At WWDC 2019 earlier this month, Apple unveiled its new Sign In with Apple platform, which gives users a privacy-friendly alternative to sign in platforms from Facebook and Google. This week, however, the OpenID Foundation is questioning some of the decisions Apple made for Sign In with Apple.
The OpenID Foundation is a non-profit organization with members such as PayPal, Google, Microsoft, and more. The OpenID Foundation controls numerous universal sign-in platforms using its OpenID Connect platform:
OpenID Connect was developed by a large number of companies and industry experts within the OpenID Foundation (OIDF). OpenID Connect is a modern, widely-adopted identity protocol built on OAuth 2.0 that enables third-party login to applications in a standard way.
In a public letter to Craig Federighi, the OpenID Foundation writes that Apple has “largely adopted” OpenID Connect for Sign In with Apple, but that there are some notable differences. The foundation argues that the differences between Sign In with Apple and OpenID Connect limit the places customers can use Sign In with Apple and poses security and privacy risks.
The differences between OpenID Connect and Apple’s platform are being tracked here, where privacy and security risks are also detailed.
The current set of differences between OpenID Connect and Sign In with Apple reduces the places where users can use Sign In with Apple and exposes them to greater security and privacy risks. It also places an unnecessary burden on developers of both OpenID Connect and Sign In with Apple. By closing the current gaps, Apple would be interoperable with widely-available OpenID Connect Relying Party software.
To resolve these issues, the OpenID Foundation is calling on Apple to close the gaps between Sign In with Apple and OpenID Connect, publicly state that Sign In with Apple is interoperable with OpenID Connect, and join the OpenID Foundation.
You can read the full open letter here.