[ChrisMarshallNY]

SiA is quite secure, but on my end, it could be quite insecure. It's basically an SSO-type thing.

The workflow is a bit different from the standard login ID/password entry. You use a "Sign In With Apple" button that the OS provides, and that has its own on-device (and cloud) credential generation.

I was not optimizing for the button. There's no need for a user ID, if you are using SiA, so I should not have presented that field to users. Also, some credentials are only available at generation time, and have to be maintained by the app (securely, in the keychain).

That behavior can get reflected in the UI, and may be confusing to folks.

SiA is the only SSO solution we use. I won't use anyone else's code for that stuff, and we keep all user data inside the app. We also don't collect very much.