# idp.global User Stories

This directory contains user stories for the idp.global Identity Provider platform, organized by persona.

## Directory Structure

```
stories/
├── end-user/           # Stories for regular users (8)
├── organization-owner/ # Stories for organization admins (11)
├── developer/          # Stories for API/SDK consumers (8)
└── admin/              # Stories for platform administrators (8)
```

## Story Index

### End User (EU)
| ID | Title | Priority | Source |
|----|-------|----------|--------|
| EU-001 | [Multi-Device Login Sessions](end-user/EU-001-multi-device-login.md) | High | TODO |
| EU-002 | [Complete Password Reset Flow](end-user/EU-002-password-reset.md) | Critical | Incomplete |
| EU-003 | [View and Manage Logged-in Devices](end-user/EU-003-device-management.md) | Medium | TODO |
| EU-004 | [Enable Two-Factor Authentication](end-user/EU-004-two-factor-auth.md) | High | New |
| EU-005 | [Login with Social Providers](end-user/EU-005-social-login.md) | Medium | New |
| EU-006 | [Delete My Account](end-user/EU-006-account-deletion.md) | Medium | New |
| EU-007 | [View Login History](end-user/EU-007-session-history.md) | Low | New |
| EU-008 | [Upload Profile Avatar](end-user/EU-008-profile-avatar.md) | Low | New |

### Organization Owner (ORG)
| ID | Title | Priority | Source |
|----|-------|----------|--------|
| ORG-001 | [Sync Billing Plans with Users](organization-owner/ORG-001-billing-sync.md) | High | TODO |
| ORG-002 | [Invite and Manage Team Members](organization-owner/ORG-002-member-management.md) | Critical | Complete |
| ORG-003 | [Assign Roles to Members](organization-owner/ORG-003-role-assignment.md) | High | Partial |
| ORG-004 | [Customize Organization Branding](organization-owner/ORG-004-org-branding.md) | Medium | New |
| ORG-005 | [View Organization Usage Analytics](organization-owner/ORG-005-usage-analytics.md) | Medium | New |
| ORG-006 | [Configure SSO for Organization](organization-owner/ORG-006-sso-config.md) | High | New |
| ORG-007 | [View Organization Audit Logs](organization-owner/ORG-007-audit-logs.md) | Medium | New |
| ORG-008 | [Manage Subscription and Billing](organization-owner/ORG-008-subscription-management.md) | Medium | Enhance |
| ORG-009 | [Connect Global Apps](organization-owner/ORG-009-global-apps.md) | High | New |
| ORG-010 | [Browse and Install Partner Apps](organization-owner/ORG-010-app-store.md) | Medium | New |
| ORG-011 | [Create Custom OIDC Apps](organization-owner/ORG-011-custom-oidc-apps.md) | Medium | New |

### Developer (DEV)
| ID | Title | Priority | Source |
|----|-------|----------|--------|
| DEV-001 | [Create and Manage API Tokens](developer/DEV-001-api-token-management.md) | High | Partial |
| DEV-002 | [Comprehensive SDK Documentation](developer/DEV-002-sdk-documentation.md) | High | New |
| DEV-003 | [Configure Webhook Notifications](developer/DEV-003-webhook-events.md) | Medium | New |
| DEV-004 | [Proper App ID Initialization](developer/DEV-004-app-id-setup.md) | High | TODO |
| DEV-005 | [Register OAuth Client App](developer/DEV-005-oauth-client.md) | Medium | New |
| DEV-006 | [Understand API Rate Limits](developer/DEV-006-rate-limiting.md) | Low | New |
| DEV-007 | [Validate JWTs in My Application](developer/DEV-007-jwt-validation.md) | Medium | Enhance |
| DEV-008 | [Submit App to AppStore](developer/DEV-008-submit-partner-app.md) | Low | New |

### Platform Admin (ADM)
| ID | Title | Priority | Source |
|----|-------|----------|--------|
| ADM-001 | [Secure JWT Endpoints with Backend Token](admin/ADM-001-backend-token-security.md) | Critical | TODO |
| ADM-002 | [Suspend and Delete Users](admin/ADM-002-user-suspension.md) | High | Partial |
| ADM-003 | [Platform-wide Audit Logging](admin/ADM-003-global-audit-log.md) | High | New |
| ADM-004 | [Customize Email Templates](admin/ADM-004-email-templates.md) | Medium | New |
| ADM-005 | [Security Monitoring Dashboard](admin/ADM-005-security-dashboard.md) | Medium | New |
| ADM-006 | [Impersonate Users for Support](admin/ADM-006-user-impersonation.md) | Low | New |
| ADM-007 | [Manage JWT Blocklist](admin/ADM-007-blocklist-management.md) | Medium | Enhance |
| ADM-008 | [Manage Global Apps](admin/ADM-008-global-app-management.md) | High | In Development |

## Priority Summary

| Priority | Count | Stories |
|----------|-------|---------|
| Critical | 2 | EU-002, ADM-001 |
| High | 12 | EU-001, EU-004, ORG-001, ORG-003, ORG-006, ORG-009, DEV-001, DEV-002, DEV-004, ADM-002, ADM-003, ADM-008 |
| Medium | 14 | EU-003, EU-005, EU-006, ORG-004, ORG-005, ORG-007, ORG-008, ORG-010, ORG-011, DEV-003, DEV-005, DEV-007, ADM-004, ADM-005, ADM-007 |
| Low | 6 | EU-007, EU-008, DEV-006, DEV-008, ADM-006 |

## Source Legend

- **TODO**: Derived from TODO comments in codebase
- **Incomplete**: Feature exists but implementation is incomplete
- **Partial**: Infrastructure exists, needs completion
- **Enhance**: Feature works, could be improved
- **New**: New feature not currently in codebase

## Related Code References

Stories derived from code TODOs reference these files:
- `ts/reception/classes.jwt.ts:39`
- `ts/reception/classes.jwtmanager.ts:40,52`
- `ts/reception/classes.loginsessionmanager.ts:229-238,256`
- `ts/reception/classes.billingplan.ts:16`
- `ts_idpclient/classes.idpclient.ts:30`