On your iOS device, you are logged in with one Apple ID at a time. This Apple identity is the one that makes In-App Purchases ("IAPs"). So if a user makes a purchase in your app signed in as "bob", and then logs out of your app and signs in as "alice", they still have that IAP. Therefore, the simplest, most correct way to have an app with IAPs and third party auth is to exclusively use Sign In With Apple, because Sign In With Apple is tied to your device's currently signed in Apple ID and all of its IAPs.
Apple account is not the same as login with Apple. IAPs have always been tied to the Apple account. It’s a pain in the ass to handle all the cases. It’s not any easier on Android either.
Right, but Sign In with Apple is tied to your Apple account. I have no way to make an IAP autorenewable subscription and tie it to “bob” in my system. It’s tied to the iOS Apple account.
You can’t tie it to bob. You have to look at the receipt and reward from that. So bob logs in you look at the receipt and bobs your uncle you have the subscriptions.
And then what if, on your service, `bob` signs out and `alice` signs in? Then `alice` not only has `bob`'s subscriptions, but she also can't buy her own.
Apple has supported switching between multiple user accounts on a device for years, but since you're not a school or a company, you can't have it. Buy four iPads.
Technically, you still have that capability. After the user is authenticated with their Apple ID, you can present a profile to provide username/password/email.
Yep, but then all username/password/emails that log on using that device share the same subscription IAPs—namely, those that belong to the Apple ID that's sign in to iOS.
I have a Patreon page and a recipe in Zappier that sends new Patreons to Mailchimp. It seems Patreon allows to Login with Apple, because a few of my Patreons used it but never received any newsletter (it's one of the perks). I checked and it was because the email address that Patreon received and tried to send to Mailchimp failed. I lost a few Patreons because of this, because they thought I never sent the newsletter to them.
>I checked and it was because the email address that Patreon received and tried to send to Mailchimp failed. I lost a few Patreons because of this, because they thought I never sent the newsletter to them.
AFAIK apple's private relay only accepts mail signed by the corresponding developer. In other words, no third party can use the private relay address.
As a developer it was a pretty exotic experience. Their OAuth service is unlike any other big name provider I'd used. Some day soon I hope to open source my Apple backend integrations in TypeScript, because Apple provides no backend SDKs, at least not for Node/JS/TS.
Lots of people seem to use Sign In With Apple, though. They make it really nice for the user. The email relay thing is pretty neat.
The thing that troubles me with OAuth is that if you don't provide apps with some other way to sign in and you lose access to you OAuth account, you lose access to all your applications.
As with others, I trust Apple to safeguard this information waaaay more than constantly rolling the dice with shady app publishers every time I sign up to something.
That I can sign up to TikTok with "Sign in with Apple", with an auto-generated Apple Privacy email address and literally no other information, is quite amazing and useful.
I’m not sure what your point is. This is unavoidable for any company subject to FISA or you know, laws.
I care far more about companies like Google and Facebook taking my information and using it in tracking and advertising, or selling it to whomever wants to pay for it for whatever reason to build a profile about me and using that to take advantage of me.
On that front, I trust Apple far more than any of the other options. They’re using it as a competitive advantage and it’s working.
Where does it say that this information was provided on demand without a warrant? The only exception to a warrant requirement is a FISA letter, and all US persons are required by law to respond to those.
And in terms of NSLs, they only turned over data for under 500 of them so far this year (and it could be a lot fewer since the bucket size is 1-500).
I recall having to provide this around 2013 or so around the time I got an iPhone 5. But possibly it was part of their credit card verification? That could explain why some have been asked and not others.
Apple forces you to use in-app purchases, Apple forces you to stick with their crippled browser ecosystem, it has no compatibility outside of Apple. Their protocols for messaging and device interop are closed-source; they have tech that tracks all your devices + these new beacons, and all your devices are those beacons too.
You are more heavily tracked under Apple than you are in any other system. Did you think your iphone would be a location tracker for another device?
It’s only required to use Sign In with Apple if you use other third party logins—which wouldn’t be possible with your scenario anyways since you couldn’t do an oauth dance if you don’t own the private key.
Only if you allow login with other 3rd party login services. Honestly this seems pretty reasonable so apps are guaranteed usable even if you don’t have a Facebook or Google account. There are apps that only have social logins what with the “outsource your auth” marketing a few years back.
As a user, no it’s not bullshit or diabolical, it’s a godsend. I’m glad they enforce it, saving me from handing out my email and a ton of other info to every random app I want to try for a while.
Only predatory devs would complain against this rule, and I won’t miss them.
