The Problem With “Login with [put your favorite service here]”

Apple & Fortnite’s Battle of Wills

I read an article from The Verge that was headlined “Epic says ‘Sign In with Apple’ will keep working for Fortnite after all.” Wait Wait... Rewind...Whats going on? Here we are at the beginning of Epic’s epic battle (get it? 😅). The company behind Fortnite, is now in a battle of wills with Apple because Epic think a 70/30 split of all profits made on the App Store is unfair for what the Apple Community provides. Epic has been fighting with Apple to get them to treat their developers and the development community better both from a financial and app development policy standpoint. That’s besides the point and not what I’m writing about, but good background information for whats next.

Fast forward a little, and here we are in the middle of the battle of wills, Apples removed Epic’s developers license, and all vestiges of Fortnite. Apple was (and might still) go one step further and remove the “Log In with Apple” so any user who had logged in with Apple’s IDP (Identity Provider) will no longer be able to log in to their accounts using the Log In with AppleID method, and would have to wait for the developer to instigate a new method of login.

Why is this a Problem?

Why is this such a big problem? IDP’s are inherently powerful and useful for developers & IT managers and the general user. My brother who works as a software dev (and is a pretty good one at that) always talks about the pain points of securely creating a login system. Whenever he tells me that four letter word “auth” I about have a fit because it takes so long to do it right. That’s where IDP’s come in handy. For developers, they can just point to Google, or Apple, or Facebook, do some fancy work connecting the IDP to their system and be done with the login part without wasting valuable time to create their own. It also benefits the user because they don’t have to create yet another account to login to another service.

What if the IDP’s get picky AFTER they let a developer use the “login with” feature for an app or user? Of course they can get picky, its their service. But IDP’s will have to be careful of how they let politics or disagreements get in the way of the service they provide. An IDP pulling support can wreak a lot of havoc on a users ability to login to services as it might make the user think they lost all their data, or force the user into a worse user experience. The developers might have to do some potentially complicated and less secure method to allow a user to login, like what Epic is making its users do. Or think of this scenario, you haven’t used a service in years, and decide to login, and now the IDP that you chose is no longer there. Now you have to find out how to reconnect your account or worse, just not use the service anymore.

While the issue with Epic and Apple might blow over, I believe IDP’s will become a lot more prevalent in our ever-connected world. They will have to be careful of how they exert their power. It might make users become wary of using an IDP because they will have been burned by services that pull the plug on their ability to access their data. It might make developers try to create their own login system, which can be inherently insecure. Or it could make a user no longer use a service because they don’t agree with the IDPs methodology.