasskeySubmitTagHelper : TagHelper
+{
+    private readonly IHttpContextAccessor _httpContextAccessor;
+
+    [HtmlAttributeName("operation")]
+    public PasskeyOperation Operation { get; set; }
+
+    [HtmlAttributeName("name")]
+    public string Name { get; set; } = null!;
+
+    [HtmlAttributeName("email-name")]
+    public string? EmailName { get; set; }
+
+    public PasskeySubmitTagHelper(IHttpContextAccessor httpContextAccessor) => _httpContextAccessor = httpContextAccessor;
+
+    public override async Task ProcessAsync(TagHelperContext context, TagHelperOutput output)
+    {
+        // Get tokens
+        var tokens = _httpContextAccessor.HttpContext?.RequestServices
+            .GetService<IAntiforgery>()?.GetTokens(_httpContextAccessor.HttpContext);
+
+        // Button is the main element we want to create, capture all attributes etc.
+        var buttonAttributes = output.Attributes.Where(it => it.Name != "operation" && it.Name != "name" && it.Name != "email-name").ToList();
+        var buttonContent = (await output.GetChildContentAsync(NullHtmlEncoder.Default))
+            .GetContent(NullHtmlEncoder.Default);
+
+        // Create the button
+        using var htmlWriter = new StringWriter();
+        htmlWriter.Write("<button type=\"submit\" name=\"__passkeySubmit\" ");
+        foreach (var buttonAttribute in buttonAttributes)
+        {
+            buttonAttribute.WriteTo(htmlWriter, NullHtmlEncoder.Default);
+            htmlWriter.Write(" ");
+        }
+        htmlWriter.Write(">");
+        if (!string.IsNullOrEmpty(buttonContent))
+        {
+            htmlWriter.Write(buttonContent);
+        }
+        htmlWriter.Write("</button>");
+        htmlWriter.WriteLine();
+
+        // Create the element
+        htmlWriter.Write("<passkey-submit ");
+        htmlWriter.Write($"operation=\"{Operation}\" ");
+        htmlWriter.Write($"name=\"{Name}\" ");
+        htmlWriter.Write($"email-name=\"{EmailName ?? ""}\" ");
+        htmlWriter.Write($"request-token-name=\"{tokens?.HeaderName ?? ""}\" ");
+        htmlWriter.Write($"request-token-value=\"{tokens?.RequestToken ?? ""}\" ");
+        htmlWriter.Write(">");
+        htmlWriter.Write("</passkey-submit>");
+
+        // Emit the element
+        output.TagName = null;
+        output.Attributes.Clear();
+        output.Content.Clear();
+        output.Content.SetHtmlContent(htmlWriter.ToString());
+
+        await base.ProcessAsync(context, output);
+    }
+}
diff --git a/MultiIdentityProvider/IdentityProvider/Program.cs b/MultiIdentityProvider/IdentityProvider/Program.cs
index 78a8c9e..3f84db2 100644
--- a/MultiIdentityProvider/IdentityProvider/Program.cs
+++ b/MultiIdentityProvider/IdentityProvider/Program.cs
@@ -1,4 +1,4 @@
-using OpeniddictServer;
+using IdentityProvider;
 using Serilog;
 
 Log.Logger = new LoggerConfiguration()
diff --git a/MultiIdentityProvider/IdentityProvider/Properties/launchSettings.json b/MultiIdentityProvider/IdentityProvider/Properties/launchSettings.json
index a67b468..f872e09 100644
--- a/MultiIdentityProvider/IdentityProvider/Properties/launchSettings.json
+++ b/MultiIdentityProvider/IdentityProvider/Properties/launchSettings.json
@@ -1,6 +1,6 @@
 {
   "profiles": {
-    "OpeniddictServer": {
+    "IdentityProvider": {
       "commandName": "Project",
       "launchBrowser": true,
       "environmentVariables": {
diff --git a/MultiIdentityProvider/IdentityProvider/ViewModels/Authorization/AuthorizeViewModel.cs b/MultiIdentityProvider/IdentityProvider/ViewModels/Authorization/AuthorizeViewModel.cs
index d8091c9..7513ed6 100644
--- a/MultiIdentityProvider/IdentityProvider/ViewModels/Authorization/AuthorizeViewModel.cs
+++ b/MultiIdentityProvider/IdentityProvider/ViewModels/Authorization/AuthorizeViewModel.cs
@@ -1,6 +1,6 @@
 using System.ComponentModel.DataAnnotations;
 
-namespace OpeniddictServer.ViewModels.Authorization;
+namespace IdentityProvider.ViewModels.Authorization;
 
 public class AuthorizeViewModel
 {
diff --git a/MultiIdentityProvider/IdentityProvider/ViewModels/Shared/ErrorViewModel.cs b/MultiIdentityProvider/IdentityProvider/ViewModels/Shared/ErrorViewModel.cs
index 953712d..2fa2df3 100644
--- a/MultiIdentityProvider/IdentityProvider/ViewModels/Shared/ErrorViewModel.cs
+++ b/MultiIdentityProvider/IdentityProvider/ViewModels/Shared/ErrorViewModel.cs
@@ -1,6 +1,6 @@
 using System.ComponentModel.DataAnnotations;
 
-namespace OpeniddictServer.ViewModels.Shared;
+namespace IdentityProvider.ViewModels.Shared;
 
 public class ErrorViewModel
 {
diff --git a/MultiIdentityProvider/IdentityProvider/Views/Authorization/Authorize.cshtml b/MultiIdentityProvider/IdentityProvider/Views/Authorization/Authorize.cshtml
index 549b9a7..5bf21d3 100644
--- a/MultiIdentityProvider/IdentityProvider/Views/Authorization/Authorize.cshtml
+++ b/MultiIdentityProvider/IdentityProvider/Views/Authorization/Authorize.cshtml
@@ -1,4 +1,9 @@
-@using Microsoft.Extensions.Primitives
+@using IdentityProvider
+@using IdentityProvider.Data
+@using IdentityProvider.Passkeys
+@using IdentityProvider.ViewModels.Authorization
+@using IdentityProvider.ViewModels.Shared
+@using Microsoft.Extensions.Primitives
 @model AuthorizeViewModel
 
 <div class="jumbotron">
@@ -17,4 +22,4 @@
         <input class="btn btn-lg btn-success" name="submit.Accept" type="submit" value="Yes" />
         <input class="btn btn-lg btn-danger" name="submit.Deny" type="submit" value="No" />
     </form>
-</div>
+</div>
\ No newline at end of file
diff --git a/MultiIdentityProvider/IdentityProvider/Views/Authorization/Logout.cshtml b/MultiIdentityProvider/IdentityProvider/Views/Authorization/Logout.cshtml
index 0f892ec..1a3f1d6 100644
--- a/MultiIdentityProvider/IdentityProvider/Views/Authorization/Logout.cshtml
+++ b/MultiIdentityProvider/IdentityProvider/Views/Authorization/Logout.cshtml
@@ -1,4 +1,9 @@
-@using Microsoft.Extensions.Primitives
+@using IdentityProvider
+@using IdentityProvider.Data
+@using IdentityProvider.Passkeys
+@using IdentityProvider.ViewModels.Authorization
+@using IdentityProvider.ViewModels.Shared
+@using Microsoft.Extensions.Primitives
 
 <div class="jumbotron">
     <h1>Log out</h1>
diff --git a/MultiIdentityProvider/IdentityProvider/Views/Shared/_Layout.cshtml b/MultiIdentityProvider/IdentityProvider/Views/Shared/_Layout.cshtml
index c67ee64..d6d4dd3 100644
--- a/MultiIdentityProvider/IdentityProvider/Views/Shared/_Layout.cshtml
+++ b/MultiIdentityProvider/IdentityProvider/Views/Shared/_Layout.cshtml
@@ -3,18 +3,17 @@
 <head>
     <meta charset="utf-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <title>@ViewData["Title"] - IdentityProvider</title>
-    <script type="text/javascript" src="https://cdn.jsdelivr.net/npm/sweetalert2"></script>
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/6.10.1/sweetalert2.min.css" />
+    <title>@ViewData["Title"] - OpenIddict Server</title>
+    <script type="importmap"></script>
+
     <link rel="stylesheet" href="~/lib/bootstrap/dist/css/bootstrap.min.css" />
     <link rel="stylesheet" href="~/css/site.css" />
-    <link rel="stylesheet" href="~/IdentityProvider.styles.css" asp-append-version="true" />
 </head>
 <body>
     <header>
         <nav class="navbar navbar-expand-sm navbar-toggleable-sm navbar-light bg-white border-bottom box-shadow mb-3">
             <div class="container">
-                <a class="navbar-brand" asp-area="" asp-controller="Home" asp-action="Index">IdentityProvider</a>
+                <a class="navbar-brand" asp-area="" asp-controller="Home" asp-action="Index">OpenIddict Server</a>
                 <button class="navbar-toggler" type="button" data-toggle="collapse" data-target=".navbar-collapse" aria-controls="navbarSupportedContent"
                         aria-expanded="false" aria-label="Toggle navigation">
                     <span class="navbar-toggler-icon"></span>
@@ -41,12 +40,12 @@
 
     <footer class="border-top footer text-muted">
         <div class="container">
-            &copy; 2025 - OpenIddict Server - <a asp-area="" asp-controller="Home" asp-action="Privacy">Privacy</a>
+            &copy; 2026 - OpenIddict Server - <a asp-area="" asp-controller="Home" asp-action="Privacy">Privacy</a>
         </div>
     </footer>
-    <script src="~/lib/jquery/dist/jquery.min.js"></script>
-    <script src="~/lib/bootstrap/dist/js/bootstrap.min.js"></script>
 
+    <script src="~/lib/jquery/dist/jquery.min.js"></script>
+    <script src="~/lib/bootstrap/dist/js/bootstrap.bundle.min.js"></script>
     <script src="~/js/site.js" asp-append-version="true"></script>
 
     @await RenderSectionAsync("Scripts", required: false)
diff --git a/MultiIdentityProvider/IdentityProvider/Views/Shared/_Layout.cshtml.css b/MultiIdentityProvider/IdentityProvider/Views/Shared/_Layout.cshtml.css
deleted file mode 100644
index c187c02..0000000
--- a/MultiIdentityProvider/IdentityProvider/Views/Shared/_Layout.cshtml.css
+++ /dev/null
@@ -1,48 +0,0 @@
-/* Please see documentation at https://learn.microsoft.com/aspnet/core/client-side/bundling-and-minification
-for details on configuring this project to bundle and minify static web assets. */
-
-a.navbar-brand {
-  white-space: normal;
-  text-align: center;
-  word-break: break-all;
-}
-
-a {
-  color: #0077cc;
-}
-
-.btn-primary {
-  color: #fff;
-  background-color: #1b6ec2;
-  border-color: #1861ac;
-}
-
-.nav-pills .nav-link.active, .nav-pills .show > .nav-link {
-  color: #fff;
-  background-color: #1b6ec2;
-  border-color: #1861ac;
-}
-
-.border-top {
-  border-top: 1px solid #e5e5e5;
-}
-.border-bottom {
-  border-bottom: 1px solid #e5e5e5;
-}
-
-.box-shadow {
-  box-shadow: 0 .25rem .75rem rgba(0, 0, 0, .05);
-}
-
-button.accept-policy {
-  font-size: 1rem;
-  line-height: inherit;
-}
-
-.footer {
-  position: absolute;
-  bottom: 0;
-  width: 100%;
-  white-space: nowrap;
-  line-height: 60px;
-}
diff --git a/MultiIdentityProvider/IdentityProvider/Views/Shared/_LoginPartial.cshtml b/MultiIdentityProvider/IdentityProvider/Views/Shared/_LoginPartial.cshtml
index 82140f8..a388ed8 100644
--- a/MultiIdentityProvider/IdentityProvider/Views/Shared/_LoginPartial.cshtml
+++ b/MultiIdentityProvider/IdentityProvider/Views/Shared/_LoginPartial.cshtml
@@ -1,4 +1,9 @@
-@using Microsoft.AspNetCore.Identity
+@using IdentityProvider
+@using IdentityProvider.Data
+@using IdentityProvider.Passkeys
+@using IdentityProvider.ViewModels.Authorization
+@using IdentityProvider.ViewModels.Shared
+@using Microsoft.AspNetCore.Identity
 @inject SignInManager<ApplicationUser> SignInManager
 @inject UserManager<ApplicationUser> UserManager
 
diff --git a/MultiIdentityProvider/IdentityProvider/Views/Shared/_ValidationScriptsPartial.cshtml b/MultiIdentityProvider/IdentityProvider/Views/Shared/_ValidationScriptsPartial.cshtml
deleted file mode 100644
index 5d1f685..0000000
--- a/MultiIdentityProvider/IdentityProvider/Views/Shared/_ValidationScriptsPartial.cshtml
+++ /dev/null
@@ -1,2 +0,0 @@
-<script src="~/lib/jquery-validation/dist/jquery.validate.min.js"></script>
-<script src="~/lib/jquery-validation-unobtrusive/dist/jquery.validate.unobtrusive.min.js"></script>
diff --git a/MultiIdentityProvider/IdentityProvider/Views/_ViewImports.cshtml b/MultiIdentityProvider/IdentityProvider/Views/_ViewImports.cshtml
index f82c739..cd9fc8e 100644
--- a/MultiIdentityProvider/IdentityProvider/Views/_ViewImports.cshtml
+++ b/MultiIdentityProvider/IdentityProvider/Views/_ViewImports.cshtml
@@ -1,5 +1,7 @@
-@using OpeniddictServer
-@using OpeniddictServer.Data
-@using OpeniddictServer.ViewModels.Authorization
-@using OpeniddictServer.ViewModels.Shared
+@using IdentityProvider
+@using IdentityProvider.Data
+@using IdentityProvider.Passkeys
+@using IdentityProvider.ViewModels.Authorization
+@using IdentityProvider.ViewModels.Shared
 @addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers
+@addTagHelper *, IdentityProvider
\ No newline at end of file
diff --git a/MultiIdentityProvider/IdentityProvider/Worker.cs b/MultiIdentityProvider/IdentityProvider/Worker.cs
index 726ab32..555dcf9 100644
--- a/MultiIdentityProvider/IdentityProvider/Worker.cs
+++ b/MultiIdentityProvider/IdentityProvider/Worker.cs
@@ -1,9 +1,9 @@
 using OpenIddict.Abstractions;
-using OpeniddictServer.Data;
+using IdentityProvider.Data;
 using System.Globalization;
 using static OpenIddict.Abstractions.OpenIddictConstants;
 
-namespace OpeniddictServer;
+namespace IdentityProvider;
 
 public class Worker : IHostedService
 {
diff --git a/MultiIdentityProvider/IdentityProvider/usersdatabase.sqlite b/MultiIdentityProvider/IdentityProvider/usersdatabase.sqlite
index 1f77b65..d774ff6 100644
Binary files a/MultiIdentityProvider/IdentityProvider/usersdatabase.sqlite and b/MultiIdentityProvider/IdentityProvider/usersdatabase.sqlite differ
diff --git a/MultiIdentityProvider/IdentityProvider/wwwroot/css/site.css b/MultiIdentityProvider/IdentityProvider/wwwroot/css/site.css
index 819f612..e679a8e 100644
--- a/MultiIdentityProvider/IdentityProvider/wwwroot/css/site.css
+++ b/MultiIdentityProvider/IdentityProvider/wwwroot/css/site.css
@@ -1,31 +1,71 @@
+/* Please see documentation at https://docs.microsoft.com/aspnet/core/client-side/bundling-and-minification
+for details on configuring this project to bundle and minify static web assets. */
+
+a.navbar-brand {
+  white-space: normal;
+  text-align: center;
+  word-break: break-all;
+}
+
+/* Provide sufficient contrast against white background */
+a {
+  color: #0366d6;
+}
+
+.btn-primary {
+  color: #fff;
+  background-color: #1b6ec2;
+  border-color: #1861ac;
+}
+
+.nav-pills .nav-link.active, .nav-pills .show > .nav-link {
+  color: #fff;
+  background-color: #1b6ec2;
+  border-color: #1861ac;
+}
+
+/* Sticky footer styles
+-------------------------------------------------- */
 html {
   font-size: 14px;
 }
-
 @media (min-width: 768px) {
   html {
     font-size: 16px;
   }
 }
 
-.btn:focus, .btn:active:focus, .btn-link.nav-link:focus, .form-control:focus, .form-check-input:focus {
-  box-shadow: 0 0 0 0.1rem white, 0 0 0 0.25rem #258cfb;
+.border-top {
+  border-top: 1px solid #e5e5e5;
+}
+.border-bottom {
+  border-bottom: 1px solid #e5e5e5;
+}
+
+.box-shadow {
+  box-shadow: 0 .25rem .75rem rgba(0, 0, 0, .05);
 }
 
+button.accept-policy {
+  font-size: 1rem;
+  line-height: inherit;
+}
+
+/* Sticky footer styles
+-------------------------------------------------- */
 html {
   position: relative;
   min-height: 100%;
 }
 
 body {
+  /* Margin bottom by footer height */
   margin-bottom: 60px;
 }
-
-.form-floating > .form-control-plaintext::placeholder, .form-floating > .form-control::placeholder {
-  color: var(--bs-secondary-color);
-  text-align: end;
+.footer {
+  position: absolute;
+  bottom: 0;
+  width: 100%;
+  white-space: nowrap;
+  line-height: 60px; /* Vertically center the text there */
 }
-
-.form-floating > .form-control-plaintext:focus::placeholder, .form-floating > .form-control:focus::placeholder {
-  text-align: start;
-}
\ No newline at end of file
diff --git a/MultiIdentityProvider/IdentityProvider/wwwroot/js/helpers.js b/MultiIdentityProvider/IdentityProvider/wwwroot/js/helpers.js
deleted file mode 100644
index b424cf9..0000000
--- a/MultiIdentityProvider/IdentityProvider/wwwroot/js/helpers.js
+++ /dev/null
@@ -1,108 +0,0 @@
-coerceToArrayBuffer = function (thing, name) {
-    if (typeof thing === "string") {
-        // base64url to base64
-        thing = thing.replace(/-/g, "+").replace(/_/g, "/");
-
-        // base64 to Uint8Array
-        var str = window.atob(thing);
-        var bytes = new Uint8Array(str.length);
-        for (var i = 0; i < str.length; i++) {
-            bytes[i] = str.charCodeAt(i);
-        }
-        thing = bytes;
-    }
-
-    // Array to Uint8Array
-    if (Array.isArray(thing)) {
-        thing = new Uint8Array(thing);
-    }
-
-    // Uint8Array to ArrayBuffer
-    if (thing instanceof Uint8Array) {
-        thing = thing.buffer;
-    }
-
-    // error if none of the above worked
-    if (!(thing instanceof ArrayBuffer)) {
-        throw new TypeError("could not coerce '" + name + "' to ArrayBuffer");
-    }
-
-    return thing;
-};
-
-
-coerceToBase64Url = function (thing) {
-    // Array or ArrayBuffer to Uint8Array
-    if (Array.isArray(thing)) {
-        thing = Uint8Array.from(thing);
-    }
-
-    if (thing instanceof ArrayBuffer) {
-        thing = new Uint8Array(thing);
-    }
-
-    // Uint8Array to base64
-    if (thing instanceof Uint8Array) {
-        var str = "";
-        var len = thing.byteLength;
-
-        for (var i = 0; i < len; i++) {
-            str += String.fromCharCode(thing[i]);
-        }
-        thing = window.btoa(str);
-    }
-
-    if (typeof thing !== "string") {
-        throw new Error("could not coerce to string");
-    }
-
-    // base64 to base64url
-    // NOTE: "=" at the end of challenge is optional, strip it off here
-    thing = thing.replace(/\+/g, "-").replace(/\//g, "_").replace(/=*$/g, "");
-
-    return thing;
-};
-
-
-
-// HELPERS
-
-function showErrorAlert(message, error) {
-    let footermsg = '';
-    if (error) {
-        footermsg = 'exception:' + error.toString();
-    }
-    Swal.fire({
-        //type: 'error',
-        title: 'Error',
-        text: message,
-        footer: footermsg
-        //footer: '<a href>Why do I have this issue?</a>'
-    })
-}
-
-function detectFIDOSupport() {
-    if (window.PublicKeyCredential === undefined ||
-        typeof window.PublicKeyCredential !== "function") {
-        //$('#register-button').attr("disabled", true);
-        //$('#login-button').attr("disabled", true);
-        var el = document.getElementById("notSupportedWarning");
-        if (el) {
-            el.style.display = 'block';
-        }
-        return;
-    }
-}
-
-/**
- * 
- * Get a form value
- * @param {any} selector
- */
-function value(selector) {
-    var el = document.querySelector(selector);
-    if (el.type === "checkbox") {
-        return el.checked;
-    }
-    return el.value;
-}
\ No newline at end of file
diff --git a/MultiIdentityProvider/IdentityProvider/wwwroot/js/instant.js b/MultiIdentityProvider/IdentityProvider/wwwroot/js/instant.js
deleted file mode 100644
index 6029b54..0000000
--- a/MultiIdentityProvider/IdentityProvider/wwwroot/js/instant.js
+++ /dev/null
@@ -1,124 +0,0 @@
-/*! instant.page v1.1.0 - (C) 2019 Alexandre Dieulot - https://instant.page/license */
-
-let urlToPreload
-let mouseoverTimer
-let lastTouchTimestamp
-
-const prefetcher = document.createElement('link')
-const isSupported = prefetcher.relList && prefetcher.relList.supports && prefetcher.relList.supports('prefetch')
-const allowQueryString = 'instantAllowQueryString' in document.body.dataset
-
-if (isSupported) {
-    prefetcher.rel = 'prefetch'
-    document.head.appendChild(prefetcher)
-
-    const eventListenersOptions = {
-        capture: true,
-        passive: true,
-    }
-    document.addEventListener('touchstart', touchstartListener, eventListenersOptions)
-    document.addEventListener('mouseover', mouseoverListener, eventListenersOptions)
-}
-
-function touchstartListener(event) {
-    /* Chrome on Android calls mouseover before touchcancel so `lastTouchTimestamp`
-     * must be assigned on touchstart to be measured on mouseover. */
-    lastTouchTimestamp = performance.now()
-
-    const linkElement = event.target.closest('a')
-
-    if (!linkElement) {
-        return
-    }
-
-    if (!isPreloadable(linkElement)) {
-        return
-    }
-
-    linkElement.addEventListener('touchcancel', touchendAndTouchcancelListener, { passive: true })
-    linkElement.addEventListener('touchend', touchendAndTouchcancelListener, { passive: true })
-
-    urlToPreload = linkElement.href
-    preload(linkElement.href)
-}
-
-function touchendAndTouchcancelListener() {
-    urlToPreload = undefined
-    stopPreloading()
-}
-
-function mouseoverListener(event) {
-    if (performance.now() - lastTouchTimestamp < 1100) {
-        return
-    }
-
-    const linkElement = event.target.closest('a')
-
-    if (!linkElement) {
-        return
-    }
-
-    if (!isPreloadable(linkElement)) {
-        return
-    }
-
-    linkElement.addEventListener('mouseout', mouseoutListener, { passive: true })
-
-    urlToPreload = linkElement.href
-
-    mouseoverTimer = setTimeout(() => {
-        preload(linkElement.href)
-        mouseoverTimer = undefined
-    }, 65)
-}
-
-function mouseoutListener(event) {
-    if (event.relatedTarget && event.target.closest('a') == event.relatedTarget.closest('a')) {
-        return
-    }
-
-    if (mouseoverTimer) {
-        clearTimeout(mouseoverTimer)
-        mouseoverTimer = undefined
-    }
-    else {
-        urlToPreload = undefined
-        stopPreloading()
-    }
-}
-
-function isPreloadable(linkElement) {
-    if (urlToPreload == linkElement.href) {
-        return
-    }
-
-    const urlObject = new URL(linkElement.href)
-
-    if (urlObject.origin != location.origin) {
-        return
-    }
-
-    if (!allowQueryString && urlObject.search && !('instant' in linkElement.dataset)) {
-        return
-    }
-
-    if (urlObject.hash && urlObject.pathname + urlObject.search == location.pathname + location.search) {
-        return
-    }
-
-    if ('noInstant' in linkElement.dataset) {
-        return
-    }
-
-    return true
-}
-
-function preload(url) {
-    prefetcher.href = url
-}
-
-function stopPreloading() {
-    /* The spec says an empty string should abort the prefetching
-    * but Firefox 64 interprets it as a relative URL to prefetch. */
-    prefetcher.removeAttribute('href')
-}
diff --git a/MultiIdentityProvider/IdentityProvider/wwwroot/js/mfa.login.js b/MultiIdentityProvider/IdentityProvider/wwwroot/js/mfa.login.js
deleted file mode 100644
index 0e5114d..0000000
--- a/MultiIdentityProvider/IdentityProvider/wwwroot/js/mfa.login.js
+++ /dev/null
@@ -1,154 +0,0 @@
-//document.getElementById('signin').addEventListener('click', handleSignInSubmit);
-
-window.onload = function () {
-    handleSignInSubmit();
-};
-
-async function handleSignInSubmit(event) {
-    //event.preventDefault();
-
-    //let username = this.username.value;
-    // passwordfield is omitted in demo
-    // let password = this.password.value;
-    // prepare form post data
-    var formData = new FormData();
-    //formData.append('username', username);
-    // not done in demo
-    // todo: validate username + password with server (has nothing to do with FIDO2/WebAuthn)
-
-    // send to server for registering
-    let makeAssertionOptions;
-    try {
-        var res = await fetch('/mfaassertionOptions', {
-            method: 'POST', // or 'PUT'
-            body: formData, // data can be `string` or {object}!
-            headers: {
-                'Accept': 'application/json',
-                'RequestVerificationToken': document.getElementById('RequestVerificationToken').value
-            }
-        });
-
-        makeAssertionOptions = await res.json();
-    } catch (e) {
-        showErrorAlert("Request to server failed", e);
-    }
-
-    //console.log("Assertion Options Object", makeAssertionOptions);
-
-    // show options error to user
-    if (makeAssertionOptions.status !== "ok") {
-        console.log("Error creating assertion options");
-        console.log(makeAssertionOptions.errorMessage);
-        showErrorAlert(makeAssertionOptions.errorMessage);
-        return;
-    }
-
-    // todo: switch this to coercebase64
-    const challenge = makeAssertionOptions.challenge.replace(/-/g, "+").replace(/_/g, "/");
-    makeAssertionOptions.challenge = Uint8Array.from(atob(challenge), c => c.charCodeAt(0));
-
-    // fix escaping. Change this to coerce
-    makeAssertionOptions.allowCredentials.forEach(function (listItem) {
-        var fixedId = listItem.id.replace(/\_/g, "/").replace(/\-/g, "+");
-        listItem.id = Uint8Array.from(atob(fixedId), c => c.charCodeAt(0));
-    });
-
-    //console.log("Assertion options", makeAssertionOptions);
-
-    const fido2TapKeyToLogin = document.getElementById('fido2TapKeyToLogin').innerText;
-    document.getElementById('fido2logindisplay').innerHTML += '<br><b>' + fido2TapKeyToLogin + '</b><img src = "/images/securitykey.min.svg" alt = "fido login" />';
-
-    //Swal.fire({
-    //    title: 'Logging In...',
-    //    text: 'Tap your security key to login.',
-    //    imageUrl: "/images/securitykey.min.svg",
-    //    showCancelButton: true,
-    //    showConfirmButton: false,
-    //    focusConfirm: false,
-    //    focusCancel: false
-    //});
-
-    // ask browser for credentials (browser will ask connected authenticators)
-    let credential;
-    try {
-        credential = await navigator.credentials.get({ publicKey: makeAssertionOptions });
-    } catch (err) {
-        document.getElementById('fido2logindisplay').innerHTML = '';
-        showErrorAlert(err.message ? err.message : err);
-    }
-
-    //document.getElementById('fido2logindisplay').innerHTML = '<p>Processing</p>';
-
-    try {
-        await verifyAssertionWithServer(credential);
-    } catch (e) {
-        document.getElementById('fido2logindisplay').innerHTML = '';
-        const fido2CouldNotVerifyAssertion = document.getElementById('fido2CouldNotVerifyAssertion').innerText;
-        showErrorAlert(fido2CouldNotVerifyAssertion, e);
-    }
-}
-
-async function verifyAssertionWithServer(assertedCredential) {
-    // Move data into Arrays incase it is super long
-    let authData = new Uint8Array(assertedCredential.response.authenticatorData);
-    let clientDataJSON = new Uint8Array(assertedCredential.response.clientDataJSON);
-    let rawId = new Uint8Array(assertedCredential.rawId);
-    let sig = new Uint8Array(assertedCredential.response.signature);
-    let userHandle = new Uint8Array(assertedCredential.response.userHandle);
-    const data = {
-        id: assertedCredential.id,
-        rawId: coerceToBase64Url(rawId),
-        type: assertedCredential.type,
-        extensions: assertedCredential.getClientExtensionResults(),
-        response: {
-            authenticatorData: coerceToBase64Url(authData),
-            clientDataJson: coerceToBase64Url(clientDataJSON),
-            //userHandle: userHandle !== null ? coerceToBase64Url(userHandle) : null,
-            signature: coerceToBase64Url(sig)
-        }
-    };
-
-    let response;
-    try {
-        let res = await fetch("/mfamakeAssertion", {
-            method: 'POST', // or 'PUT'
-            body: JSON.stringify(data), // data can be `string` or {object}!
-            headers: {
-                'Accept': 'application/json',
-                'Content-Type': 'application/json',
-                'RequestVerificationToken': document.getElementById('RequestVerificationToken').value
-            }
-        });
-
-        response = await res.json();
-    } catch (e) {
-        showErrorAlert("Request to server failed", e);
-        throw e;
-    }
-
-    //console.log("Assertion Object", response);
-
-    // show error
-    if (response.status !== "ok") {
-        console.log("Error doing assertion");
-        console.log(response.errorMessage);
-        document.getElementById('fido2logindisplay').innerHTML = '';
-        showErrorAlert(response.errorMessage);
-        return;
-    }
-
-    //document.getElementById('fido2logindisplay').innerHTML = '<p>Logged In!</p>';
-
-    // show success message
-    //await Swal.fire({
-    //    title: 'Logged In!',
-    //    text: 'You\'re logged in successfully.',
-    //    //type: 'success',
-    //    timer: 2000
-    //});
-    let fido2ReturnUrl = document.getElementById('fido2ReturnUrl').innerText;
-    if (!fido2ReturnUrl) {
-        fido2ReturnUrl = "/";
-    }
-    window.location.href = fido2ReturnUrl;
-}
diff --git a/MultiIdentityProvider/IdentityProvider/wwwroot/js/mfa.register.js b/MultiIdentityProvider/IdentityProvider/wwwroot/js/mfa.register.js
deleted file mode 100644
index 158f139..0000000
--- a/MultiIdentityProvider/IdentityProvider/wwwroot/js/mfa.register.js
+++ /dev/null
@@ -1,178 +0,0 @@
-document.getElementById('register').addEventListener('submit', handleRegisterSubmit);
-
-async function handleRegisterSubmit(event) {
-    event.preventDefault();
-
-    let username = this.username.value;
-    //let displayName = this.displayName.value;
-    // passwordfield is omitted in demo
-    // let password = this.password.value;
-    // possible values: none, direct, indirect
-    let attestation_type = "none";
-    // possible values: <empty>, platform, cross-platform
-    let authenticator_attachment = "";
-    // possible values: preferred, required, discouraged
-    let user_verification = "preferred";
-    // possible values: true,false
-    let require_resident_key = false;
-    // prepare form post data
-    var data = new FormData();
-    data.append('username', username);
-   // data.append('displayName', displayName);
-    data.append('attType', attestation_type);
-    data.append('authType', authenticator_attachment);
-    data.append('userVerification', user_verification);
-    data.append('requireResidentKey', require_resident_key);
-
-    // send to server for registering
-    let makeCredentialOptions;
-    try {
-        makeCredentialOptions = await fetchMakeCredentialOptions(data);
-
-    } catch (e) {
-        console.error(e);
-        let msg = "Something wen't really wrong";
-        showErrorAlert(msg);
-    }
-
-    //console.log("Credential Options Object", makeCredentialOptions);
-
-    if (makeCredentialOptions.status !== "ok") {
-        console.log("Error creating credential options");
-        console.log(makeCredentialOptions.errorMessage);
-        showErrorAlert(makeCredentialOptions.errorMessage);
-        return;
-    }
-
-    // Turn the challenge back into the accepted format of padded base64
-    makeCredentialOptions.challenge = coerceToArrayBuffer(makeCredentialOptions.challenge);
-    // Turn ID into a UInt8Array Buffer for some reason
-    makeCredentialOptions.user.id = coerceToArrayBuffer(makeCredentialOptions.user.id);
-
-    makeCredentialOptions.excludeCredentials = makeCredentialOptions.excludeCredentials.map((c) => {
-        c.id = coerceToArrayBuffer(c.id);
-        return c;
-    });
-
-    if (makeCredentialOptions.authenticatorSelection.authenticatorAttachment === null) {
-        makeCredentialOptions.authenticatorSelection.authenticatorAttachment = undefined;
-    }
-
-    //console.log("Credential Options Formatted", makeCredentialOptions);
-
-    const fido2TapYourSecurityKeyToFinishRegistration = document.getElementById('fido2TapYourSecurityKeyToFinishRegistration').innerText;
-    document.getElementById('fido2mfadisplay').innerHTML += '<br><b>' + fido2TapYourSecurityKeyToFinishRegistration +'</b><img src = "/images/securitykey.min.svg" alt = "fido login" />';
-
-    //Swal.fire({
-    //    title: 'Registering...',
-    //    text: 'Tap your security key to finish registration.',
-    //    imageUrl: "/images/securitykey.min.svg",
-    //    showCancelButton: true,
-    //    showConfirmButton: false,
-    //    focusConfirm: false,
-    //    focusCancel: false
-    //});
-
-    //console.log("Creating PublicKeyCredential...");
-    //console.log(navigator);
-    //console.log(navigator.credentials);
-    //console.log(makeCredentialOptions);
-    let newCredential;
-    try {
-        newCredential = await navigator.credentials.create({
-            publicKey: makeCredentialOptions
-        });
-    } catch (e) {
-        const fido2RegistrationError = document.getElementById('fido2RegistrationError').innerText;
-        console.error(fido2RegistrationError, e);
-        document.getElementById('fido2mfadisplay').innerHTML = '';
-        showErrorAlert(fido2RegistrationError, e);
-    }
-
-    console.log("PublicKeyCredential Created", newCredential);
-
-    try {
-        registerNewCredential(newCredential);
-
-    } catch (e) {
-        showErrorAlert(err.message ? err.message : err);
-    }
-}
-
-async function fetchMakeCredentialOptions(formData) {
-    let response = await fetch('/mfamakeCredentialOptions', {
-        method: 'POST', // or 'PUT'
-        body: formData, // data can be `string` or {object}!
-        headers: {
-            'Accept': 'application/json',
-            'RequestVerificationToken': document.getElementById('RequestVerificationToken').value
-        }
-    });
-
-    let data = await response.json();
-
-    return data;
-}
-
-// This should be used to verify the auth data with the server
-async function registerNewCredential(newCredential) {
-    // Move data into Arrays incase it is super long
-    let attestationObject = new Uint8Array(newCredential.response.attestationObject);
-    let clientDataJSON = new Uint8Array(newCredential.response.clientDataJSON);
-    let rawId = new Uint8Array(newCredential.rawId);
-
-    const data = {
-        id: newCredential.id,
-        rawId: coerceToBase64Url(rawId),
-        type: newCredential.type,
-        extensions: newCredential.getClientExtensionResults(),
-        response: {
-            AttestationObject: coerceToBase64Url(attestationObject),
-            clientDataJson: coerceToBase64Url(clientDataJSON)
-        }
-    };
-
-    let response;
-    try {
-        response = await registerCredentialWithServer(data);
-    } catch (e) {
-        showErrorAlert(e);
-    }
-
-    //console.log("Credential Object", response);
-
-    // show error
-    if (response.status !== "ok") {
-        console.log("Error creating credential");
-        console.log(response.errorMessage);
-        showErrorAlert(response.errorMessage);
-        return;
-    }
-
-    // show success 
-    Swal.fire({
-        title: 'Registration Successful!',
-        text: 'You\'ve registered successfully.',
-       // type: 'success',
-        timer: 2000
-    });
-
-    // possible values: true,false
-    window.location.href = "/Identity/Account/Manage/GenerateRecoveryCodes";
-}
-
-async function registerCredentialWithServer(formData) {
-    let response = await fetch('/mfamakeCredential', {
-        method: 'POST', // or 'PUT'
-        body: JSON.stringify(formData), // data can be `string` or {object}!
-        headers: {
-            'Accept': 'application/json',
-            'Content-Type': 'application/json',
-            'RequestVerificationToken': document.getElementById('RequestVerificationToken').value
-        }
-    });
-
-    let data = await response.json();
-
-    return data;
-}
\ No newline at end of file
diff --git a/MultiIdentityProvider/IdentityProvider/wwwroot/js/passkey-submit.js b/MultiIdentityProvider/IdentityProvider/wwwroot/js/passkey-submit.js
new file mode 100644
index 0000000..6d58e74
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/wwwroot/js/passkey-submit.js
@@ -0,0 +1,187 @@
+const browserSupportsPasskeys =
+  typeof navigator.credentials !== 'undefined' &&
+  typeof window.PublicKeyCredential !== 'undefined' &&
+  typeof window.PublicKeyCredential.parseCreationOptionsFromJSON === 'function' &&
+  typeof window.PublicKeyCredential.parseRequestOptionsFromJSON === 'function';
+
+async function fetchWithErrorHandling(url, options = {}) {
+  const response = await fetch(url, {
+    credentials: 'include',
+    ...options
+  });
+  if (!response.ok) {
+    const text = await response.text();
+    console.error(text);
+    throw new Error(`The server responded with status ${response.status}.`);
+  }
+  return response;
+}
+
+async function createCredential(headers, signal) {
+  const optionsResponse = await fetchWithErrorHandling('/Identity/Account/PasskeyCreationOptions', {
+    method: 'POST',
+    headers,
+    signal,
+  });
+  const optionsJson = await optionsResponse.json();
+  const options = PublicKeyCredential.parseCreationOptionsFromJSON(optionsJson);
+  return await navigator.credentials.create({ publicKey: options, signal });
+}
+
+async function requestCredential(email, mediation, headers, signal) {
+  const optionsResponse = await fetchWithErrorHandling(`/Identity/Account/PasskeyRequestOptions?username=${email}`, {
+    method: 'POST',
+    headers,
+    signal,
+  });
+  const optionsJson = await optionsResponse.json();
+  const options = PublicKeyCredential.parseRequestOptionsFromJSON(optionsJson);
+  return await navigator.credentials.get({ publicKey: options, mediation, signal });
+}
+
+customElements.define('passkey-submit', class extends HTMLElement {
+  static formAssociated = true;
+
+  connectedCallback() {
+    this.internals = this.attachInternals();
+    this.attrs = {
+      operation: this.getAttribute('operation'),
+      name: this.getAttribute('name'),
+      emailName: this.getAttribute('email-name'),
+      requestTokenName: this.getAttribute('request-token-name'),
+      requestTokenValue: this.getAttribute('request-token-value'),
+    };
+
+    this.internals.form.addEventListener('submit', (event) => {
+      if (event.submitter?.name === '__passkeySubmit') {
+        event.preventDefault();
+        this.obtainAndSubmitCredential();
+      }
+    });
+
+    this.tryAutofillPasskey();
+  }
+
+  disconnectedCallback() {
+    this.abortController?.abort();
+  }
+
+  async obtainCredential(useConditionalMediation, signal) {
+    if (!browserSupportsPasskeys) {
+      throw new Error('Some passkey features are missing. Please update your browser.');
+    }
+
+    const headers = {
+      [this.attrs.requestTokenName]: this.attrs.requestTokenValue,
+    };
+      
+    if (this.attrs.operation === 'Create') {
+      return await createCredential(headers, signal);
+    } else if (this.attrs.operation === 'Request') {
+      const email = new FormData(this.internals.form).get(this.attrs.emailName);
+      const mediation = useConditionalMediation ? 'conditional' : undefined;
+      return await requestCredential(email, mediation, headers, signal);
+    } else {
+      throw new Error(`Unknown passkey operation '${this.attrs.operation}'.`);
+    }
+  }
+
+  async obtainAndSubmitCredential(useConditionalMediation = false) {
+    this.abortController?.abort();
+    this.abortController = new AbortController();
+    const signal = this.abortController.signal;
+    const formData = new FormData();
+    try {
+      const credential = await this.obtainCredential(useConditionalMediation, signal);
+
+      let credentialJson = "";
+      try {
+        credentialJson = JSON.stringify(credential);
+      } catch (error) {
+        if (error.name !== 'TypeError') {
+          throw error;
+        }
+
+        // Some password managers do not implement PublicKeyCredential.prototype.toJSON correctly,
+        // which is required for JSON.stringify() to work.
+        // e.g. https://www.1password.community/discussions/1password/typeerror-illegal-invocation-in-chrome-browser/47399
+        // Try and serialize the credential to JSON manually.
+        credentialJson = JSON.stringify({
+          authenticatorAttachment: credential.authenticatorAttachment,
+          clientExtensionResults: credential.getClientExtensionResults(),
+          id: credential.id,
+          rawId: this.convertToBase64(credential.rawId),
+          response: {
+            attestationObject: this.convertToBase64(credential.response.attestationObject),
+            authenticatorData: this.convertToBase64(credential.response.authenticatorData ?? credential.response.getAuthenticatorData?.() ?? undefined),
+            clientDataJSON: this.convertToBase64(credential.response.clientDataJSON),
+            publicKey: this.convertToBase64(credential.response.getPublicKey?.() ?? undefined),
+            publicKeyAlgorithm: credential.response.getPublicKeyAlgorithm?.() ?? undefined,
+            transports: credential.response.getTransports?.() ?? undefined,
+            signature: this.convertToBase64(credential.response.signature),
+            userHandle: this.convertToBase64(credential.response.userHandle),
+          },
+          type: credential.type,
+        });
+      }
+      formData.append(`${this.attrs.name}.CredentialJson`, credentialJson);
+    } catch (error) {
+      if (error.name === 'AbortError') {
+        // The user explicitly canceled the operation - return without error.
+        return;
+      }
+      console.error(error);
+      if (useConditionalMediation) {
+        // An error occurred during conditional mediation, which is not user-initiated.
+        // We log the error in the console but do not relay it to the user.
+        return;
+      }
+      const errorMessage = error.name === 'NotAllowedError'
+        ? 'No passkey was provided by the authenticator.'
+        : error.message;
+      formData.append(`${this.attrs.name}.Error`, errorMessage);
+    }
+    this.internals.setFormValue(formData);
+    this.internals.form.submit();
+  }
+
+  convertToBase64(o) {
+    if (!o) {
+      return undefined;
+    }
+
+    // Normalize Array to Uint8Array
+    if (Array.isArray(o)) {
+      o = Uint8Array.from(o);
+    }
+
+    // Normalize ArrayBuffer to Uint8Array
+    if (o instanceof ArrayBuffer) {
+      o = new Uint8Array(o);
+    }
+
+    // Convert Uint8Array to base64
+    if (o instanceof Uint8Array) {
+      let str = '';
+      for (let i = 0; i < o.byteLength; i++) {
+        str += String.fromCharCode(o[i]);
+      }
+      o = window.btoa(str);
+    }
+
+    if (typeof o !== 'string') {
+      throw new Error("Could not convert to base64 string");
+    }
+
+    // Convert base64 to base64url
+    o = o.replace(/\+/g, "-").replace(/\//g, "_").replace(/=*$/g, "");
+
+    return o;
+  }
+
+  async tryAutofillPasskey() {
+    if (browserSupportsPasskeys && this.attrs.operation === 'Request' && await PublicKeyCredential.isConditionalMediationAvailable?.()) {
+      await this.obtainAndSubmitCredential(/* useConditionalMediation */ true);
+    }
+  }
+});
diff --git a/MultiIdentityProvider/IdentityProvider/wwwroot/js/signin-redirect.js b/MultiIdentityProvider/IdentityProvider/wwwroot/js/signin-redirect.js
new file mode 100644
index 0000000..6ebc569
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/wwwroot/js/signin-redirect.js
@@ -0,0 +1 @@
+window.location.href = document.querySelector("meta[http-equiv=refresh]").getAttribute("data-url");
diff --git a/MultiIdentityProvider/IdentityProvider/wwwroot/js/signout-redirect.js b/MultiIdentityProvider/IdentityProvider/wwwroot/js/signout-redirect.js
new file mode 100644
index 0000000..cdfc5e7
--- /dev/null
+++ b/MultiIdentityProvider/IdentityProvider/wwwroot/js/signout-redirect.js
@@ -0,0 +1,6 @@
+window.addEventListener("load", function () {
+    var a = document.querySelector("a.PostLogoutRedirectUri");
+    if (a) {
+        window.location = a.href;
+    }
+});
diff --git a/MultiIdentityProvider/IdentityProvider/wwwroot/js/site.js b/MultiIdentityProvider/IdentityProvider/wwwroot/js/site.js
index 0937657..ac49c18 100644
--- a/MultiIdentityProvider/IdentityProvider/wwwroot/js/site.js
+++ b/MultiIdentityProvider/IdentityProvider/wwwroot/js/site.js
@@ -1,4 +1,4 @@
-// Please see documentation at https://learn.microsoft.com/aspnet/core/client-side/bundling-and-minification
+// Please see documentation at https://docs.microsoft.com/aspnet/core/client-side/bundling-and-minification
 // for details on configuring this project to bundle and minify static web assets.
 
 // Write your JavaScript code.
diff --git a/MultiIdentityProvider/RazorAuth0Client/Pages/Shared/_Layout.cshtml b/MultiIdentityProvider/RazorAuth0Client/Pages/Shared/_Layout.cshtml
index c6d1180..df1613a 100644
--- a/MultiIdentityProvider/RazorAuth0Client/Pages/Shared/_Layout.cshtml
+++ b/MultiIdentityProvider/RazorAuth0Client/Pages/Shared/_Layout.cshtml
@@ -39,7 +39,7 @@
 
     <footer class="border-top footer text-muted">
         <div class="container">
-            &copy; 2025 - Razor Auth0
+            &copy; 2026 - Razor Auth0
         </div>
     </footer>
 
diff --git a/MultiIdentityProvider/RazorAuth0Client/RazorAuth0Client.csproj b/MultiIdentityProvider/RazorAuth0Client/RazorAuth0Client.csproj
index 27a4920..da5e4e2 100644
--- a/MultiIdentityProvider/RazorAuth0Client/RazorAuth0Client.csproj
+++ b/MultiIdentityProvider/RazorAuth0Client/RazorAuth0Client.csproj
@@ -8,9 +8,9 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="10.0.0" />
-    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="1.3.0" />
-    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders.TagHelpers" Version="1.3.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="10.0.3" />
+    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="1.3.1" />
+    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders.TagHelpers" Version="1.3.1" />
 
     <PackageReference Include="Serilog.AspNetCore" Version="10.0.0" />
     <PackageReference Include="Serilog.Extensions.Logging" Version="10.0.0" />
diff --git a/MultiIdentityProvider/RazorMicrosoftEntraIDClient/Pages/Shared/_Layout.cshtml b/MultiIdentityProvider/RazorMicrosoftEntraIDClient/Pages/Shared/_Layout.cshtml
index f74c439..8c8e7f3 100644
--- a/MultiIdentityProvider/RazorMicrosoftEntraIDClient/Pages/Shared/_Layout.cshtml
+++ b/MultiIdentityProvider/RazorMicrosoftEntraIDClient/Pages/Shared/_Layout.cshtml
@@ -39,7 +39,7 @@
 
     <footer class="border-top footer text-muted">
         <div class="container">
-            &copy; 2025 - Razor Microsoft Entra ID
+            &copy; 2026 - Razor Microsoft Entra ID
         </div>
     </footer>
 
diff --git a/MultiIdentityProvider/RazorMicrosoftEntraIDClient/RazorMicrosoftEntraIDClient.csproj b/MultiIdentityProvider/RazorMicrosoftEntraIDClient/RazorMicrosoftEntraIDClient.csproj
index 3667bde..dc11311 100644
--- a/MultiIdentityProvider/RazorMicrosoftEntraIDClient/RazorMicrosoftEntraIDClient.csproj
+++ b/MultiIdentityProvider/RazorMicrosoftEntraIDClient/RazorMicrosoftEntraIDClient.csproj
@@ -8,10 +8,10 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Identity.Web" Version="4.1.1" />
-    <PackageReference Include="Microsoft.Identity.Web.UI" Version="4.1.1" />
-    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="1.3.0" />
-    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders.TagHelpers" Version="1.3.0" />
+    <PackageReference Include="Microsoft.Identity.Web" Version="4.3.0" />
+    <PackageReference Include="Microsoft.Identity.Web.UI" Version="4.3.0" />
+    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders" Version="1.3.1" />
+    <PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders.TagHelpers" Version="1.3.1" />
 
     <PackageReference Include="Serilog.AspNetCore" Version="10.0.0" />
     <PackageReference Include="Serilog.Extensions.Logging" Version="10.0.0" />
diff --git a/MultiIdentityProvider/RazorOpenIddictClient/Pages/Shared/_Layout.cshtml b/MultiIdentityProvider/RazorOpenIddictClient/Pages/Shared/_Layout.cshtml
index a8ee44b..68e4c9f 100644
--- a/MultiIdentityProvider/RazorOpenIddictClient/Pages/Shared/_Layout.cshtml
+++ b/MultiIdentityProvider/RazorOpenIddictClient/Pages/Shared/_Layout.cshtml
@@ -53,7 +53,7 @@
 
     <footer class="border-top footer text-muted">
         <div class="container">
-            &copy; 2025 - RazorPageOidcClient
+            &copy; 2026 - RazorPageOidcClient
         </div>
     </footer>
 
diff --git a/MultiIdentityProvider/RazorOpenIddictClient/RazorOpenIddictClient.csproj b/MultiIdentityProvider/RazorOpenIddictClient/RazorOpenIddictClient.csproj
index b6e2053..94b5571 100644
--- a/MultiIdentityProvider/RazorOpenIddictClient/RazorOpenIddictClient.csproj
+++ b/MultiIdentityProvider/RazorOpenIddictClient/RazorOpenIddictClient.csproj
@@ -8,7 +8,7 @@
 
   <ItemGroup>
     <PackageReference Include="IdentityModel" Version="7.0.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="10.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="10.0.3" />
 
     <PackageReference Include="Serilog.AspNetCore" Version="10.0.0" />
     <PackageReference Include="Serilog.Extensions.Logging" Version="10.0.0" />
diff --git a/MultiIdentityProvider/WebApi/WebApi.csproj b/MultiIdentityProvider/WebApi/WebApi.csproj
index 70d65a0..0e46297 100644
--- a/MultiIdentityProvider/WebApi/WebApi.csproj
+++ b/MultiIdentityProvider/WebApi/WebApi.csproj
@@ -7,8 +7,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.0" />
-    <PackageReference Include="Swashbuckle.AspNetCore" Version="10.0.1" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.3" />
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="10.1.4" />
 
     <PackageReference Include="Serilog.AspNetCore" Version="10.0.0" />
     <PackageReference Include="Serilog.Extensions.Logging" Version="10.0.0" />
diff --git a/README.md b/README.md
index a828d37..f2f23ef 100644
--- a/README.md
+++ b/README.md
@@ -13,6 +13,7 @@
 
 ## History
 
+- 2026-02-25 Updated packages
 - 2025-12-08 Updated .NET 10
 - 2025-08-03 Updated packages
 - 2025-04-26 Updated packages