> PyPI could integrate with Google/Microsoft/Apple as an authentication system (OAuth?).

PyPI supports "trusted publishing,"[1] which provides a variant of this: it doesn't replace a user identity, but instead allows a platform (currently just GitHub, but support for others is on the way) to mint API tokens on a project's behalf.

Binding PyPI identities to well-known IdPs would address some of the problems here, but also introduces new ones: it creates a new kind of account lockout state (users who lose access to their IdP service, for whatever reason), introduces regulatory and data collection concerns, may prove excessively restrictive to users in countries with filtered Internet access, etc.

[1]: https://blog.pypi.org/posts/2023-04-20-introducing-trusted-p...

And all of these is already a thing for nuget?

All the spam I receive directly from gmail.com accounts kind of disproves your point.

That's what Rust does, you can only register with crates.io with a GitHub account.