I am following the instructions here https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/configuring_your_webpage_for_sign_in_with_apple Unfortunately I am not able to receive user data A JSON string containing the data requested in the scope property. The returned data is in the following format: { "name": { "firstName": string, "lastName": string }, "email": string } when usePopup is set to true. I defined scopes as described in documentation Use space separation when requesting multiple scopes; for example, "scope=name email". User data is returned correctly when usePopup is set to false but then every time we have to enter AppleId which was the reason why our app was rejected by the Apple reviewer. After research I have found that the problem is with response_mode, it needs to be set to form_post rather than web_message what is also described here -> https://developer.apple.com/forums/thread/118209 We only support response_mode "form_post". we will make form_post as default and remove redirect. In the meantime please add &response_mode =form_post in the request by Natthakorn123. There is no way to define response_mode=form_post in AppleID.auth.init while usePopup is true because it is automatically overwritten by embedded Sign in with Apple JS to web_message. t=e.usePopup?t+"&response_mode="+encodeURIComponent("web_message"):t+"&response_mode="+encodeURIComponent(e.responseMode) How to fetch additional user data in authorization response using embedded Sign in with Apple JS while usePopup is true ?

I implemented a apple signin on reactjs using the lib react-apple-login, the authentication is working with no problems, but on redirect to my API I only receive the code, none of the other data came on request

Hello, I'm currently struggling to figure out how I can make Apple sign in work with my app configuration. Maybe I'm just dumb, but I really can't figure out what I need to do to make it work. So I have a Next.js app setup server-side rendering my React frontend, and on a separate server, I have a Node.js (specifically Adonis.js) backend/api which I use to handle auth and sessions. I have both Facebook and Google OAuth2 logins setup and working perfectly, where I'm receiving a code as a query param in my callback url to my frontend, which the client then sends that code to my backend/api, which uses that code with the provider (FB or Google) to get their email, name, and any other data I could use to prevent the user from having to add later, and either create the user and log them in, or just log them in if they already exist using cookies. I don't need any sort of write access to their third party account, or anything more than reading their name and email so they don't have to enter it themselves, and so they don't have to enter a password on my site. There are 2 different questions I have. (and if there is a solution to the first one, it would make my life so much easier ha..) If I use these query params similar to how I would with Google or Facebook: response_type: 'code', client_id: Env.get('APPLE_APP_ID'), redirect_uri: 'https://example.com/auth/apple/callback' state: '', scope: '', response_mode: 'query' And I get redirected back to my frontend with the code in the url params, and I send it to my API like I do with Facebook/Google, is there any endpoint with Apple's system that I can use that code to request the user's email and name from? 2. From reading through doc after doc, and it still being fuzzy, I'm thinking I may need to use the form_post response mode kind of like this?: response_type: 'code id_token', client_id: Env.get('APPLE_APP_ID'), redirect_uri: 'https://example.com/auth/apple/callback', state: '', scope: ['email', 'name'].join(' '), response_mode: 'form_post' My impression is that it would post a token, and the user data to my callback url, and that I can get the user's email and name from the user's first request and attach the token received to the user in my database. I just do not for the life of me understand how I could use this pattern with how my app is setup. Would I have to have a post handler and a page setup on the same route (I don't even know if Next.js allows something like that), and then from that, I send that data to my backend server and create the account with the data received? Even if all that worked, I don't think I would be able to set the user's session since I rely on the request being made from my frontend to my backend utilizing the set-cookie header. Please let me know your thoughts, input, or clarifications. Thanks, Brody

Hi below is my code , I am getting invalid uri , I really need this to work , can someone please help ? I went through all the articles nothing worked Under the Service ID configuration domain : api.oro.art return URL : https://api.oro.art:3000 let init = function(){ console.log("APP START FOR APPLE"); window.AppleID.auth.init({ clientId : 'art.oro.services', scope : 'name email', redirectURI : 'https://api.oro.art:3000', state : 'openssl_random_pseudo_bytes', usePopup: true }); console.log("Got to the end"); }

I need to know how can I support the Sign in with apple in lower versions. Shall I need to create any web and then set this in app's button to launch the web in side the app? What are the easiest way to make this as working condition. Note: We have backened support to make this as workable one.

Is it possible to exchange applejs authentication code for a music user token? Basically - Is it possible to use apple signin with music kit without users needing to sign in twice to apple?

Trying to troubleshoot a "Nonce Mismatch" error with Apple SIgn In. Not sure if it's an Apple issue, OmniAuth, or perhaps code. Here's some context: Framework: Rails (v6.1) / Web App Using the Ruby Gems - [omniauth-apple ], Devise (https://github.com/nhosoya/omniauth-apple) Everything is "wired" up, and authentication seems to be working. Safari prompts me for my fingerprint, I authenticate, and it redirects back to the web app logged in. Authentication works in all major browsers via a more manual approach. However, I'm receiving this error: Nonce mismatch From my logs: ERROR -- omniauth: (apple) Authentication failure! nonce_mismatch: OmniAuth::Strategies::OAuth2::CallbackError, nonce_mismatch | nonce mismatch One thing I noticed, changing this Rails setting from :lax to :none seems to suppress the error. But the trade-off is Chrome fails. Hmmm... config.action_dispatch.cookies_same_site_protection = :lax' Any idea what this means and some guidance would be welcome.

I have successfully used "Sign in with Apple" to retrieve the user object containing the name and email. But subsequent calls to the authorize endpoint do not return the user object and the "code" and "id_token" objects are different each time. With Facebook, the user's ID is returned every time so it's easy to associate with the local account which obtained the user ID when they initially signed in with Facebook, but Apple doesn't do this. Am I missing something?

Our iOS app rejected by apple store saying, "We discovered one or more bugs in your app. Specifically, your app displays an error message when we logged in via Sign in with Apple. Please review the details below and complete the next steps." However, our app uses our company’s own account setup and sign-in systems (OpenID Identity Provider). As per the Apple store review guideline 4.8, we don't need to include sign in with apple option. In our company's own account setup and sign-in system integrated all third-party login (Facebook, google etc.) and sign in with apple too. But in order to sign into the app, specific email should be authenticated from our company user pool. If user (email address) not exist in the user pool, user may receive error message saying, You don't have required permission Please help on approval process. Are there any guideline violations?

I've read in the documentation the private relay and user identifier (sub) are team scoped. If I have 2 or more teams that have their separate Sign in with Apple service ids configured, each under their own (separate) team account is there any way to unify these into one common service id so that the team-scoped user identifier is the same whether the user signs in through Team1-AppleServiceId1 or Team2-AppleServiceId2?