Basically, my app and any other app using Constant Contact's OAUTH login screen will get rejected unless the following are removed:
I spoke to Steve Rea from Apple's Developer relations and he explained it all in a lot of detail and I can forward his email replies to anybody at Constant Contact that wants to see proof.
Thank you for bringing this to our attention. I also got your email sent to our webservices email address. We are looking into this, and will provide an update when we have more information.
Thanks for reporting this. We've investigated it on our end and we are indeed in violation of rule 11.13. We are looking into how we need to change our OAuth/Login flow to comply with this rule. While the intention of your use of our OAuth is certainly not to allow selling of our application and selling our application is in no way related to your applications function with OAuth, Apple has recently become far more strict in their enforcement of rule 11.13 and we are now in violation of that rule.
Once we have additional information about how and when we will have a fix for this, we will be sure to get that out to our developer ecosystem. We are working with our rep at Apple to ensure we have a complete understanding of everything needed to be in compliance and will make sure that we are in no way an impediment to your app being approved in the future.
We have identified everything we need to fix and are currently planning to release the fix during our next scheduled code release, which is currently set for Thurs morning of his week. It's worth mentioning that one of the problems is with the Yahoo! login page, not Constant Contact, so while we are working with Yahoo! to address this issue on their side, we are likely going to have to remove them as a login option until they have fixed the issue on their end as well. This should have minimal impact to most Constant Contact customers since this is a very new way to sign up for Constant Contact but we do apologize for this inconvenience.
I was informed that the fix was live and the releas is out there, however I am still able to replicate the Yahoo! login problems as well. Will work with our engineering staff to check on this.
After speaking with my product team, they are working with Yahoo! to resolve the issues on the Yahoo! page. I unfortunately do not have any ETA on this being resolved since it does involve a 3rd party doing work.
So are you guys going to leave both the Facebook and Yahoo buttons on there? apple told me that those two buttons were reasons why my app got rejected.
is there any way to have a temporary login page up that hides those links until Yahoo fixes their end?
In working with Apple, the violations with rulle 11.13 were not the inclusion of those links but what was available to an end user on some of those final pages. Rule 11.13 specifies that an appliction can not link to a website in a web client which allows for signup outside of the Apple billing system. The facebook login flow does not allow a user to sign up, only to log into an existing account and is not subject to that rule.
Our forgot password page was subject to that rule since we incorrectly included a "Sign up" button on that page (which we have removed). Now our OAuth page only allows users to log into an existing Constant Conact account, not create a new one.
The Yahoo! login page has a link in their header which directs a user to their main page, which does allow a signup outside of the Apple billing system. This is the only remaining 11.13 violation in our OAuth page. That is the item we are working with them to resolve, which we are in active discussions to work through.
I'll continue to pass on your feedback to our product team and will update if I have any additional information from them. As of this time, we still don't have an ETA.
Thx for the feedback. I might have to go to a backup plan and use basic authentication temporarily until the problem is resolved with yahoo
So, I got accepted on the App Store using basic authentication. I know that's being deprecated and I assume it can go away at any time...
Any update on when a new login page will get deployed? I see there's a new page at login.constantcontact.com but it still has a Sign Up For Free button that will cause any developer to get rejected by the App Store (I'm an expert on getting rejected for this :) )
We made some modifications to the OAuth login page in late July that eliminated eliminated the option to create a new Constant Contact account from our forgot password page, and have also now removed the Yahoo! login option, so I believe our OAuth login page should no longer cause App Store rejection.