App rejected due to Facebook login

Sorry to say, you app is very poorly designed if it requires a sign-in of any kind to restore

previously entered profile data. Unless, the app actually makes use of services on an

external server which is account based, there is zero reason to need or even require

a user to sign-in or authenticate themselves to your app. You meantioned analytics

those features are supposed to be tied to your developer ID with those analytics not

end user IDs. Read your agreements on using Google Analytics and others most of

them require YOUR ID. As for the demo account, it takes seconds to setup when you

submit, then you just need to create it on your end. Why should review staff have to

create an account they likely will never use again? You expect too much in this case.

To the others whining about this "problem" read what I said above. If your app does

not require account based features, your app DOES NOT NEED Google, FaceBook,

Twitter, Linkdin or any other external authorization. If it does use account based

features, such as posting messages/comments on FaceBook/Twitter/etc. it may.

If all it does is post pictures or videos that can already be shared from the photos

app with the account they've already likely setup in the FaceBook and other apps on their

device then you don't need that authentication. The system already handles

it automatically.

Those mentioning Uber and similar apps, have obviously never actually used those apps.

They require you to setup an account WITH a credit card number and a lot of personal

information. That account setup takes place outside of the app by the way...

Actually, both Uber and Lyft have full user enrollment built into the app. All they provide is an alternate method of authentication. Uber provides an email based auth system, if you decide to use it (otherwise Facebook). Lyft offers a sign in using your phone number, if you decide to use it (otherwise Facebook). Both apps collect your personal identification information from within the app itself, though they also have a website interface to perform that function as well.

Pokemon Go accepts Google OAuth, or an email/password combination (Pokemon Trainer Club).

None of these apps are designed to be 'social' in any real way. They literally use social networks for auth and advertising.

Tell me more about how Apple's stance on this is somehow logical.

This is ridiculous.

My app has an optional server sync feature, which is based on user's Facebook ID. This ID is unique for your Facebook App, so you can never know who the user really is, nor use this ID for anything else. Just authentication. I don't even ask any user profile data, and Apple is requiring to implement further social features.

I could use iCloud to sync? Yeah, but I want people being able to access their data in other devices than just Apple's.

It's my app, my architecture, and I'm not forcing users to do login to user my app, nor requiring permissions I'm not using in the app. Why, really, why create trouble with this?

Email login is slow, dumb, you need to create a registration screen, forget password screen, change password screen.. people often forgot the login method they first used, creating a new user for the new auth method. It *****, and I don't want to implement it like this.

RLKing, it's precisely people with brainless heads like you, which happened to be the app reviewers, made this so hard. Who on earth says I can't use facebook login if I don't plan to use facebook functionality? Who are you to say their app is poorly designed?

Same problem

In the hope this may be of help to someone:

In Apple's IPV6 environment the Facebook OAUTH process is making a call to

https://staticxx.facebook.com/common/referer_frame.php

In a hybrid App environment where you might be wishing to isolate OAUTH from other URL calls this will cause issues.