If you're using IdentityServer, you could either redirect the user to the default management area at 

/Identity/Account/Manage/ChangePassword

Or you could post the passwords (both new and old) to your API endpoint, get the current logged in User in the API Controller, then proceed to get their password from the UserManager and update it.

You'd need to inject UserManager

private readonly UserManager<ApplicationUser> _userManager;

public YourControllerName(UserManager<ApplicationUser> userManager)
{
    _userManager = userManager;
}

Then something along these lines should work. The password model would just be a model that contains your new and old password. Probably the same Model you'd be using in your EditForm within your Blazor component.

    [HttpPost]
    [Route("resetpassword")] // Whatever your route path is
    public async Task<IActionResult> UpdatePasswordAsync([FromBody] PasswordModel passwordModel)
    {
        if (!ModelState.IsValid)
        {
            return StatusCode(StatusCodes.Status400BadRequest);
        }

        var claimsIdentity = (ClaimsIdentity)User.Identity;
        var claim = claimsIdentity.FindFirst(ClaimTypes.NameIdentifier);
        var userId = claim.Value;
        var user = await _userManager.FindByIdAsync(userId);
        if (user == null)
        {
            return StatusCode(StatusCodes.Status404NotFound, "User Not Found");
        }

        var changePasswordResult = await _userManager.ChangePasswordAsync(user, passwordModel.OldPassword, passwordModel.NewPassword);
        if (!changePasswordResult.Succeeded)
        {
            return StatusCode(StatusCodes.Status500InternalServerError, "Password Reset Unsuccessful");
        }
        return Ok();
    }

Thanks for the reply, It's a bit more complicated as I'm issuing a password reset token and also generating the email link to use to do the reset. With the WASM being separated from ServerAPI  I have managed to to implement the WASM forgot password razor pages, I then send the confirmation link that also contains the key and email nice and secure, When the user clicks on the reset email link is where it gets a bit tricky as the link is pointing Account controller ResetPassword action then sends the key and email to a new page along with the model containing the details and then allows the user to enter a new password and confirmation password and then gets updated via a post method. It is working fine now but it seems like a long way to do it, so I was wondering if there is Microsoft / or any decent up to date documents on this topic, all I can find is very old documents and procedures. But it's not a serious thing at this stage I managed to do a few work arounds. Its working great apart from ugly designed Views that ill have to doctor. lol

I'm not aware of any specific documentation, but I'm guessing you'll have more luck looking at IdentityServer docs rather than Microsoft, assuming you're using IdentityServer. Perhaps you could have the system email a code to the user right away that they have to enter during the password reset (or even use the Authenticator app somehow if they're setup to use it) and reduce the steps?

Yes I managed using the Identity doc's. That is a good plan, the app I'm writing is also going to have the mobile version so not that concerned about resetting passwords on the web version and long as its functioning and it is. 2FA authenticator is the way to go I think. Thank you.