XPost: misc.phone.mobile.iphone
From: mariasophia@comprehension.com
Posted here to keep all the technical answers together in one thread.
That way, this serves as a reference vehicle for how iOS actually works.
Tyrone wrote:
>>> You have "explained" what you believe is happening, with links that say no
>>> such thing.
>>>>
>>>> Since you claim the explanation given is "bullshit", if you think iOS
works
>>>> differently than described, then you should state how you think it works.
>>>
>>> YOU are stating "how you think it works". A link YOU provided describes
how
>>> it actually works.
>>
>> Hi Tyrone,
>>
>> You keep asserting that "iOS does NOT require you to login multiple
>> times" and that it "is YOUR apps" doing this, but you have not actually
>> described a technical model of what you think is happening inside iOS.
>
> A link that YOU PROVIDED describes it:
>
>
>
> "User interaction is required any time a new identity token is requested.
User
> sessions are long-lived on device, so calling for a new identity token on
> every launch, or more frequently than once a day, can result in your request
> failing due to throttling."
>
> Do you EVER read the links you post?
Hi Tyrone,
Yes, I read that link. I gave it to you long ago as one of many links.
You're quoting a document that describes a very specific thing:
It describes one thing about iOS and only one thing about iOS.
*Sign in with Apple for third-party apps:*
Your claim that it describes everything possible about iOS isn't correct.
You're confused. Very confused.
The fact you repeatedly misuse that link shows how confused you are.
The sentence you quoted is explicitly scoped to a single flow:
"User interaction is required any time a new identity token is
requested. User sessions are long-lived on device, so calling for a
new identity token on every launch, or more frequently than once a
day, can result in your request failing due to throttling."
A few important points you're glossing over in your confused state:
1. Scope of that document
That page is about Sign in with Apple as used by third-party apps
via the AuthenticationServices framework.
It is *not* a description of:
a. iCloud account tokens
b. App Store / Apple Media Services tokens
c. iMessage / FaceTime (IDS) authentication
d. Find My / FMIP credentials
e. activation / Activation Lock credentials
etc.
In your confusion, you are treating that one OAuth-style identity
token as if it were "how iOS authentication works" globally.
It's not. And clearly Apple does not say that in that document.
2. What the quote actually says
The quote is talking about what *apps* should do when they use
Sign in with Apple:
a. User interaction is required any time a new identity token is
requested.
b. Sessions are long-lived on device.
c. Calling for a new identity token ... more frequently than once a
day ... can result in your request failing due to throttling.
That is guidance to app developers so they don't spam the user with
sign-in prompts and get throttled. It does *not* say this is the
sole token used by the OS for everything, nor that other internal
Apple services behave the same way.
The fact you think it does is a problem only you can resolve internally.
3. Your claim versus what I'm describing
You keep saying:
a. "iOS does NOT require you to login multiple times.
It is YOUR apps."
b. "A link YOU PROVIDED describes how it actually works."
That link describes *one* identity token used in *one* sign-in
flow. It does not prove that:
A. iCloud, App Store, IDS, Find My, and activation share that same
token, or
B. there are not multiple internal authentication domains with their
own credentials and expirations.
At most, the link says if an app abuses Sign in with Apple and
keeps asking for fresh tokens, the user will get prompted and the
app can be throttled. That is compatible with my point that
different services/tokens can independently produce prompts.
4. What you still haven't done
You keep asserting "iOS does NOT require you to login multiple
times" and that it's "YOUR apps", but you have not provided any
technical model of:
a. how you think the system Apple ID tokens for iCloud, App Store,
IDS, Find My, and activation are structured, or
b. how, under your model, a device behaves if those credentials age
and the user refuses every password prompt for years.
Saying "this link proves it" when the link is clearly scoped to
Sign in with Apple for third-party apps is not a technical model.
If you believe that the Sign in with Apple identity token is the single
token used for *all* Apple services on the device, then please quote
where Apple states that explicitly.
The page you cited does not say that. It describes the behavior of one
specific API, not the entire authentication architecture of iOS.
Until you can spell out how you think the rest of the services work,
we are still at the point where you are asserting every claim is
"bullshit" without you actually providing any technical explanation.
Remember, I have tested the system. I not only know how it works, but I've
documented how it works. Specifically, I "remember": how it works.
You do not as you are the only one claiming it doesn't ask for your
password. Everyone else (even Chris at one point) "remembered" it does.
Because... it does.
That's how iOS works.
It's DIFFERENT from all other common consumer operating systems that way.
The question is why?
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
