App Review rejected Sign in with Apple in Capacitor

I'm building an iOS app using Capacitor with a Next.js 14 backend.

Authentication currently uses:

NextAuth Prisma Sign in with Apple Google Sign-In Magic Link

The web version works correctly.

For the native iOS app, tapping Continue with Apple currently opens the NextAuth endpoint (/api/auth/signin/apple), which launches the web authentication flow.

App Review rejected the app because the Sign in with Apple flow leaves the native experience and opens a web view/browser during sign in.

My goal is to keep Sign in with Apple fully native while continuing to use the same Prisma user database and authentication system used by the web application.

What is Apple's recommended architecture for this scenario?

Should I:

Perform native Sign in with Apple in the Capacitor app. Send the returned identity token to my backend. Verify the token server-side. Create my own authenticated session instead of using the NextAuth Apple provider.

Or is there another approach Apple recommends for hybrid apps using Capacitor?

Any guidance would be greatly appreciated.

App Review rejected Sign in with Apple in Capacitor
 
 
Q