Magento 2 looses customer session after SSO with Apple ID

[ctasca]

Question/Bug

In Magento 2/Adobe Commerce when the user choose to login with Apple ID when it comes back to the callback URL a new session is generated each times, causing to loose any previous data, such cart items and other customer data.

Because SSO with Apple ID makes a POST rather then a GET request I would like to know if there is a way to persist the customer session after being redirected to the callback URL.

From the debugging we made, the hybrid storage is completely wiped out, causing a 500 error when it checks for the state session variable against the one given from Apple.

We tried different ways to fix this, without much success. For example setting Varnish to force the setting of cookies when coming back to the callback URL. Although this works as the same PHPSESSID is kept, it does not log in the customer and there is not cart merge between the customer session and the guest customer session.

Does anyone could think why this would happen? Could this be due to the fact the same path is used both for GET and POST requests?

I have read other issues of the same type with Apple ID but although tried to implement the suggested solutions, none seems to work.

Any suggestion it is highly appreciated.