From d4fa95803dd7e0feff690bf190bfacd7a88b0864 Mon Sep 17 00:00:00 2001
From: iammukeshm <iammukeshm@gmail.com>
Date: Thu, 28 May 2026 01:13:24 +0530
Subject: [PATCH] fix(identity): advertise the dev root password as
 Password123!

The demo seeder realigns every tenant admin -- including root's admin@root.com
-- to the shared demo password, so under the Aspire dev stack the root account
signs in with Password123!, not the framework default 123Pa$$word!. Surfaced by
running seed-demo on launch (PR #1260). Point the demo login panel (ROOT_PASSWORD)
and the sample token request at Password123! so the advertised dev credential
actually works. The framework seed default (Seed:DefaultAdminPassword) is
unchanged for non-demo / production seeds.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 clients/dashboard/src/pages/login.demo-accounts.ts     | 10 ++++++----
 .../Requests/Identity/identity-token.http              |  2 +-
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/clients/dashboard/src/pages/login.demo-accounts.ts b/clients/dashboard/src/pages/login.demo-accounts.ts
index f287bd893d..795b471de3 100644
--- a/clients/dashboard/src/pages/login.demo-accounts.ts
+++ b/clients/dashboard/src/pages/login.demo-accounts.ts
@@ -20,10 +20,12 @@ export type DemoAccount = {
 
 export const DEMO_PASSWORD = "Password123!";
 
-// Root tenant uses the platform default password (kept in sync with
-// MultitenancyConstants.DefaultPassword on the backend) — distinct from the
-// dev seed password used by the Acme/Globex demo accounts.
-export const ROOT_PASSWORD = "123Pa$$word!";
+// In the Aspire dev stack the demo seeder (`seed-demo`) runs after `apply --seed`
+// and realigns every tenant admin — including root's admin@root.com — to the
+// shared demo password, so in dev the root account signs in with the same
+// Password123! as the Acme/Globex demo users. (A production deploy that skips
+// seed-demo keeps whatever Seed:DefaultAdminPassword is configured.)
+export const ROOT_PASSWORD = DEMO_PASSWORD;
 
 const acme = (
   email: string,
diff --git a/src/Host/FSH.Starter.Api/Requests/Identity/identity-token.http b/src/Host/FSH.Starter.Api/Requests/Identity/identity-token.http
index bb162a44b8..a1ba690693 100644
--- a/src/Host/FSH.Starter.Api/Requests/Identity/identity-token.http
+++ b/src/Host/FSH.Starter.Api/Requests/Identity/identity-token.http
@@ -8,6 +8,6 @@ tenant: {{tenant}}
 
 {
   "email": "admin@root.com",
-  "password": "123Pa$$word!"
+  "password": "Password123!"
 }