Apple SSO requires compatibility mode for Omnivore, Todoist

phildenhoff

I'm documenting this for other users searching for why Apple SSO doesn't work as much as I am reporting this bug to be resolved.

Steps to reproduce:

Using a different browser, sign up for Omnivore or Todoist with an Apple account (Apple SSO)
Within Orion, open omnivore.app and attempt to sign in with your Apple account.
Once you've put in username + password, nothing happens. You will not see the prompt "Do you want to continue to omnivore?"

Safari works, demo videos below. Compatibility mode also resolves this, but it wasn't until I was working through submitting the bug report that I learned that it exists or that I should try it.

Expected behaviour:

Once you've put in your credentials on the Apple website, you should be prompted to continue, and then be redirected to your site of choice.

Orion, OS version; hardware type:

Version 0.99.125-beta; MacBook Pro (macOS Sonoma 14.0 beta build 23A5312d)

Image/Video:

Orion (non-compatibility mode)

Safari

Vlad

phildenhoff Most likely (I am guessing) one of your installed extensions interefered with the SSO flow (uBO?) which is why it starts working after you enable compatibility mode. You can verify this by disabling them one by one and trying to find the one respoinsbile.

We can not control for what extensions people install and what they do do the web page which is why we included the compatibility mode.

So my questions are:

How do we make Compatibility mode more prominent?
What else would you do in our shoes?

phildenhoff

Good point, I tested again on a new profile with no extensions, and the SSO flow still didn't work. However, when I disabled only "Enable Content Blockers", then the flow works correctly.

To your questions, I think I would take some inspiration from Chrome and occasionally break features in favour of compatibility. You could potentially relax (or outright disable) content blockers on appleid.apple.com. You'd likely have to manually maintain a list, but it would be invisible for users. For users that prefer the occasional broken website to losing privacy, you could include a control to disable that automatic relaxing. Of course, you could also do this in reverse, allowing users to opt-in to that invisible disabling of content blockers in favour of a browser that Always Works™.

In terms of compatibility mode, one option would be letting users know when they're on websites for which there have been (any) feedback reports against. Something like "Users often report issues with this website on orionfeedback.org. Enable compatibility mode?" Of course, if you have telemetry on where compatibility mode is enabled, this would be even easier.