Game Center login API only accepts player ID to authenticate a player. Since the ID is unique per Game Center account and can never be changed, if it was ever compromised for a person, someone else can log in to any PlayFab-managed game on behalf of the person. This is a big problem, since the situation is out of control of the game developer - even if they take measures to protect the ID, it may have been already compromised long time ago, and the user cannot take actions to change it.
Apple provides means to avoid that problem with the help of generateIdentityVerificationSignature() method. To support it, PlayFab API would have to additionally accept 5 more parameters: bundleID, publicKeyUrl, signature, salt, timestamp.
Is there a reason why secure login is still not supported? That looks like a must-have for the service.