Posts

Post not yet marked as solved
1 Replies
1.1k Views
When invoking the web-based Sign in with Apple flow (via https://appleid.apple.com/auth/authorize?[PARAMS]), I noticed that if requesting the "openid" scope (in addition to "name" and "email"), the process errors out just after the user enters credentials and their 2FA code, but just prior to the permissions/consent to share name and email page is rendered. Specifically, a "consent endpoint" (in the form https://appleid.apple.com/appleauth/auth/oauth/consent?[PARAMS]) is called and returns a 500 error, which leads to a user-facing error page saying "Your request could not be completed because of an error. Please try again later."If I omit the "openid" scope, the process works (however this would be in conflict with what the OpenID Connect specification calls for). Additionally, for a return user sign-in, the presence of "openid" in the requested scopes has no effect - the problem appears to be isolated to first-time users and the behavior of the "consent" endpoint.For my particular environment, omiting "openid" from the scopes requested from an OpenID Connect provider isn't possible. Is anyone experiecing a similar issue? If this could be considered a bug on Apple's side, is this something that will be addressed before launch?
Posted Last updated
.