Hacker News new | past | comments | ask | show | jobs | submit login

You're welcome to add non-social logins. The constraint is that if you add any social logins, you also have to support Apple Sign-In.

There is no requirement that you only support apple sign-in, you just aren't allowed to require user's to sacrifice their privacy to use your app.

This is a big deal. One of the reasons services are so keen to require e-mail addresses from users with social logins is so that, if they drop that login service for whatever reason, users can recover access to their accounts using their email address. (A few major sites have done this recently, if I remember rightly.) This effectively eliminates that safeguard. They're not just forced to implement Apple Sign-In, but to make themselves dependent on it forevermore in a way that cautious companies have avoided.

What's a social login, though. At what point is Instagram using facebook a social login or not (it's the same company).

This isn’t a fuzzy abstract line-in-the-sand thing; social logins are specific libraries, and either you’ve got those libraries in your app or you don’t.

If Instagram is using https://developers.facebook.com/docs/facebook-login/ with the little “log in with Facebook” button, it’s a social login. If they have their own proprietary way to do it in-house, it’s not, and not subject to Sign In With Apple.

That easy.

It's not that easy. Instagram belongs to facebook. So logging in with facebook is not strictly a "social login". Same with Tinder, IIRC they only had facebook login, to piggyback on the fb profile. That's not really social as in "chose one of those providers".

If it "chose provider" then yes, apple could shove in their own with the pretense of user privacy, while it is painfully obvious that it's just leveraging their appstore control to grab market.

Not even OAuth can be unambiguous. I can have a single OAuth login. That could be myself as provider, or leveraging some other provider, which could be more or less connected to my app.

I'm guessing olliej meant OAuth provider. FB and Google are the leading ones, so people implement those. Sign in with Apple is one as well.

The comment is saying you're free to implement your own auth mechanism using plain ol email or a phone number, but you also have to support Sign in with Apple

Indeed, technically it's any OAuth provider, but in reality how many

a. actual users have a non-FB/Google OAuth identity

b. apps have something other than google or facebook login?

I've literally never encountered an app that had anything other than google or facebook for their oauth login. The only site I ever encountered that used something different was stack overflow a decade ago, and I recall them killing it off or at least complaining about it.

I suspect that the reality is that in a regular user's experience Google and Facebook login are the only ones they've ever encountered.

We also offer LinkedIn, GitHub, Yandex and (soon) WeChat. Most users actually use LinkedIn, but we are a recruitment firm so the stats are biased, but it's not true that only Google and FB are the options offered everywhere, at least not in this part of the world.

GitHub is a provider that I use to sign in to some sites.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact