I cannot get apple sign in to post to my redirectURI if I set usePopup: true. When I set it to false I am however able to get it to work with no problems. I am not doing any of this on localhost and everything is HTTPS so I don't think that is the issue. Here is the error I message I get in the safari console (does not show up on firefox or chrome) when I successfully sign in to apple and press continue: Unable to post message to https://my-staging-site.soundstripe.com. Recipient has origin https://ea88-2601-1c2-780-c240-e9ee-17e4-e1c4-7cbd.ngrok.io. index.js:29 And here is my implementation AppleID.auth.init({ clientId: "com.soundstripe.web", scope: "name email", redirectURI: "https://my-staging-site.com/auth/apple", nonce: String(Date.now()), usePopup: true, }) const appleAuth = async () => { const response = await window.AppleID.auth.signIn() return response }

We are not able to retrieve name and, address and ethnicity after using Sign in with Apple. We are able to get email only. May I know where can we get resource to retrieve these information? Please advise.

I have set up Sign in with Apple. I can see the Sign in with Apple popup with the Continue button on the sign-in button click. Clicked on the Continue button. Then selected email and clicked on Continue with Password button. After entering the password activity indicator spins and the continue button disappears after a few seconds button enables but the activity indicator spins continues, not getting callbacks, and not able to understand what happens. Please help to resolve this issue.

I am investigating Sign in with Apple in detail and its relation with OpenID Connect. In line with this, it is known if Sign In with Apple supports the OpenID spec Logout endpoint? (https://medium.com/@robert.broeckelmann/openid-connect-logout-eccc73df758f) (https://openid.net/specs/openid-connect-frontchannel-1_0.html) Thanks, Dan

I am using Apple Sign In with JavaScript in usePopup mode. This is working fine but in order for the popup to return data to the parent window the URL of the parent window must match one of the redirect URIs configured for the services ID. The redirect URI also needs to be sent back Apple to validate the token and again it must match one of those configured. The problem I have with this is that my page can have multiple URLs because the URLs are structured as follows: https:// client-subdomain.mysite.com/optional-lang-code/slug-in-language These are all valid examples: https:// client1.mysite.com/sign-in https:// client1.mysite.com/en-gb/sign-in https:// client1.mysite.com/einloggen https:// client1.mysite.com/de-de/einloggen https:// client2.mysite.com/registrarse https:// client2.mysite.com/es-es/registrarse https:// client2.mysite.com/se-connecter https:// client2.mysite.com/fr-fr/se-connecter As you can there is the potential for there to be a lot of URLs and it quickly becomes a nightmare to manage in the Apple Developer Console, and there is not API to help automate this. Is there any way around this? Could I use wildcards when adding the redirect URIs in the Apple developer console in order to cover multiple paths whilst still validating against the domain part of the URL. It would be so much friendlier to developers if this were possible. It seems strange the the redirect URI gets used at all in this flow because the redirect does not even occur. I have Google sign in on the same site and this works without a problem. It uses a popup in the same way but does not enforce that the popup must come from a particular URL, it is enough that it comes from a particular domain. Therefore the setup in the Google developer console is much easier and can be done once and then forgotten about even if new languages are added in future.

Initially, our application provided the user with SIWA without requesting an email address. A bit later, the user authorization flow was changed and the email area for authorization request was added. However, the updated areas are not reflected in further responses, whether it is a native iOS or a web client. Both give the same result without email in JWT claims until the user manually cancels the authorization of the application from his Apple ID. Is there another way of getting email from already authorized user except revoking an access to our app?

Hello, We've stumbled upon the issue with "Sign in with Apple" functionality today. It worked absolutely fine for quite a long time on our dev instances, but today as we've deployed it to production - it stopped working both on dev and prod. The issue is that idToken doesn't have email field for all the requests except 1 specific email for some unknown reason. Because of this - we cannot identify the user in our database. We've tried to test with multiple Apple accounts, including the ones we've already used, the ones that were never used for this app and even the absolutely new accounts with no luck (except 1 specific account). What we do: Redirect user to authorization page like this: https://appleid.apple.com/auth/authorize?client_id={SERVICE_ID}&redirect_uri={REDIRECT_URI}&response_type=code After authorization user is redirected to the redirect_uri where we get state and code. On the server-side of web app we create client_secret signed JWT (as required by documentation) and send POST https://appleid.apple.com/auth/token request with the following data: { code, client_id: result.Item.clientId, client_secret, grant_type: "authorization_code", } In response we get JSON with "access_token", "token_type", "expires_in", "refresh_token" and "id_token" We parse "id_token" to get email. Code we use to parse: const idToken = JSON.parse(body).id_token || ""; const [, infoPart] = idToken.split("."); const buff = Buffer.from(infoPart, "base64"); const text = buff.toString("ascii"); const json = JSON.parse(text); if (json.hasOwnProperty("email")) { endUserEmail = json.email; } The issue is that for all accounts we've tested except 1 - there's no "email" field. We've also tried to use AWS Cognito to verify if this is the issue with our implementation. They specify scope=email%20name&response_mode=form_post in their request. Unfortunately, the result is the same - Cognito returns an error saying that there's no email. Is it some kind of misconfiguration on our side? What should we do to allow users to sign in with Apple ID? Thank you, Dmitrii Khizhniakov Web developer Graebert GmbH https://graebert.com

I am building a Chrome extension with OAuth sign in features. In order to keep the same user base of an existing mobile app I am implementing Facebook, Google and Apple sign in. Using the chrome.identity browser API I was able to implement the sign in for Facebook and Google without problems. I am now trying to implement the same for Apple SignIn. To do so I call the following url using the chrome.identity.launchWebAuthFlow method, which is expected to call the provided callback passing the provided redirect_uri plus the result as query string params: https://appleid.apple.com/auth/authorize?client_id=XXXXXXX&redirect_uri=https%3A%2F%2FXXXXXXX.chromiumapp.org&response_mode=form_post&response_type=code%20id_token&scope=name%20email  Since I need the user email and name I added the scope "name email" to my parameters but this force me to use the responsemode: 'formpost' (as documented here https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/incorporating_sign_in_with_apple_into_other_platforms). When responsemode is set to formpost the result data is not appended to the redirecturi, as a result the sign in works but I am not able to extract the information I need. By removing the scope and using responsemode=query works (I am able to extract the idtoken from the returnuri) but I cannot extract the user email and name. Is there a way to use the parameter response_mode: 'query' combined with scope='name email'?

It is possible to use firebase Apple login inside Web extension? I can use Google login. But with Apple it is no so clear. As we have to fill website url when creating service id. https://developer.apple.com/account/resources/identifiers/list/serviceId and web extension don't have website url.

Hi I am trying to make my web app to use 'Sign in with apple' I did following preocedure but I keep getting 'invalid client error' Could you help me please? created AppId and check Sign in with Apple created ServiceId linked AppId with ServiceId as a primary App Id created sub domain, domain and redirect url created Key and check Sign in with Apple linked Key with AppId I wrote some example code from pages below https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/configuring_your_webpage_for_sign_in_with_apple Could you please tell me what I did wrong? I have been wasting my time for a couple of days. Please help me. Thank you.

I've already read the fixes suggested at the link below -- and double-checked my code regarding each: https://developer.apple.com/forums/thread/117531 I'm doing a React web page, using the npm package: react-apple-signin-auth for the Sign In with Apple feature. (And I have Sign In with Google already working...) When previewing the page (http://localhost:3000/), the pop-up displays and I get the prompt to Sign In with Apple. The process works all the way through until the point at which it is supposed to return the data back to my site. (Which is better than I expected in that mode.) When I build the page and push it up to my development web server, the pop-up displays -- but I get an error saying: "Your request could not be completed due to an error. Try again later." (Note: I can't point you to the development site, because corporate keeps it behind a local firewall.) Any pointers would be greatly appreciated. ~JD

apple sign in with js not work in webview why?

Does Sign In with Apple JS provide functionality to prevent creating a new account if one doesn't already exist for a given Apple ID? For context, we have Sign In with Apple set up in our iOS app. Some subset of our users have access to a web app. We want to let users in this group log in to the web app if they used Sign In with Apple to create their account. This web app is for existing users only. We want to avoid a situation where someone stumbles across this web app and attempts to create an account. However, I've been unable to find documentation or example code that meets this goal. Is it possible to achieve this? Thanks for reading.

I would like to use Sign In with Apple JS on my website to show some pages or content only to predefined user. This is an example logic I would like to achieve: if userID or userEmail == "someValue" { // show page or content } In particular, I would like to show an admin panel only to users with particular username or email address or some ID or whatever. I don't want to allow signing up with SIWA for anyone. And just use SIWA JS to allow a safe way of signing in. Is it possible with Sign In with Apple JS? P.s. Technology I would like to use on my website: HTML, CSS, PHP, JS.

Anyone has implemented login by Apple id with AWS Cognito? We are not receiving the name attribute in authentication token from apple which is mandatory in Cognito. Please let me know if you have faced the similar issue.

First, sign in with apple, I saw 2 options, first is Share email, it's original email, second is Hide email, it's an email generated by Apple. I choose option 2, and I go to iCloud setting in iPhone settings > Click on ID Apple, iCloud+ ... (first option) > iCloud > Hide My Email > Choose the email that are using > Deactivate email address and delete that email. I go to sign in with apple again, it does not show the option Hide email. How to enable this option again?

I have this js code: document.addEventListener('AppleIDSignInOnSuccess', (data) = {     //handle successful response     console.log(data["detail"].authorization.id_token)     response = parseJwt(data["detail"].authorization.id_token)     email = response["email"]     console.log(email)     loginWithEmail(email) //    console.log("APPLE SIGN IN SUCCESSFFUL"); }); //Listen for AppleId authorization failures document.addEventListener('AppleIDSignInOnFailure', (error) = {     //handle error.     alert(JSON.stringify(error))     console.log("APPLE SIGN IN UNSUCCESSFFUL"); }); And it just stopped working. Now every time I sign in I get "APPLE SIGN IN UNSUCCESSFFUL" and the error is {"isTrusted":false}. What are ways around this?

I am following the instructions here https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/configuring_your_webpage_for_sign_in_with_apple Unfortunately I am not able to receive user data A JSON string containing the data requested in the scope property. The returned data is in the following format: { "name": { "firstName": string, "lastName": string }, "email": string } when usePopup is set to true. I defined scopes as described in documentation Use space separation when requesting multiple scopes; for example, "scope=name email". User data is returned correctly when usePopup is set to false but then every time we have to enter AppleId which was the reason why our app was rejected by the Apple reviewer. After research I have found that the problem is with response_mode, it needs to be set to form_post rather than web_message what is also described here -> https://developer.apple.com/forums/thread/118209 We only support response_mode "form_post". we will make form_post as default and remove redirect. In the meantime please add &response_mode =form_post in the request by Natthakorn123. There is no way to define response_mode=form_post in AppleID.auth.init while usePopup is true because it is automatically overwritten by embedded Sign in with Apple JS to web_message. t=e.usePopup?t+"&response_mode="+encodeURIComponent("web_message"):t+"&response_mode="+encodeURIComponent(e.responseMode) How to fetch additional user data in authorization response using embedded Sign in with Apple JS while usePopup is true ?

I implemented a apple signin on reactjs using the lib react-apple-login, the authentication is working with no problems, but on redirect to my API I only receive the code, none of the other data came on request

Hello, I'm currently struggling to figure out how I can make Apple sign in work with my app configuration. Maybe I'm just dumb, but I really can't figure out what I need to do to make it work. So I have a Next.js app setup server-side rendering my React frontend, and on a separate server, I have a Node.js (specifically Adonis.js) backend/api which I use to handle auth and sessions. I have both Facebook and Google OAuth2 logins setup and working perfectly, where I'm receiving a code as a query param in my callback url to my frontend, which the client then sends that code to my backend/api, which uses that code with the provider (FB or Google) to get their email, name, and any other data I could use to prevent the user from having to add later, and either create the user and log them in, or just log them in if they already exist using cookies. I don't need any sort of write access to their third party account, or anything more than reading their name and email so they don't have to enter it themselves, and so they don't have to enter a password on my site. There are 2 different questions I have. (and if there is a solution to the first one, it would make my life so much easier ha..) If I use these query params similar to how I would with Google or Facebook: response_type: 'code', client_id: Env.get('APPLE_APP_ID'), redirect_uri: 'https://example.com/auth/apple/callback' state: '', scope: '', response_mode: 'query' And I get redirected back to my frontend with the code in the url params, and I send it to my API like I do with Facebook/Google, is there any endpoint with Apple's system that I can use that code to request the user's email and name from? 2. From reading through doc after doc, and it still being fuzzy, I'm thinking I may need to use the form_post response mode kind of like this?: response_type: 'code id_token', client_id: Env.get('APPLE_APP_ID'), redirect_uri: 'https://example.com/auth/apple/callback', state: '', scope: ['email', 'name'].join(' '), response_mode: 'form_post' My impression is that it would post a token, and the user data to my callback url, and that I can get the user's email and name from the user's first request and attach the token received to the user in my database. I just do not for the life of me understand how I could use this pattern with how my app is setup. Would I have to have a post handler and a page setup on the same route (I don't even know if Next.js allows something like that), and then from that, I send that data to my backend server and create the account with the data received? Even if all that worked, I don't think I would be able to set the user's session since I rely on the request being made from my frontend to my backend utilizing the set-cookie header. Please let me know your thoughts, input, or clarifications. Thanks, Brody