Hi everyone,

I don't have a clear idea of what "sign in management" means in the following new certification criteria:

"2.3 For authenticated transactional channels (SVOD, TVOD, and other subscription services): Channels must allow account sign up and sign in management to be completed on the device, without visiting an external webpage. Channels may not include links to off-device promotional and marketing materials."

It can't just mean "sign in" can it? Is Roku outlawing the common practice of users going to a web site and entering a pairing code as used by Amazon, Netflix, iPlayer, etc? There are technical reasons why this exists, not least that we can't do 3rd-party OAuth sign-ins (Facebook etc) on STBs.

(Does it mean signing out? Surely we don't need a new term for that.)

"On-device authentication", is apparently mandatory now, so I'm guessing it's the same thing.

https://developer.roku.com/en-gb/docs/developer-program/roku-pay/signup-best-practices.md

"Certification requirement: All SVOD and TVOD channels (and other subscription services) must implement On-device authentication."

But "On-device authentication" seems to conflate registering with subscribing, and authentication with entitlement. It's perfectly possible for a user to have an account on a service but no entitlement to content. It should be posssible to register without subscribing (maybe we've got some free stuff but only if you give us your juicy PII, dear user.)

Has anyone figured out what this all really means, and how to handle it?

All constructive suggestions welcome! (Yes we probably will have to talk to RPS but actual developer experiences are valuable to know about.)