Aaron Parecki

• Jeena
• Michael Runcieman
• Sebastiaan Andeweg
• Jonathan LaCour
• Jack Jamieson
• Eddie Hinkle
• Jesse Holden
• Jesse Holden
• Craic Em
• Yuriy Dybskiy 🍁
• Yuriy Dybskiy 🍁
• Heather Downing
• Heather Downing
• Yuriy Dybskiy 🍁
• Heather Downing
• Tom
• Nate Barbettini
• Chris
• Mathew Packer
• Johannes Ernst
• Nate Barbettini
• Johannes Ernst
• Randall Degges
• André Neves
• Matt Raible
• Michael Warkentin
• Farasath Ahamed
• Dan Masters – OhMDee.com
• krishna.natarajan
• Pawan Shah
• Ben Swennen
• Pawan Shah
• Varrun Ramani
• Vijet
• Vijet
• Mike Macomber
• Stephan Heuel
• Karthick Solaimalai
• Karthick Solaimalai
• Dan Masters – OhMDee.com
• Rick Kelly
• Zack Turner 🌍
• Kevin Fennelly
• Eric Young
• Dan Masters – OhMDee.com
• Ivan Dwyer
• Jeremiah Rhoads Hall
• Farasath Ahamed
• Farasath Ahamed
• ✨ Leena 👑 Kamath ✨
• Eddie Hinkle
• Eddie Hinkle
• Con Calma
• Zhao Xiaohong
• William Huang
• Akshay Aurora
• Aditya Thebe Limbu
• kazuki229
• kazuki229
• Randall Degges
• Aditya Thebe Limbu
• kyle cesmat
• Simon Moffatt
• Dhawal Kapil
• Robert Scoble
• Bret
• Pudding
• Josh Reich
• shine a light
• Eric Young
• Eric Young
• Eric Young
• Ben Basche
• Douglas Barbin
• Eric Young
• Eric Young
• Mark Rogowsky
• Doug Carroll
• Luigi Mazzon
• Andy Aude
• Nicolas Hoizey
• Eddie Hinkle
• Eddie Hinkle
• Michael Simon
• john gravois
• Simon Rice
• Greg Barbosa
• Greg Barbosa
• Greg Barbosa
• Greg Barbosa
• Greg Barbosa
• stacy-marie ishmael
• Warren Lyle Garcia
• Шурик
• Greg Barbosa
• Jen Howes
• mrcs
• Simon Rice
• Simon Rice
• Simon Rice
• Шурик
• Шурик
• Nikolaos Pavlou
• john gravois
• Matt Bepler
• nils rydh
• Michael Macnair
• Gustavo J Gallardo
• Morten André Lines
• Cobun /ˈpɹaɪ.və.si/ Keegan
• Yash Mulki
• Arjun
• Eric Young
• Eric Young
• Eric Young
• Eric Young
• Eric Young
• Eric Young
• Eric Young
• Eric Young
• Eric Young
• Eric Young
• Eduardo Pontes
• Michael Woodburne
• Greg Barbosa
• Mandi Knox 🇺🇸 🏳️‍🌈
• Irshad PC
• Irshad PC
• Irshad PC
• Irshad PC
• Irshad PC
• Irshad PC
• Irshad PC
• Irshad PC
• Irshad PC
• Irshad PC
• Irshad PC
• Irshad PC
• Irshad PC
• Irshad PC
• Irshad PC
• Irshad PC
• Irshad PC
• Rory Macdonald
• rabble

• Tim Chambers
• Tim Chambers
• Angélique
• Comandeer
• Mandi Knox 🇺🇸🏳️‍🌈
• Jeena
• Bert vd Lingen
• Chris B
• Eric Young
• Eric Young
• Eric Young
• Eric Young
• Arjun
• Chris S
• Scott Horne
• Gustavo J Gallardo
• Leonardo
• Jen Howes
• Karan Pandya @ WWDC 2019
• Justin Richer
• Karan Pandya @ WWDC 2019
• Karan Pandya @ WWDC 2019
• Fabien Arrault
• Simon Rice
• mmaha
• Felipe Ocadiz λ
• Nikolaos Pavlou
• @joachim@boitam.eu
• Even André Fiskvik
• Erick Merchant
• Nicolas Hoizey
• Eric Young
• Eric Young
• Bret
• Jonathan Berger
• Valerio Rossetti
• Tim Lopez
• Eric Young
• Himanshu Gupta
• Todd McKinnon
• Jeremiah Rhoads Hall
• Farasath Ahamed
• Farasath Ahamed
• Aditya Thebe Limbu
• Randall Degges
• Mario Panighetti ⭐️🌟💫

• Jeremy Keith

• Aaron Parecki twitter.com/aaronpk
  Nope, haven't found that yet! It's missing from their docs too. I'm going to keep playing with it though.
  Fri, Jun 7, 2019 7:39pm +00:00 (via brid-gy.appspot.com)
• Rory Macdonald twitter.com/tworymacdonald
  Nice write up 👍 Did you find the anti-fraud Real User Indicator capability surfaced using JS API? Available as credential.realUserStatus property in native.
  Fri, Jun 7, 2019 5:35pm +00:00 (via brid-gy.appspot.com)
• Irshad PC twitter.com/_irshadpc
  Fri, Jun 7, 2019 4:55am +00:00 (via brid-gy.appspot.com)
• Alex White twitter.com/NAlexWhite
  For the majority of sign in cases this randomised email is a great idea. There is one case for which it could prove problematic though - e-commerce websites which provider “customer care”. Typically customer emails CC and the email is looked up to identify the customer
  Wed, Jun 5, 2019 11:55pm +00:00 (via brid-gy.appspot.com)
• Jen Howes twitter.com/Jennifer_Howes1
  Great summary - cheers 👌
  Wed, Jun 5, 2019 5:58pm +00:00 (via brid-gy.appspot.com)
• mrcs twitter.com/pVt_m4sTeR
  Thank you! Nice summary ☺️
  Wed, Jun 5, 2019 5:42pm +00:00 (via brid-gy.appspot.com)
• Aaron Parecki twitter.com/aaronpk
  Yes that is my understanding reading their guidelines. Of course this remains to be seen how it will play out in practice.
  Wed, Jun 5, 2019 5:33pm +00:00 (via brid-gy.appspot.com)
• Simon Rice twitter.com/_SimonRice
  Excellent thread - just to clarify with another example since Google do identity & calendar - if my app needs OAuth to (say) read playlist data specifically from Spotify via their dev API & do nothing whatsoever user ID related with them, I don’t need “Sign In With Apple”?
  Wed, Jun 5, 2019 5:32pm +00:00 (via brid-gy.appspot.com)
• Nicolas Hoizey twitter.com/nhoizey
  On va peut-être remettre en cause l’utilisation de l’e-mail comme identifiant du coup, ce qui serait une bonne idée de toute façon.
  Wed, Jun 5, 2019 4:38pm +00:00 (via brid-gy.appspot.com)
• Nicolas Hoizey twitter.com/nhoizey
  La connexion via Apple permet justement d’éviter de donner des infos au service, donc l’app devra demander ces infos autrement.
  
  Cela permettra sans doute de montrer à l’utilisateur ce qu’il donne sans s’en rendre compte quand il utilise les autres.
  
  Je trouve cela positif.
  Wed, Jun 5, 2019 4:37pm +00:00 (via brid-gy.appspot.com)
• julien cadot twitter.com/juliencdt
  Ou alors ce dont je discutais avec le dev de MyCanal : l'utilisateur qui supprime son mail temporaire et qui a un abo cross device... passage au SAV obligatoire
  Wed, Jun 5, 2019 4:30pm +00:00 (via brid-gy.appspot.com)
• julien cadot twitter.com/juliencdt
  Quelques usecases me chiffonnent quand même. Exemple : tu lances une super app sociale qui a besoin d'user growth pour fonctionner. Pour le coup, un FB / Gmail / Twitter auth est pertinent. Tu choisis Apple auth : tu arrives sur une app... vide.
  Wed, Jun 5, 2019 4:29pm +00:00 (via brid-gy.appspot.com)
• Aaron Parecki twitter.com/aaronpk
  Yes it seems to be designed for authentication only. They do also return an OAuth access token and refresh, though I am not sure what you can do with that yet.
  Wed, Jun 5, 2019 1:46pm +00:00 (via brid-gy.appspot.com)
• Amirsh twitter.com/A_sharif90
  Sorry @aaronpk, I got a bit confused. Maybe my question is very simple, so the purpose of login with apple is for authentication or not? You called it Oauth provider as they don't have a user_info endpoint?
  Wed, Jun 5, 2019 1:44pm +00:00 (via brid-gy.appspot.com)
• Vijet twitter.com/vijetsetter
  Informative and precise. Kudos!
  Wed, Jun 5, 2019 5:19am +00:00 (via brid-gy.appspot.com)
• Daniele Vistalli twitter.com/DanieleVistalli
  Now I would just love to have a quick guide for using Apple Sign In as an Okta generic oidc inbound provider. Is this possible already ?
  Wed, Jun 5, 2019 4:52am +00:00 (via brid-gy.appspot.com)
• Aaron Parecki aaronparecki.com
  already did that myself 😉 https://aaronparecki.com/2019/06/04/23/sign-in-with-apple-misunderstandings
  Tue, Jun 4, 2019 5:16pm -07:00
• Thread Reader App twitter.com/threadreaderapp
  Hi the unroll you asked for: Thread by @aaronpk: "Let's clarify some of the misunderstandings around Apple's new "Sign In with Apple" feature announced at , a thre […]" #WWDC19 threadreaderapp.com/thread/1136025…
  See you soon. 🤖
  Wed, Jun 5, 2019 12:15am +00:00 (via brid-gy.appspot.com)
• Michael Warkentin twitter.com/mwarkentin
  @Threadreaderapp unroll
  Wed, Jun 5, 2019 12:14am +00:00 (via brid-gy.appspot.com)
• Haythem Tlili 🇹🇳🇫🇷 twitter.com/HaythemTlili
  Also Facebook lets you select what scopes you want to share from the ones requested by the third-party app.
  Tue, Jun 4, 2019 11:07pm +00:00 (via brid-gy.appspot.com)
• André Neves twitter.com/andreneves
  Thanks*
  Tue, Jun 4, 2019 10:44pm +00:00 (via brid-gy.appspot.com)
• André Neves twitter.com/andreneves
  Awesome. Going to read this now. Tha is for the link!
  Tue, Jun 4, 2019 10:44pm +00:00 (via brid-gy.appspot.com)
• Aaron Parecki aaronparecki.com
  It's more about providing easier options for users: https://aaronparecki.com/2019/06/04/23/sign-in-with-apple-misunderstandings
  Tue, Jun 4, 2019 3:42pm -07:00
• Aaron Parecki twitter.com/aaronpk
  It's still up to the app to provide the buttons. Check out the sample walkthroughs in that blog post.
  Tue, Jun 4, 2019 10:27pm +00:00 (via brid-gy.appspot.com)
• complexmix twitter.com/thatonehacker5
  It will be set as the default (knowing Apple) and will make all other options so inconvenient that apple users will essentially have one choice. Just like how you can use Chrome on iOS, but they make it as inconvenient as possible to avoid the POS that is Safari.
  Tue, Jun 4, 2019 10:26pm +00:00 (via brid-gy.appspot.com)
• Aaron Parecki aaronparecki.com
  In contrast: this forces app developers to provide users the choice between Apple or some other sign-in, rather than letting developers require just e.g. Facebook login.
  
  More: https://aaronparecki.com/2019/06/04/23/sign-in-with-apple-misunderstandings
  Tue, Jun 4, 2019 3:16pm -07:00
• Heather Downing twitter.com/quorralyne
  Thanks for talking. 😁
  Tue, Jun 4, 2019 9:49pm +00:00 (via brid-gy.appspot.com)

Other Mentions

• billbennett.co.nz

  At first sight sign-in with Apple looks like another attempt by a tech giant to collect user data.

  It isn’t. Apple aims to reverse that data collection.

  Facebook and Google offer single sign-in services. These are used to monitor people’s online activity.

  Single sign-in reduces friction as you move around on-line sites that ask for a log-in. It speeds things up. That’s important in an impatient world.

  Sign-in downsides

  The downside is that Facebook and Google get to learn a lot more about account holder online activity.

  You may view this as innocent, ominous or simply a tax paid to live in the digital world. You may not care.

  Other downsides are greater security and privacy risks. In the past single sign-on services have been hacked.

  Sign-in with Apple is different. It is more secure. There is built-in two-factor authentication support and anti-fraud detection.

  You can use it to sign-in to websites. It also works with iOS apps. That way you know the apps you use are not sharing your private data with someone you may not trust.

  Also, you choose if an app developer gets to see your email address. That’s optional.

  If you choose not to share, Apple generates a disposable email address for that app. If, say, the app developer starts spamming you, you can kill the email address and lose nothing.

  Sign-in with Apple works with Android phones and Windows computers, but you’ll get most from it if you have Apple hardware. It integrates with iOS and Apple Keychain. It also works with Apple TV and Apple Watch.

  Sign-in with Apple stays private

  There’s no lock-in. On the other hand, it might give privacy aware users who shop elsewhere another reason to consider Apple products.

  Apple insists app developers using the App Store offer the service if they offer the Google or Facebook alternative. Otherwise it is optional.

  At first I was wary of the idea. Now I’m keen. I’ve never used the Google or Facebook sign-ins and got used to doing things the slow, but more private, way. Now that’s unnecessary.

  Of course, you have to trust Apple when it says that it doesn’t interpret collected data or keep track of your log-ins.

  The difference here is that we know for certain Facebook and Google do this. Apple makes its money from hardware and services. Facebook and Google are all about surveillance capitalism.

  See: Let’s Clarify some Misunderstandings around Sign In with Apple • Aaron Parecki

  Related

  https://billbennett.co.nz/sign-in-with-apple/

  
  Sat, Nov 16, 2019 2:41pm +00:00 (via feedproxy.google.com)
• billbennett.co.nz

  At first sight sign-in with Apple looks like another attempt by a tech giant to collect user data.

  It isn’t. Apple aims to reverse that data collection.

  Facebook and Google offer single sign-in services. These are used to monitor people’s online activity.

  Single sign-in reduces friction as you move around on-line sites that ask for a log-in. It speeds things up. That’s important in an impatient world.

  Sign-in downsides

  The downside is that Facebook and Google get to learn a lot more about account holder online activity.

  You may view this as innocent, ominous or simply a tax paid to live in the digital world. You may not care.

  Other downsides are greater security and privacy risks. In the past single sign-on services have been hacked.

  Sign-in with Apple is different. It is more secure. There is built-in two-factor authentication support and anti-fraud detection.

  You can use it to sign-in to websites. It also works with iOS apps. That way you know the apps you use are not sharing your private data with someone you may not trust.

  Also, you choose if an app developer gets to see your email address. That’s optional.

  If you choose not to share, Apple generates a disposable email address for that app. If, say, the app developer starts spamming you, you can kill the email address and lose nothing.

  Sign-in with Apple works with Android phones and Windows computers, but you’ll get most from it if you have Apple hardware. It integrates with iOS and Apple Keychain. It also works with Apple TV and Apple Watch.

  Sign-in with Apple stays private

  There’s no lock-in. On the other hand, it might give privacy aware users who shop elsewhere another reason to consider Apple products.

  Apple insists app developers using the App Store offer the service if they offer the Google or Facebook alternative. Otherwise it is optional.

  At first I was wary of the idea. Now I’m keen. I’ve never used the Google or Facebook sign-ins and got used to doing things the slow, but more private, way. Now that’s unnecessary.

  Of course, you have to trust Apple when it says that it doesn’t interpret collected data or keep track of your log-ins.

  The difference here is that we know for certain Facebook and Google do this. Apple makes its money from hardware and services. Facebook and Google are all about surveillance capitalism.

  See: Let’s Clarify some Misunderstandings around Sign In with Apple • Aaron Parecki

  Like this:

  Like Loading...

  Related

  
  Sat, Nov 16, 2019 2:41pm +13:00
• M157q News RSS twitter.com/M157q_News_RSS
  Let's Clarify Some Misunderstandings Around Sign in with Apple
  aaronparecki.com/2019/06/04/23/…...
  Article URL: https://t.co/TCISn3DSdr... Comments URL: news.ycombinator.com/item?id=201280… Points: 100 # Comments: 2
  Sat, Jun 8, 2019 7:11am +00:00 (via brid-gy.appspot.com)
• Hacker News 100+ twitter.com/hackernews100
  Let's Clarify Some Misunderstandings Around Sign in with Apple aaronparecki.com/2019/06/04/23/…...
  Sat, Jun 8, 2019 7:11am +00:00 (via brid-gy.appspot.com)
• Marcel Salathé twitter.com/marcelsalathe
  Let's Clarify some Misunderstandings around Sign In with Apple aaronparecki.com/2019/06/04/23/…
  Sat, Jun 8, 2019 6:18am +00:00 (via brid-gy.appspot.com)
• Hacker News Robot twitter.com/hackernewsrobot
  Let's Clarify Some Misunderstandings Around Sign in with Apple aaronparecki.com/2019/06/04/23/…...
  Fri, Jun 7, 2019 8:43pm +00:00 (via brid-gy.appspot.com)
• Hacker News 50 twitter.com/betterhn50
  50 – Let's Clarify Some Misunderstandings Around Sign in with Apple aaronparecki.com/2019/06/04/23/…...
  Fri, Jun 7, 2019 8:40pm +00:00 (via brid-gy.appspot.com)
• Hacker News記事題日本語翻訳 twitter.com/hackernewsj
  Appleとのサインインに関する誤解を明確にしましょう aaronparecki.com/2019/06/04/23/…...
  Fri, Jun 7, 2019 8:38pm +00:00 (via brid-gy.appspot.com)
• Michael Bishop miklb.com/blog/author/miklb
  Link Roundup – June 5 2019
  Thu, Jun 6, 2019 5:30pm -04:00
• Carlos A Zepeda twitter.com/cazepeda
  “This is a good move for users in the iOS ecosystem, and is primarily designed as an alternative for apps that currently use "Sign in with [Facebook/Twitter/Google]" to avoid leaking sensitive user info.”
  
  aaronparecki.com/2019/06/04/23/…
  Wed, Jun 5, 2019 2:36pm +00:00 (via brid-gy.appspot.com)
• Adactio Links twitter.com/adactioLinks
  Let’s Clarify some Misunderstandings around Sign In with Apple • Aaron Parecki aaronparecki.com/2019/06/04/23/…
  Wed, Jun 5, 2019 9:00am +00:00 (via brid-gy.appspot.com)
• Baldur Bjarnason @baldur@toot.cafe twitter.com/fakebaldur
  “Let’s Clarify some Misunderstandings around Sign In with Apple • Aaron Parecki” aaronparecki.com/2019/06/04/23/…
  Wed, Jun 5, 2019 2:56am +00:00 (via brid-gy.appspot.com)
• Jacky Alciné v2.jacky.wtf
  » tl;dr This is a good move for users in the iOS ecosystem, and is primarily designed as an alternative for apps that currently use "Sign in with [Facebook/Twitter/Google]" to avoid leaking sensitive user info.Yes, Apple is entering the OAuth ecosystem as a new identity provider. Turns out every iOS user already has an Apple account, so why not enable users to sign in with an account they already have?Most of the time the way apps use OAuth providers is just to identify users. This is designed to be an alternative to using Facebook/Twitter/Google for that purpose.This is distinctly different from the case where an app wants you to sign in with your Google account so that it can manage your calendar. Or sign in with Snapchat to apply a filter to your profile picture.Those use cases are more along the lines of what OAuth was originally intended for: letting apps access your account without giving them your password.Over the years, apps started to use OAuth to identify users because it's a quick way to find out and verify someone's Twitter/Facebook/etc account without having them type it in. This turned out to be bad for users' privacy:Once an app knows your Twitter username or your email address, they can sell it to advertisers, or track your activity across other apps. Apple's approach provides a unique scrambled email address to the app, preventing this.Now you may have heard people concerned by this clause from the new App Store Review Guidelines:Sign In with Apple [...] will be required as an option for users in apps that support third-party sign-in when it is commercially available later this year.Sign In with Apple is a good thing for users! This means apps will no longer be able to force you to log in with your Facebook account to use them.This does not mean that Apple is requiring every app to use Sign in with Apple. This does not mean that apps that want to manage your Google Calendar will have to also add Sign in with Apple.Yes, this is a little additional work for app developers to support another OAuth provider, but is really not that different from supporting both Twitter and Facebook, or Snapchat and Instagram.At the end of the day, the benefit of signing in to apps is to be able to save stuff to your account so you can restore it later, and to get email notifications."Sign In with Apple" provides apps with both those features without revealing any more information about you than necessary.So yes, Sign In with Apple is a good thing for user privacy, and will be a better user experience overall.Is Apple using their position as gatekeepers of the App Store to force adoption of "Sign In with Apple"? Yes.Is this a bad thing?No.Does this affect you if you don't use an iOS device?No.Does this benefit people who have an iOS device?Yes.Will we see other OAuth providers follow suit and start randomizing email addresses and user IDs returned to apps? I hope so!Ironically, Facebook first started doing this a few years ago when they launched app-scoped user IDs.Anyway, if you're curious about what this will look like, I wrote a sample app that uses Sign In with Apple so you can see how it works.https://aaronparecki.com/2019/06/04/23/preview.jpgWhat the Heck is Sign In with Apple?Sign In with Apple is based on OAuth 2.0 and OpenID Connect, and provides a privacy-friendly way for users to sign in to websites and appsdeveloper.okta.comtl;dr This is a good move for users in the iOS ecosystem, and is primarily designed as an alternative for apps that currently use "Sign in with [Facebook/Twitter/Google]" to avoid leaking sensitive user info.Yes, Apple is entering the OAuth ecosystem as a new identity provider. Turns out every iOS user already has an Apple account, so why not enable users to sign in with an account they already have?Most of the time the way apps use OAuth providers is just to identify users. This is designed to be an alternative to using Facebook/Twitter/Google for that purpose.This is distinctly different from the case where an app wants you to sign in with your Google account so that it can manage your calendar. Or sign in with Snapchat to apply a filter to your profile picture.Those use cases are more along the lines of what OAuth was originally intended for: letting apps access your account without giving them your password.Over the years, apps started to use OAuth to identify users because it's a quick way to find out and verify someone's Twitter/Facebook/etc account without having them type it in. This turned out to be bad for users' privacy:Once an app knows your Twitter username or your email address, they can sell it to advertisers, or track your activity across other apps. Apple's approach provides a unique scrambled email address to the app, preventing this.Now you may have heard people concerned by this clause from the new App Store Review Guidelines:Sign In with Apple [...] will be required as an option for users in apps that support third-party sign-in when it is commercially available later this year.Sign In with Apple is a good thing for users! This means apps will no longer be able to force you to log in with your Facebook account to use them.This does not mean that Apple is requiring every app to use Sign in with Apple. This does not mean that apps that want to manage your Google Calendar will have to also add Sign in with Apple.Yes, this is a little additional work for app developers to support another OAuth provider, but is really not that different from supporting both Twitter and Facebook, or Snapchat and Instagram.At the end of the day, the benefit of signing in to apps is to be able to save stuff to your account so you can restore it later, and to get email notifications."Sign In with Apple" provides apps with both those features without revealing any more information about you than necessary.So yes, Sign In with Apple is a good thing for user privacy, and will be a better user experience overall.Is Apple using their position as gatekeepers of the App Store to force adoption of "Sign In with Apple"? Yes.Is this a bad thing?No.Does this affect you if you don't use an iOS device?No.Does this benefit people who have an iOS device?Yes.Will we see other OAuth providers follow suit and start randomizing email addresses and user IDs returned to apps? I hope so!Ironically, Facebook first started doing this a few years ago when they launched app-scoped user IDs.Anyway, if you're curious about what this will look like, I wrote a sample app that uses Sign In with Apple so you can see how it works.https://aaronparecki.com/2019/06/04/23/preview.jpgWhat the Heck is Sign In with Apple?Sign In with Apple is based on OAuth 2.0 and OpenID Connect, and provides a privacy-friendly way for users to sign in to websites and appsdeveloper.okta.comhttps://aaronparecki.com/images/profile.jpgAaron PareckiYes, Apple is entering the OAuth ecosystem as a new identity provider. Turns out every iOS user already has an Apple account, so why not enable users to sign in with an account they already have?Most of the time the way apps use OAuth providers is just to identify users. This is designed to be an alternative to using Facebook/Twitter/Google for that purpose.This is distinctly different from the case where an app wants you to sign in with your Google account so that it can manage your calendar. Or sign in with Snapchat to apply a filter to your profile picture.Those use cases are more along the lines of what OAuth was originally intended for: letting apps access your account without giving them your password.Over the years, apps started to use OAuth to identify users because it's a quick way to find out and verify someone's Twitter/Facebook/etc account without having them type it in. This turned out to be bad for users' privacy:Once an app knows your Twitter username or your email address, they can sell it to advertisers, or track your activity across other apps. Apple's approach provides a unique scrambled email address to the app, preventing this.Now you may have heard people concerned by this clause from the new App Store Review Guidelines:Sign In with Apple [...] will be required as an option for users in apps that support third-party sign-in when it is commercially available later this year.Sign In with Apple is a good thing for users! This means apps will no longer be able to force you to log in with your Facebook account to use them.This does not mean that Apple is requiring every app to use Sign in with Apple. This does not mean that apps that want to manage your Google Calendar will have to also add Sign in with Apple.Yes, this is a little additional work for app developers to support another OAuth provider, but is really not that different from supporting both Twitter and Facebook, or Snapchat and Instagram.At the end of the day, the benefit of signing in to apps is to be able to save stuff to your account so you can restore it later, and to get email notifications."Sign In with Apple" provides apps with both those features without revealing any more information about you than necessary.So yes, Sign In with Apple is a good thing for user privacy, and will be a better user experience overall.Is Apple using their position as gatekeepers of the App Store to force adoption of "Sign In with Apple"? Yes.Is this a bad thing?No.Does this affect you if you don't use an iOS device?No.Does this benefit people who have an iOS device?Yes.Will we see other OAuth providers follow suit and start randomizing email addresses and user IDs returned to apps? I hope so!Ironically, Facebook first started doing this a few years ago when they launched app-scoped user IDs.Anyway, if you're curious about what this will look like, I wrote a sample app that uses Sign In with Apple so you can see how it works.https://aaronparecki.com/2019/06/04/23/preview.jpgWhat the Heck is Sign In with Apple?Sign In with Apple is based on OAuth 2.0 and OpenID Connect, and provides a privacy-friendly way for users to sign in to websites and appsdeveloper.okta.com'" class="p-name" /> Jacky Alciné liked a post by Aaron Parecki. Published 2019-06-04T18:45:31.58634-07:00 by Jacky Alciné. Published using https://quill.p3k.io/images/quill-logo-144.pngQuill.
  Tue, Jun 4, 2019 6:45pm -07:00
• Kevin Marks twitter.com/kevinmarks
  Sign in with Apple is an "it me" model, not a "can I haz?" one, explains @aaronpk: aaronparecki.com/2019/06/04/23/…
  Tue, Jun 4, 2019 10:21pm +00:00 (via brid-gy.appspot.com)
• Yuriy Dybskiy 🍁 twitter.com/html5cat
  Sign in with Apple is very interesting – I've been waiting for something like that to come along for a while now. Hope they fix the 2FA on the same device bug though 🤷🏻‍♂️ https://t.co/lY5GYj7k7O
  
  Tue, Jun 4, 2019 9:57pm +00:00 (via brid-gy.appspot.com)
• Michael Bishop twitter.com/miklb
  Aaron is the smartest person I know on this subject.
  Tue, Jun 4, 2019 9:47pm +00:00 (via brid-gy.appspot.com)
• www.reddit.com
  Tue, Aug 30, 2022 9:38am -07:00