diff --git a/demo/nextjs/lib/auth.ts b/demo/nextjs/lib/auth.ts
index f1174e207e..dc0051be26 100644
--- a/demo/nextjs/lib/auth.ts
+++ b/demo/nextjs/lib/auth.ts
@@ -350,7 +350,7 @@ export const auth = betterAuth({
 		}),
 		lastLoginMethod(),
 	],
-	trustedOrigins: ["exp://"],
+	trustedOrigins: ["exp://", "https://appleid.apple.com"],
 	advanced: {
 		crossSubDomainCookies: {
 			enabled: process.env.NODE_ENV === "production",
diff --git a/demo/nextjs/turbo.json b/demo/nextjs/turbo.json
index 7761b812bd..af4b743a22 100644
--- a/demo/nextjs/turbo.json
+++ b/demo/nextjs/turbo.json
@@ -19,7 +19,9 @@
         "MICROSOFT_CLIENT_ID",
         "MICROSOFT_CLIENT_SECRET",
         "STRIPE_KEY",
-        "STRIPE_WEBHOOK_SECRET"
+        "STRIPE_WEBHOOK_SECRET",
+        "APPLE_CLIENT_ID",
+        "APPLE_CLIENT_SECRET"
       ]
     }
   }
diff --git a/packages/better-auth/src/oauth2/state.ts b/packages/better-auth/src/oauth2/state.ts
index 64d562f9eb..9a06e067c2 100644
--- a/packages/better-auth/src/oauth2/state.ts
+++ b/packages/better-auth/src/oauth2/state.ts
@@ -49,6 +49,7 @@ export async function generateState(
 		});
 
 		const stateCookie = c.context.createAuthCookie("oauth_state", {
+			sameSite: "none",
 			maxAge: 10 * 60 * 1000, // 10 minutes
 		});
 
@@ -62,6 +63,7 @@ export async function generateState(
 
 	// Default: database strategy
 	const stateCookie = c.context.createAuthCookie("state", {
+		sameSite: "none",
 		maxAge: 5 * 60 * 1000, // 5 minutes
 	});
 	await c.setSignedCookie(
@@ -116,7 +118,9 @@ export async function parseState(c: GenericEndpointContext) {
 
 	if (storeStateStrategy === "cookie") {
 		// Retrieve state data from encrypted cookie
-		const stateCookie = c.context.createAuthCookie("oauth_state");
+		const stateCookie = c.context.createAuthCookie("oauth_state", {
+			sameSite: "none",
+		});
 		const encryptedData = await c.getCookie(stateCookie.name);
 
 		if (!encryptedData) {
@@ -162,7 +166,9 @@ export async function parseState(c: GenericEndpointContext) {
 
 		parsedData = stateDataSchema.parse(JSON.parse(data.value));
 
-		const stateCookie = c.context.createAuthCookie("state");
+		const stateCookie = c.context.createAuthCookie("state", {
+			sameSite: "none",
+		});
 		const stateCookieValue = await c.getSignedCookie(
 			stateCookie.name,
 			c.context.secret,
diff --git a/packages/expo/src/index.ts b/packages/expo/src/index.ts
index 0145c44529..8ac2a9e937 100644
--- a/packages/expo/src/index.ts
+++ b/packages/expo/src/index.ts
@@ -106,6 +106,7 @@ export const expo = (options?: ExpoOptions | undefined) => {
 						});
 					}
 					const stateCookie = ctx.context.createAuthCookie("state", {
+						sameSite: "none",
 						maxAge: 5 * 60 * 1000, // 5 minutes
 					});
 					await ctx.setSignedCookie(