[ulfw]

How will this work if I use non-Apple products (and GOD BEWARE !) move from say an iPhone to an Android or an overpriced Macbook to a PC?

Once I chose to use Apple-Sign In will I be locked into the ecosystem? Will there be 'Apple-Sign In' for Android?

[alanh]

this is the same problem you get from any identity provider — what happens when you finally delete your facebook? — it's just more obvious with Apple. With a 97% satisfaction rate, most iPhone users don’t want to go anywhere else… but yes, if you want to stay free, you should always create credentials directly with any app or service you use, when possible.

That said, the concept of "Apple Sign-In" for Android and other platforms is an interesting one, not likely in the short term, but possible someday!

[gwright]

I'm speculating here, but Apple Sign-In for Android would work just fine if the sign-in process was based on an OAuth flow where the credentials are entered into a web form. From the limited details I've seen that sounds like how Apple Sign In will work.

A service supporting alternate identity providers via OAuth (Facebook, Twitter, Google, Github) via a flow like this shouldn't have trouble with Apple Sign In from a web page, iOS app, or Android app.

[jaakl]

It is not about deleting accounts or moving over. Heavy user has multi-device setup, I use Android tablet, iPhone, Mac and sometimes PC, some appliances like Synology with bundled apps also. Nowdays even my printer has online sign in, for file sharing apps. I expect same account to work everywhere. If they provide reasonable platform-independent email solution, it may work.

[swish_bob]

Yes, but while I can choose to log in with facebook, or google, or whatever, it appears that Apple are mandating that app providers use the Apple sign-in, which means app users no longer get to choose.

Unless I'm misunderstanding what the mandatory part is.

[oarsinsync]

They are mandating that if you offer any other authentication provider (e.g. Facebook, Google, etc), that you have to offer Apple sign-in as an option as well.

The option is mandatory. End users using it is optional.

[swish_bob]

If the policy is "if you offer one or more authentication providers, you must include Apple sign-in", while it's still a little harsh, I think it's much more defendable and reasonable.

[sturgill]

Only if they grandfather existing apps. We made the decision a long time ago to support FB login. That decision now requires us to either stop having an app in iOS, remove FB login (which a good portion of people use exclusively), or implement a new authentication provider _that won't work for people that already have an account with us_.

Again, the tech is fine. The strong-arm is indefensible.

[gwright]

Why would someone already authenticating via an existing identity provider be affected by you adding an additional identity provider?

If you support FB login now and decided to add Google, for example, that doesn't require your existing FB users to do anything different. It should only affect new users who are creating an account and choosing to use the new provider. Wouldn't that be the same for Apple Sign In?

Note, I'm not taking a position on the strong arm tactics, just pushing back on your claim regarding existing users being affected by a new identity provider. That doesn't sound right to me.

[danielscrubs]

You can always choose another platform to develop for if you want to screw the customer over.

[aaronbrager]

It’s a standard SSO flow with JWT token and a REST API. Any website or Android app can add it.

[toyg]

I expect the disposable email will end up in Keychain, and you can export from there. Not the most user-friendly thing, but doable. Well, at least on a Mac.

[icebraining]

Sites should allow you to add extra authentication methods; if they don't, that's not Apple's fault.