So yes, Sign In with Apple is a good thing for user privacy, and will be a better user experience overall.

Is Apple using their position as gatekeepers of the App Store to force adoption of "Sign In with Apple"? Yes. Is this a bad thing? No. Does this affect you if you don't use an iOS device? No. Does this benefit people who have an iOS device? Yes.

Will we see other OAuth providers follow suit and start randomizing email addresses and user IDs returned to apps? I hope so! Ironically, Facebook first started doing this a few years ago when they launched app-scoped user IDs.

Anyway, if you're curious about what this will look like, I wrote a sample app that uses Sign In with Apple so you can see how it works. developer.okta.com/blog/2019…

That is all. Thanks for listening.

Now I would just love to have a quick guide for using Apple Sign In as an Okta generic oidc inbound provider. Is this possible already ?

I actually just got this working last night!

Do you know where you can find the .well-known/openid-configuration on the apple url? Do they even use it?

I haven't found it yet. I wouldn't be surprised if they just don't have that endpoint

So talked with the Apple engineers here at WWDC: They don't have that endpoint, they also will not expose user_info or a revocation endpoint. The user_info will only be sent once and only once then you will only get a unique id again. Only scopes available now are name and email