Hacker News new | past | comments | ask | show | jobs | submit login

This makes perfect sense from their standpoint - especially since they've had similar problems to what they outline with Facebook sign-in and are now dropping that as well. This is also a win for Apple & end-user privacy, as there's one less app using FB's login feature now.

I think Sign in with Apple is a great step forward even if all it does is eliminate apps that require Facebook and/or Google accounts to log in. I hate that - I actually ran into a feature on my mesh router system that required a FB/G login, which made it a useless feature for me. Fortunately I didn't need it..

For my last two companies (both B2B), I implemented login via Google accounts only. Google login has a number of advantages:

1) Identity is an email address. If I wanted to rip out Google, or Google kicked me off the platform, all I need to do is add passwords and put a "forgot my password" link and my customers continue business as usual.

2) It's not a google-specific email address. You can create Google accounts for any email address.

3) Google login effectively lets other businesses federate their auth system with ours. When they terminate their ex-employee's @example.com account, the employee loses access to their resources at my company.

I don't think you could get away with this for a consumer company; too many people have strong feelings about FB/G/Apple/whatever. But it's fantastic for B2B.

For #2. You can use any email address for an iCloud account also.

point 3 is only true for G Suite customers - if someone is on O365 and signs up for Google normally with their company account, they can access that email after their company turns off access to the email unless they also specifically reset the Google password.

To be fair - you end up with G Suite, Okta or O365 endpoints for B2B. Apple isn't even on the radar there.

#1 is only sort-of true. You can get access to their current email, yes, but the email can change and you should be keying by the Google account ID really.

Can you educate me on what you mean by Google accounts only? I thought Google auth was just OAuth.

They have chosen to have their site or app only allow login with Google accounts, they don't support any other form of authentication.

It's a choice they made, nothing specific to Google or OAuth.

I use the Google sign in javascript:


There may be other options if you want to mess with oauth yourself, but this one is pretty near zero effort.

I've never seen an app that required a FB or Google login. It was always possible to use email+password.

Lucky you! I've run into lot of these apps offering only FB/Google sign in. Or offering mobile number only login. For e.g. I like playing scrabble and Scrabble Go only support FB login so I'm playing only as Guest user for months now.

Mobile number login is even worse! Why do I need to share my mobile number for something where you don't need to have it!

I think a lot of services use mobile number login as a way of bot-limiting; harder to create lots of phony email addresses than phone numbers. But it's still a pain in the butt :(

> harder to create lots of phony email addresses than phone numbers

I think you got this the wrong way around.

Mobile number login is common for apps from China as large number of Internet user there only have a mobile phone, no desktop and no email. Its the only way to verify account.


Their whole point was that you could be confident the people were real because they were tied to a real Facebook account.

https://tailscale.com/ requires it, as do many other apps that explicitly "don't want to become identity providers and would rather offload that burden to someone else".

Tailscale supports other SSO providers, too. https://tailscale.com/kb/1013/sso-providers

Yup, FWIW I think their selection is great, I was just using them as an example of a company that chose not to provide any in-house email+password option.

For a time I believe Spotify required a FB login. I recall not using it early on because I couldn’t create an account without connecting it to FB.

Pokemon Go's account own doesn't work. Even if you manage to create that account, it won't log you in. With Google account it works as expected. I tried to create two Pokemon Go accounts, gave up and created a Pokemon Go only Google account for child's playing. It has worked a few years.

When did you have this issue? My account is tied to my Google account because on launch the Go servers were completely inundated and the account creation was just constantly failing but using a Google account allowed you to skip that step and start playing.

This was the first month of Pokemon Go years ago. I haven't heard of it being an issue lately but I also haven't needed to create an account in a very long time.

I think the first time was around the spring 2017. I could create an account, use the credentials to log in, but trying on several days the game never started. There was some "please wait" kind of screen and waiting for hours didn't help. With a Google account things worked right away.

And a bit over a year the same thing happened. New Pokemon Go account -> log in -> no game. With Google account has been working since.

So, my experience is two tries in the span of two years it did not work.

Pokemon Trainer Club accounts (what you thing of as "Pokémon Go accounts", even though they're used for other Pokémon services) in the past were more buggy than Google accounts, but for at least the past two years I have had no more trouble with my account than my friends who have Google accounts. Additionally, they created a feature where you can link Google/FB to your PTC login so if it does go down in the future you can log in with those other services if you wish.

CalTopo[0] doesn't support email+password. It's one of the few websites I use that doesn't support it, but an unfortunate number of mobile apps don't either.

[0]: https://caltopo.com/map.html

Many (> 5-ish?) years ago, Spotify required Facebook login

Yep, that in specific made me hold off on deleting my Facebook for a couple of years. About 2 years ago I noticed you could just click ‘forgot password’ and unbind them.

I’ve gotten rid of Facebook, but now my account name is just a bunch of numbers.

DnDBeyond only has these types of logins and does not allow email+password

PUBG mobile requires either FB or G+. No option for email+pass.

I mean it can be better for privacy if you think about Google/Facebook loging. But it will prevent adding all third party login services, potentially even ones that are more privacy respecting than Apple.

Also there are cases where a "sign in with <particular provider>" is the only option that makes sense because you really want to integrate with the API of this provider. Take for example a "sign in with GitHub". Or in case of services correlated, take for example Instagram where you obviously can sign up with a Facebook account.

I'm more for letting the developer choose what it prefers for authenticating the user and not having a authentication system that gets imposed by Apple.

I think Apple does allow apps to limit social sign in options where it makes sense. So for example, an email app could have sign in with Google, Microsoft, and Yahoo! but not Apple.

Icloud mail is a thing

Yes I know, I used email apps as an example because I've seen Apple say that email apps would be exempt from Sign in with Apple previously.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact