I'm having the same issue (missing nonce claim in the id_token), but only when signing in with Safari and using "Continue with Touch ID". If I click "Use a different Apple ID" and go through the web UI sign-in, the nonce claim is there and the sign-in succeeds. It also works in other browsers on MacOS and Windows.Signing in with touch ID is convenient but having to skip the nonce validation seems to violate both Apple's documentation (as noted above) and the OpenId Connect spec (https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation).
.02
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution
Last seen
User for
Post
Replies
Boosts
Views
Activity
Tech support responded that this is a known issue without a known workaround, and I should submit a bug report. Perhaps others who see this issue should do the same, at https://feedbackassistant.apple.com.
Thanks, this is now working correctly with the latest macOS update, 10.15.3 (19D76).