What you need to know
- OpenID Foundation has responded to Sign in with Apple updates
- The foundation had criticized Apple about security and development concerns
- Chairman Nat Sakimura praises Apple's responsiveness but still wants more
When Apple announced Sign in with Apple at WWDC 2019 in June, the company's privacy-focused login service, everyone was excited about the idea that you could sign up for an app without exposing your personal information. However, the feature had some fundamental flaws that were brought to light by the OpenID Foundation in an open letter written by its Chairman, Nat Sakimura. The letter criticized Apple's implementation of Sign in with Apple as it restricted its availability, opened users to security issues, and left an undue burden on developers:
"The current set of differences between OpenID Connect and Sign In with Apple reduces the places where users can use Sign In with Apple and exposes them to greater security and privacy risks. It also places an unnecessary burden on developers of both OpenID Connect and Sign In with Apple. By closing the current gaps, Apple would be interoperable with widely-available OpenID Connect Relying Party software."
Now, Nat Sakimura has written a new open letter to the company, praising their efforts to close the gaps identified in the first letter, but still points out a number of improvements that can be made. Reported by AppleInsider, the OpenID Foundation chairman expresses gratitude in Apple's efforts to address the group's original concerns while Sign in with Apple is still in beta:
"We applaud your team's efforts in quickly addressing the critical security and compatibility gaps identified and successfully implementing them while Sign In with Apple is still in beta. Now users will no longer be limited to where they can use the service and they can have confidence in their security and privacy."
The group has updated the original document that listed the concerns they had with Sign in with Apple to reflect the improvements that have been made, but they point out that there is still progress to be made:
"Note that there are still some peculiarities identified in the open document. While these are not security issues, addressing them would make it even easier to use Sign In With Apple with existing OpenID Connect libraries. For instance, providing a discovery document would make it easier for existing software to be configured to use Sign In with Apple. We encourage your team to continue working through the issues identified."
These improvements to implementing Sign in with Apple will hopefully also help developers, who also expressed concerns around Apple's original policy that would require the option if your app offers social sign-in services like Facebook or Google. Apple has since rolled back some of those requirements too, so it is good to know the company is listening and acting fast to make sure the feature is great for both developers and their customers.