Support Sign in with Apple

[hikemaniac]

The OpenStreetMap website currently allows signing in with several third party providers including Google, Microsoft, Wikipedia, GitHub, Yahoo, etc... Apple recently launched "Sign in with Apple" as their login framework, so it might be worth some consideration to add it as well, especially since it's seemingly gaining popularity quickly - I've already seen it adopted by many different services.

Docs:

• Sign in with Apple JS
• Sign in with Apple REST API

As it's apparently necessary to be enrolled in the Apple Developer Program to use the software :confused:, I'm not even sure if we can use their framework. I just wanted to put this forward as a heads-up so feel free to dismiss this if it's not worth the implementation effort or we can't comply with their conditions.

[tomhughes]

Before anybody thinks about working on this LWG need to decide if the terms are acceptable - we got bitten by that with twitter where it was implemented and then couldn't be deployed.

[tomhughes]

Good news is that here is an omniauth plugin, which is what actually matters rather than technical documentation.

[migurski]

Rambly thought about 3rd-party auth: people often have accounts with several of the offered providers and it’s not always easy to remember which one you used to link an account. I have been confusedly locked-out or forgotten by sites like Stackoverflow in the past because I wasn't sure which provider I’d originally chosen, and I have heard from others that this is a common problem. There’s not often a good way to remember which 3rd party’s logo you clicked the last time you logged in to something.

Suggestion: can we set a long-lasting cookie that remembers the chosen provider? Here’s a basic picture of what that might look like:

[danieldegroot2]

Suggestion: can we set a long-lasting cookie that remembers the chosen provider?

@migurski This is off-topic for this issue. Open a new issue, in order for it to be tracked.

[HarelM]

Hi, any updates on this? I'm using OSM in order to allow users to login to my app that allows some basic editing. The app supports iOS and it seems that Apple is requesting the ability to login using the apple identity to their apps. Let me know if there's a way for me to help push this forward / testing / debugging etc...

[tomhughes]

I'm happy to write the code to do it but first LWG need to review and T&C's and ensure they are legally acceptable to us. I was bitten before spending time to do twitter login only for LWG to reject it on legal grounds.

I suggest you contact legal@osmfoundation.org and ask if somebody can review - if you can pin down exactly what we will have to agree to in order to get a client ID to use then will obviously help them.

[HarelM]

Thanks for the info and the fast response! I've sent them a mail and added the following link which is talking about the legal aspect of this, as far as I understand: https://www.apple.com/legal/privacy/data/en/sign-in-with-apple/ I'm very bad with legal stuff :-)

[tomhughes]

I think that's more aimed at people using it to sign in rather than what developers have to agree to in order to make use of it.

[HarelM]

You're probably right. I don't know where to start then. I found this: https://developer.apple.com/sign-in-with-apple/get-started/ Which leads to developer program license agreement, which is too wide I think: https://developer.apple.com/support/terms/ IDK...

[kathleenlu09]

I believe this is the relevant section:

Sign In with Apple, Sign In with Apple at Work & School: 3.3.54 You may use Sign In with Apple or Sign In with Apple at Work & School in Your Corresponding Products only so long as Your use is comparable to including Sign In with Apple or Sign in with Apple at Work & School, respectively, in Your Application. You may not share or sell user data obtained through Sign In with Apple or Sign In with Apple at Work & School to advertising platforms, data brokers, or information resellers.  If a Sign in with Apple user has chosen to anonymize their user data as part of Sign In with Apple, You agree not to attempt to link such anonymized data with information that directly identifies the Page 30 Program Agreement  individual and that is obtained outside of Sign In with Apple without first obtaining user consent.

From (https://developer.apple.com/support/downloads/terms/apple-developer-program/Apple-Developer-Program-License-Agreement-20220606-English.pdf)

I'm not sure if an anonymized attempt to log on to OSM would simply fail. If it does, I think that would be okay. Beyond that, I see no issues with the terms.

[mmd-osm]

@tomhughes : did you plan to create a PR for https://github.com/tomhughes/openstreetmap-website/commit/376fe79ffa078a2873866e9553648cff12c00196 ?

[tomhughes]

I assume I did and I wasn't sure why I hadn't but I think I may now...

I rebased that last night and fixed things up for all the login/signup changes that have happened since but it doesn't look like I ever got far as testing it against Apple.

So I tried to signup for an Apple ID in order to register the credentials needed to test it and that's where the fun started because it seems that my email is associated with a disabled Apple ID already (though I have no memory of creating one) so it won't let me register or do a password reset.

Anyway I now (after much pain) have a support case open with Apple that they have had to escalate to engineering to try and figure out what's going on!

[tomhughes]

So I do now have an Apple ID but apparently to register an app that can be used to implement sign in with Apple I have to join the developer program which costs £79 a year. So I think that's a hard no for this now.

[HarelM]

Is there a way I can help with this?

[tomhughes]

Is there a way I can help with this?

What did you have in mind?

[HarelM]

I have an apple developer account I'm paying for, does it help in any way?