Hi everyone. I've been mulling over the problem many of you have been having about apps being rejected due to regulation 17.2 and Facebook login mechanisms and I think I've figured it out at least partially: it's about privacy. Using solely the Facebook API for account management enables developers to access all sorts of stuff on people's Facebook profiles, even if the app doesn't really need it. And since there is no way to use the app without providing access to a Facebook profile and all of the personal information contained inside it, a Facebook-only authentication is a privacy violation under regulation 17.2. The way I see it, it's less about the login and more about privacy.
It could just be Apple paranoia about devs accessing users' information through a mechanism other than their own tightly guarded systems, but honestly, I think that's a good thing.
Part of it might also be, as donarb suggested in https://forums.developer.apple.com/thread/16384, that users were getting frustrated at the proliferation of apps that simply used Facebook login instead of implementing their own systems.
