Sign in with Apple
Sign in with Apple is a single sign-on provider operated by Apple Inc., introduced on June 3, 2019 at Apple's 2019 Worldwide Developers Conference (WWDC) in iOS 13.[1]
Type | Single sign-on provider |
---|---|
Launch date | June 3, 2019 |
Platform(s) | iOS, Android, Web (JavaScript) |
Status | Active |
Website | Official website |
It is designed to allow users to create accounts for third-party services with a minimal amount of personal information (as opposed to login services offered by social networking service platforms such as Facebook, where such features may also grant the third-party service access to personal information tied to their account), only requiring the user to provide a name and email address.
Users can opt for the email address associated with their Apple ID or choose the "Hide My Email" option to generate a disposable email address specific to the service; these addresses end in the privaterelay.appleid.com domain.[2] Messages sent via a disposable (or relay) email address are automatically forwarded to a verified email address of the user's choice, and this function can also be disabled if needed.[3][4] The service is compatible[5] with the OAuth 2.0 and OpenID Connect standards, and integrates with Face ID and Touch ID on iOS, iPadOS, and macOS.[6]
Usage in software development
On September 12, 2019, Apple updated the App Store Review Guidelines to stipulate that developers whose apps use at least one third-party login service must implement Sign in with Apple, with exceptions for apps that function exclusively as a client for a specific service (such as the Twitter app), that use a login service backed by a citizen identification system, or that are developed to work exclusively with a company's first-party login service.[7]
Apple recommend (but not stipulate) in its human interface guidelines that the Sign in with Apple button be given due prominence over other third-party login services within user interfaces.[8]
For use outside of iOS apps, Apple also offers a JavaScript library to implement Sign in with Apple on Android and the web.[4]
Reception
Upon its unveiling, the OpenID Foundation issued a letter to Apple, stating that the service was not fully compliant with the OpenID Connect specifications. One of its exclusions was Proof Key for Code Exchange (PKCE)—whose absence exposed users to possible replay attacks and code injection vulnerabilities. In October 2019, it was announced that Apple had made the service compliant with OpenID Connect.[9][5]
References
- Brandom, Russell (June 3, 2019). "Apple announces new sign-in tool to compete with Facebook and Google". The Verge. Retrieved June 4, 2019.
- "Hide My Email for Sign in with Apple". Apple Support. Apple Inc. Archived from the original on April 23, 2020. Retrieved May 23, 2020.
- "Manage the apps you use with Sign in with Apple". Apple Support. Archived from the original on May 23, 2020. Retrieved May 23, 2020.
- Perez, Sarah. "Answers to your burning questions about how 'Sign In with Apple' works". TechCrunch. Retrieved June 13, 2019.
- Wuerthele, Mike. "'Sign in with Apple' better but not perfect, says OpenID Foundation head". AppleInsider. Retrieved May 5, 2020.
- "App Makers Are Mixed on 'Sign In With Apple'". Wired. ISSN 1059-1028. Retrieved May 5, 2020.
- "New Guidelines for Sign in with Apple - News - Apple Developer". developer.apple.com. Apple Inc. Archived from the original on May 23, 2020. Retrieved May 23, 2020.
- "Buttons - Sign in with Apple - Human Interface Guidelines - Apple Developer". developer.apple.com. Apple Inc. Archived from the original on May 23, 2020. Retrieved May 23, 2020.
- Cimpanu, Catalin. "OpenID Foundation says 'Sign In with Apple' is not secure enough". ZDNet. Retrieved May 5, 2020.