[api]

> hasn't been burned yet

The latest basket in which everyone is putting all their eggs is federated login using one of a few giant tech companies (mostly Google) as OIDC providers.

Should I bother saying "I told you so" when these providers start arbitrarily blocking access to peoples' apps for stupid reasons (e.g. policy enforcement bots), abusing login privileges to harvest user data off other platforms (after silently amending their EULAs to give themselves permission to do this), or charging for the right to log into your stuff?

My money is on the last one happening in the next few years. "After January 1st of next year, the use of your Google|Apple|Facebook account to log into third party services will require a subscription..." Why wouldn't they want to collect a tax on every SSO login?

While I doubt major providers are actually abusing login credentials to access third party services (yet?) I'm sure they are gathering all the data they can on who logs into what, from where, and how often. It's a privacy nightmare, but nobody cares about privacy. Nobody will care until they are inconvenienced.