My interpretation is that the rule applies to using a third party service to create the identity you use for your own service, vs. actually logging into the service.
e.g.
* You have a forum that needs a per user identity, but you recognize that managing account login information securely is challenging, and the most cost effective solution is to offload on a separate authentication service (Google, Facebook, etc)
vs
* You're a 3rd party mail client for gmail, and you app is actually signing into the third party service itself.
Of course I'm sure all of this will be clearly and unambiguously explained by release :-/
e.g.
* You have a forum that needs a per user identity, but you recognize that managing account login information securely is challenging, and the most cost effective solution is to offload on a separate authentication service (Google, Facebook, etc)
vs
* You're a 3rd party mail client for gmail, and you app is actually signing into the third party service itself.
Of course I'm sure all of this will be clearly and unambiguously explained by release :-/