Ō̴̡̨͍͕̠̹̘͖͓̭̝̰̖͉̬̫͍̝̰̟͖͖̞͇̟̻̫͇̠̯̋̋̂ͅͅA̷̡̧͎̫̬͖̠͍̼̗̠͊̉̏̓̈́̂̀̈́͆͘͜uth @oktadev oauth.wtf oauth.net 🎥 livestreaming youtube.com/aaronpk aaronpk.tv 💛 #indieweb 🐘🦋
Portland, Oregon
Joined April 2008
- Tweets 11,388
- Following 1,223
- Followers 6,415
- Likes 9,609
This does *not* mean that Apple is requiring every app to use Sign in with Apple. This does not mean that apps that want to manage your Google Calendar will have to also add Sign in with Apple.
1
1
4
Sign In with Apple is a *good thing* for users! This means apps will no longer be able to force you to log in with your Facebook account to use them.
1
1
4
Now you may have heard people concerned by this clause from the new App Store Review Guidelines:
> Sign In with Apple [...] will be required as an option for users in apps that support third-party sign-in when it is commercially available later this year.
1
2
Once an app knows your Twitter username or your email address, they can sell it to advertisers, or track your activity across other apps. Apple's approach provides a unique scrambled email address to the app, preventing this.
1
2
4
Over the years, apps started to use OAuth to identify users because it's a quick way to find out and verify someone's Twitter/Facebook/etc account without having them type it in. This turned out to be bad for users' privacy:
1
2
Those use cases are more along the lines of what @OAuth_2 was originally intended for: letting apps access your account without giving them your password.
1
4
This is distinctly different from the case where an app wants you to sign in with your Google account so that it can manage your calendar. Or sign in with Snapchat to apply a filter to your profile picture.
1
3
Most of the time the way apps use OAuth providers is just to identify users. This is designed to be an alternative to using Facebook/Twitter/Google for that purpose.
2
1
Yes, Apple is entering the OAuth ecosystem as a new identity provider. Turns out every iOS user already has an Apple account, so why not enable users to sign in with an account they already have?
1
3
tl;dr This is a good move for users in the iOS ecosystem, and is primarily designed as an alternative for apps that currently use "Sign in with [Facebook/Twitter/Google]" to avoid leaking sensitive user info.
1
1
3
Let's clarify some of the misunderstandings around Apple's new "Sign In with Apple" feature announced at #WWDC19, a thread:
6
20
3
41
Confirmed. I was able to create a brand new Apple ID, enroll a Google Voice phone number for 2FA, and never touch this account from an iOS device.
2
6
I honestly don't know. But also keep in mind this is primarily designed for logging in to iOS apps, so ppl can log in with their Apple account instead of their Facebook account, which is a win for user privacy.
That's not how it works. It works like every other OAuth flow, you click the button and are redirected to Apple to sign in. Here's a full walkthrough with screenshots: developer.okta.com/blog/2019…
1
5
Alright, if you are curious about "Sign In with Apple," I walk through exactly how it works and what it looks like in this post.
developer.okta.com/blog/2019…
#WWDC19 #OAuth #AppleID
34
4
87
It's just OAuth. Sign In with Apple isn't limited to mobile apps. Here's a demo of doing it in a web app. github.com/aaronpk/sign-in-w…
I've been testing out the new API and it's definitely OAuth/OpenID Connect. But it's true that this will add more work for developers, both just getting this set up and also dealing with a new kind of account identifier.