diff --git a/internal/api/provider/apple.go b/internal/api/provider/apple.go
index cfefa8d9a..9bdc2234f 100644
--- a/internal/api/provider/apple.go
+++ b/internal/api/provider/apple.go
@@ -148,7 +148,8 @@ func (p AppleProvider) GetUserData(ctx context.Context, tok *oauth2.Token) (*Use
 	}
 
 	_, data, err := ParseIDToken(ctx, p.oidc, &oidc.Config{
-		ClientID: p.ClientID,
+		ClientID:        p.ClientID,
+		SkipIssuerCheck: true,
 	}, idToken.(string), ParseIDTokenOptions{
 		AccessToken: tok.AccessToken,
 	})
diff --git a/internal/api/token_oidc.go b/internal/api/token_oidc.go
index a7f345121..1a0893e48 100644
--- a/internal/api/token_oidc.go
+++ b/internal/api/token_oidc.go
@@ -160,7 +160,16 @@ func (a *API) IdTokenGrant(ctx context.Context, w http.ResponseWriter, r *http.R
 		return err
 	}
 
-	idToken, userData, err := provider.ParseIDToken(ctx, oidcProvider, nil, params.IdToken, provider.ParseIDTokenOptions{
+	var oidcConfig *oidc.Config
+
+	if providerType == "apple" {
+		oidcConfig = &oidc.Config{
+			SkipClientIDCheck: true,
+			SkipIssuerCheck:   true,
+		}
+	}
+
+	idToken, userData, err := provider.ParseIDToken(ctx, oidcProvider, oidcConfig, params.IdToken, provider.ParseIDTokenOptions{
 		SkipAccessTokenCheck: params.AccessToken == "",
 		AccessToken:          params.AccessToken,
 	})