add stories
This commit is contained in:
@@ -0,0 +1,28 @@
|
||||
# Proper App ID Initialization
|
||||
|
||||
**ID:** DEV-004
|
||||
**Priority:** High
|
||||
**Status:** Planned
|
||||
|
||||
## User Story
|
||||
As a developer, I want to properly register my application with a unique App ID so that the identity provider can identify and configure my app correctly.
|
||||
|
||||
## Acceptance Criteria
|
||||
- [ ] Developer can register new applications
|
||||
- [ ] Each app gets unique App ID and App Secret
|
||||
- [ ] Configure allowed redirect URIs per app
|
||||
- [ ] Configure allowed origins (CORS) per app
|
||||
- [ ] App-specific settings (token expiry, etc.)
|
||||
- [ ] View app analytics (logins per app)
|
||||
- [ ] Regenerate app secret if compromised
|
||||
- [ ] Delete/deactivate applications
|
||||
|
||||
## Technical Notes
|
||||
- Current client has `id: ''` placeholder (TODO in code)
|
||||
- Need Application model in database
|
||||
- App credentials similar to OAuth client credentials
|
||||
- Validate redirect URIs to prevent open redirector attacks
|
||||
- App ID should be included in JWT claims
|
||||
|
||||
## Related TODOs
|
||||
- `ts_idpclient/classes.idpclient.ts:30` - `id: '', // TODO`
|
||||
Reference in New Issue
Block a user