How a redirect broke login with Apple for a full day

On June 11, 2025, Apple made an unannounced change to its OpenID Connect (OIDC) discovery endpoint, causing disruptions in the "Sign in with Apple" feature for many apps that adhered to OIDC standards, due to a mismatch between the issuer in Apple's ID tokens and the discovery metadata. The change, which was partially reversed within 24 hours, highlighted the fragile nature of identity infrastructure when providers alter behavior unexpectedly. Despite Apple's rollback, the ecosystem remains inconsistent, with no official guidance from Apple on managing the transition, leaving compliant clients struggling with token validation. This incident underscores the benefits of using established, open-source identity platforms like Ory, which help manage the complexities of authentication infrastructure and prevent similar disruptions, as demonstrated by companies like OpenAI who rely on Ory for scalable and reliable identity management.