On Thursday, June 12, 2025, Sign in with Apple was impacted by an incorrect subdomain defined in its /.well-known/openid-configuration file. The JSON returned incorrectly provided https://account.apple.com instead of the expected https://appleid.apple.com.
For Sign in with Apple, the value for the issuer (iss) claim in the user's identity token is https://appleid.apple.com. Additionally, if your clients use the Sign in with Apple REST API, the following endpoints should be used for each request:
https://appleid.apple.com/auth/authorizehttps://appleid.apple.com/auth/tokenhttps://appleid.apple.com/auth/revokehttps://appleid.apple.com/auth/keys
This issue with the /.well-known/openid-configuration file was resolved the same day. Use the URL below to confirm the expected subdomain is provided, as needed:
https://appleid.apple.com/.well-known/openid-configuration
Cheers,
Paris X Pinkney | WWDR | DTS Engineer