There are some issues with Apple's "Sign In with Apple" scheme (emphasis added):
OpenID Foundation said:Open Letter from the OpenID Foundation to Apple Regarding Sign In with Apple
Dear Mr. Federighi,
The OpenID Foundation applauds Apple’s efforts to allow users to login to third-party mobile and Web applications with their Apple ID using OpenID Connect.
Over the course of the last decade, OpenID Connect was developed by a large number of companies and industry experts within the OpenID Foundation (OIDF). OpenID Connect is a modern, widely-adopted identity protocol built on OAuth 2.0 that enables third-party login to applications in a standard way.
It appears Apple has largely adopted OpenID Connect for their Sign In with Apple implementation offering, or at least has intended to. Known differences between the two are tracked in a document managed by the OIDF certification team, found here: https://bitbucket.org/openid/connec...-in-with-Apple-differs-from-OpenID-Connect.md.
The current set of differences between OpenID Connect and Sign In with Apple reduces the places where users can use Sign In with Apple and exposes them to greater security and privacy risks. It also places an unnecessary burden on developers of both OpenID Connect and Sign In with Apple. By closing the current gaps, Apple would be interoperable with widely-available OpenID Connect Relying Party software.
Therefore the OpenID Foundation invites Apple to:
The OpenID Foundation and the community at large would appreciate Apple’s feedback.
- Address the gaps between Sign In with Apple and OpenID Connect based on the feedback.
- Use the OpenID Connect Self Certification Test Suite to improve the interoperability and security of Sign In with Apple.
- Publicly state that Sign In with Apple is compatible and interoperable with widely-available OpenID Connect Relying Party software.
- Join the OpenID Foundation.
Thank you for your consideration.
OpenID Foundation Chairman