# Proper App ID Initialization

**ID:** DEV-004
**Priority:** High
**Status:** Planned

## User Story
As a developer, I want to properly register my application with a unique App ID so that the identity provider can identify and configure my app correctly.

## Acceptance Criteria
- [ ] Developer can register new applications
- [ ] Each app gets unique App ID and App Secret
- [ ] Configure allowed redirect URIs per app
- [ ] Configure allowed origins (CORS) per app
- [ ] App-specific settings (token expiry, etc.)
- [ ] View app analytics (logins per app)
- [ ] Regenerate app secret if compromised
- [ ] Delete/deactivate applications

## Technical Notes
- Current client has `id: ''` placeholder (TODO in code)
- Need Application model in database
- App credentials similar to OAuth client credentials
- Validate redirect URIs to prevent open redirector attacks
- App ID should be included in JWT claims

## Related TODOs
- `ts_idpclient/classes.idpclient.ts:30` - `id: '', // TODO`