I succeed to make Apple Signin working in my company SSO developed on a spring boot stack.
Main problems:
- No icon customization. It must be linked to a deployed native application
- .Apple Signin Callback is a post method.
- We have a cookie with samesite=lax. So the session is lost. We don't remember the state value or the redirecturi. My workaround was to create another cookie withe samesite=none and a short TTL, only for the apple-signin.
- Spring Oauth server doesn't support post method callback
- Spring social does not support id_token.
I have forked the spring social project to adapt. So the maintenance will be more complex and will take more times to follow spring social updates,
I guess many sites will let samesite=none and the security will be globaly bad for the end user (the best is the enemy of the good).