I recently published my first app to App Store and failed in the same requirement.
Guess I was lucky since It was approved a few hours after I added it.
However the bigger problem with Sign in to Apple is that they don’t follow the standard implementation of oauth/oidc as pretty much everyone else does...