September 30, 2019
Mr. Craig Federighi
Senior Vice President of Software Engineering
One Apple Park Way
Cupertino, CA 95014
RE: Apple Successfully Implements OpenID Connect with Sign In with Apple
Dear Mr. Federighi,
As you are likely aware, on behalf of the OpenID Foundation Board of Directors, I published an open letter to you June 27, 2019 addressing the concerns we had with Apple’s implementation of OpenID Connect in the Sign In with Apple implementation.
We identified the set of differences between OpenID Connect and Sign In with Apple and highlighted those in an open document. This document has since been updated to include changes your team made in your implementation of OpenID Connect. We applaud your team’s efforts in quickly addressing the critical security and compatibility gaps identified and successfully implementing them while Sign In with Apple is still in beta.
Now users will no longer be limited to where they can use the service and they can have confidence in their security and privacy. Furthermore, Sign In with Apple is now interoperable with widely available OpenID Connect Relying Party software. Apple, like others, can utilize the OpenID Connect Self Certification Test Suite to further test and improve the Sign In with Apple implementation.
Note that there are still some peculiarities identified in the open document. While these are not security issues, addressing them would make it even easier to use Sign In With Apple with existing OpenID Connect libraries. For instance, providing a discovery document would make it easier for existing software to be configured to use Sign In with Apple. We encourage your team to continue working through the issues identified.
On behalf of the OpenID Foundation Board of Directors, I thank you and Apple for efficiently executing your updates. This is an important achievement for Apple, users of Sign In with Apple, and the digital identity community.
OpenID Foundation Chairman
On behalf of the Board of Directors of the OpenID Foundation