At WWDC 2019 which was held earlier this month, Apple announced a new Sign In with Apple privacy-focused login feature that will allow macOS Catalina and iOS 13 users to sign into third-party apps and websites using their Apple ID.
“The OpenID Foundation applauds Apple’s efforts to allow users to login to third-party mobile and Web applications with their Apple ID using OpenID Connect,” the letter begins, elaborating that Connect is a “modern, widely-adopted identity protocol built on OAuth 2.0 that enables third-party login to applications,” and was “developed by a large number of companies and industry experts” within the Foundation.
It also cautioned that several differences remain between OpenID Connect and Sign In with Apple that could potentially put users’ security and privacy in jeopardy.
The current set of differences between OpenID Connect and Sign In with Apple reduces the places where users can use Sign In with Apple and exposes them to greater security and privacy risks. It also places an unnecessary burden on developers of both OpenID Connect and Sign In with Apple. By closing the current gaps, Apple would be interoperable with widely-available OpenID Connect Relying Party software.
Sign in with Apple offers Apple users a better and convenient way to log into apps just like they would with Google and Facebook accounts but tight privacy checks in place. When it gets implemented, all apps that offer third-party logins are required to also offer Sign in with Apple buttons. Testing of Sign in with Apple will start later this summer ahead of iOS 13’s fall launch window. The technology is intended to be a more privacy-focused alternative to sign-in buttons from the likes of Facebook, Google, and Twitter, but Apple has been criticized for making support mandatory if those third-party options are present.