I'm writing a iOS/macOS application with web access via Azure B2C. I have the application successfully signing in with both email (ROPC flow) and a Microsoft Identity Provider (authorization code flow). I also have a new (in preview) Apple ID Identity Provider set up on my Azure B2C account that can log in using an Apple ID through a web interface.
I'm now in trying to add support for Sign in with Apple in my application, and I want to make it as nice for the user as possible by using the ASAuthorizationAppleIDProvider. I've successfully registered my application and have the ASAuthorizationAppleIDProvider returning an auth code and ID token.
Now - what can I do with those to get signed into Azure B2C? Anything? I'd ultimately like to somehow use the authorization granted through the Apple ID to request an access and refresh token from Azure B2C. Is that possible? If so, where should I be sending the auth code and/or ID token provided by apple? Azure B2C's authorization endpoint? What grant type(s)?
This isn’t possible. The flow is iOS App -> OIDC request to AAD B2C -> OIDC request to Apple IdP.
You need to use an OIDC library like msal4ios to talk OIDC to AAD B2C. This built in Apple SDK method (ASAuthorizationAppleIDProvider) will not be able to call AAD B2C. You cannot call Apple ID directly then exchange that token for a B2C token unless you go via AAD B2C to begin with.