We have found the solution. You need to setup app links, set usePopup to false, and open the appleid logon page in Safari instead of the WkWebview of your app. Then after logging on or signing up, the redirect url will be openend in Safari. It will ask the user if you want to open the url in the app. When you do this, the id_token will be passed to the app and you will be able to logon or signup the user. For a more user friendly experience we are going to implement it a little bit differently. The redirect, complete with signup or logon, will be handled by safari. The user will be shown a page with readable status information and offered a one time handoff link to go back to the wkwebview of the app.

Yes, we have to same problem. The html popup window is also empty when you use the "usePopup: true" setting. However, when you use "usePopup: false", the non-native html logon window will function properly. Similar to when Firefox or Chrome is used to login.

And now it is not anymore... It looks like apple switches servers every now and then. When endpoint is working: $ dig appleid.apple.com +short appleid.idms-apple.com.akadns.net. 17.157.64.68 When the endpoint returns "Connection refused" $ dig appleid.apple.com +short appleid.idms-apple.com.akadns.net. 17.32.194.37 17.32.194.6 So it looks like there is some kind of ip-block for my dev server on 17.32.194.37 and 17.32.194.6. Any thoughts on who to contact to remove the ip-block?

At the moment the endpoint is reachable again.