This is why most apps that do use such services use more than one. Lots of modern sites have buttons for “Login with Google”, “Login with Facebook”, “Login with Apple”. None of them want to lose access to the user data and analytics they get from these services — so I doubt one is going to jump into cutting you off or requiring payment while the others are still free.

It would take all of these services to (illegally) coordinate to suddenly start charging — and of all of them I don’t see that being in the interest at all for Apple. Apple’s login service uses Touch and Face ID on their devices, and is part of the selling point for those devices (extremely easy logins with no password). They’re not making their money off Single Sign-On (SSO) login services — they make their money off selling devices, and they make the case for selling these devices in large part by selling “simplicity”.

So if you’re worried today about a login service yanking the rug out from under you, you just implement many/all of them. It’s not significantly more work — all of them are based off OAuth — so long as your website or app can authenticate via OAuth you just need to use the APIs each company provides to implement the authentication, and you’re done.

Nothing them stops you as you get bigger form implementing your own login/authentication service — and if you ever get big enough, you too can offer it as a service for other websites.