feat: Apple Signin iOS/Android/Web

[IronTony]

Affected Package(s)

• @forward-software/react-auth (lib)
• @forward-software/react-auth-google (packages/google-signin)
• Examples
• CI/CD / Repository configuration

New package: @forward-software/react-auth-apple (packages/apple-signin)

Related Issue(s)

None

Motivation

Add Apple Sign-In support to the react-auth ecosystem, following the same adapter pattern used by react-auth-google. This enables apps using @forward-software/react-auth to integrate Sign in with Apple across Web, iOS, and Android with a unified API.

Description of Changes

• Add new @forward-software/react-auth-apple package (v1.0.0) implementing the AuthClient<AppleAuthTokens, AppleAuthCredentials> interface
• Implement platform-specific authentication:
  • Web: Apple JS SDK integration with popup/redirect flow support
  • iOS: Native AuthenticationServices framework via Expo module (no external dependencies)
  • Android: OAuth flow via Chrome Custom Tabs (requires backend intermediary for Apple's form-post response)
• Provide ready-to-use AppleSignInButton components for both web and React Native with customizable appearance
• Include token persistence with pluggable storage (localStorage, MMKV, AsyncStorage, etc.)
• Add credential state checking on iOS for token refresh and revocation detection
• Export low-level Apple JS SDK wrapper (./web/appleid) for custom integrations
• Add unit tests for both web and native AppleAuthClient implementations
• Register the new package in release-please-config.json and .release-please-manifest.json

Breaking Changes

None

How to Test

1. CI Checks: Verify that all automated tests (Vitest) and build steps pass successfully on this PR.
2. Local Verification (Optional):
   • Run pnpm install to install dependencies.
   • Run pnpm --filter @forward-software/react-auth-apple test to run tests for the new package.
   • Run pnpm --filter @forward-software/react-auth-apple build to verify the build succeeds.
   • Run pnpm --filter @forward-software/react-auth-apple lint to check for linting errors.

Checklist

• My code follows the project's style guidelines
• I have added or updated tests to cover the changes
• I have updated relevant documentation
• All tests are passing locally
• CI checks are passing
• I have reviewed my own code and lock file changes
• I have checked for any potential security implications
• I have verified the changes work as expected
• My commit messages follow Conventional Commits format

Notes for Reviewers

• This package follows the same structure and patterns as packages/google-signin for consistency.
• Apple only provides user info (name, email) on the first authorization. Subsequent sign-ins return only the identity token and user ID. Consumers should persist user info server-side after the first login.
• The Android implementation requires a backend endpoint to handle Apple's form_post response mode and redirect back to the app via deep link. See the README for setup details.
• iOS uses only system frameworks (AuthenticationServices, CryptoKit), so no additional CocoaPods or native dependencies are needed.