Hello, We've stumbled upon the issue with "Sign in with Apple" functionality today. It worked absolutely fine for quite a long time on our dev instances, but today as we've deployed it to production - it stopped working both on dev and prod. The issue is that idToken doesn't have email field for all the requests except 1 specific email for some unknown reason. Because of this - we cannot identify the user in our database. We've tried to test with multiple Apple accounts, including the ones we've already used, the ones that were never used for this app and even the absolutely new accounts with no luck (except 1 specific account). What we do: Redirect user to authorization page like this: https://appleid.apple.com/auth/authorize?client_id={SERVICE_ID}&redirect_uri={REDIRECT_URI}&response_type=code After authorization user is redirected to the redirect_uri where we get state and code. On the server-side of web app we create client_secret signed JWT (as required by documentation) and send POST https://appleid.apple.com/auth/token request with the following data: { code, client_id: result.Item.clientId, client_secret, grant_type: "authorization_code", } In response we get JSON with "access_token", "token_type", "expires_in", "refresh_token" and "id_token" We parse "id_token" to get email. Code we use to parse: const idToken = JSON.parse(body).id_token || ""; const [, infoPart] = idToken.split("."); const buff = Buffer.from(infoPart, "base64"); const text = buff.toString("ascii"); const json = JSON.parse(text); if (json.hasOwnProperty("email")) { endUserEmail = json.email; } The issue is that for all accounts we've tested except 1 - there's no "email" field. We've also tried to use AWS Cognito to verify if this is the issue with our implementation. They specify scope=email%20name&response_mode=form_post in their request. Unfortunately, the result is the same - Cognito returns an error saying that there's no email. Is it some kind of misconfiguration on our side? What should we do to allow users to sign in with Apple ID? Thank you, Dmitrii Khizhniakov Web developer Graebert GmbH https://graebert.com

I'm generating reports for a few campaigns with the Search Ads API. I've been running into this problem, where if a campaign is running in multiple countries (in my specific case: ['AR', 'CL', 'CO', 'PE']), I'm unable to find a way to get more granular results. The report only shows that list in the metadata. So my question is: is there any way to determine how well the ad performs in each country in the list as opposed to seeing the results grouped together? json payload: json = { "startTime": start_date, "endTime": end_date, "selector": { "orderBy": [ { "field": sort_field, "sortOrder": sort_order } ], "conditions": conditions, "pagination": { "offset": offset, "limit": limit } }, "timeZone": "UTC", "returnRecordsWithNoMetrics": no_metrics, "returnRowTotals": return_row_totals, "granularity":granularity, "returnGrandTotals": return_grand_totals } post request: requests.post("https://api.searchads.apple.com/api/v4/reports/campaigns", json=json, headers=headers) campaign metadata: {'campaignId': CAMPAIGN_ID, 'campaignName': CAMPAIGN_NAME, 'deleted': False, 'campaignStatus': 'PAUSED', 'app': {'appName': APP_NAME, 'adamId': ADAMID}, 'servingStatus': 'NOT_RUNNING', 'servingStateReasons': ['PAUSED_BY_USER'], 'countriesOrRegions': ['AR', 'CL', 'CO', 'PE'], 'modificationTime': '2021-12-14T23:42:57.281', 'totalBudget': {'amount': AMOUNT, 'currency': 'USD'}, 'dailyBudget': {'amount': AMOUNT, 'currency': 'USD'}, 'displayStatus': 'PAUSED', 'supplySources': ['APPSTORE_SEARCH_RESULTS'], 'adChannelType': 'SEARCH', 'orgId': ORG_ID, 'countryOrRegionServingStateReasons': {}, 'billingEvent': 'TAPS'} As you can see, there's a list of countries. At the moment, I am unaware of how to break it down into specific countries.

I'm currently using Log in with Apple and am wondering if Chrome's 3p cookie deprecation will impact any of our user flows. I was reading that for OAuth, SPA background token renewal (iframe) will break, and front-channel logout / session management will break for OIDC--has anyone heard this as well, or of any other user flows that may break?   Should I be concerned and is Apple working on developing any workarounds for breakages? Have they built anything in the past for Safari & Firefox's movement away from third party cookies (not sure if the impact will be the same for Chrome).

I'm having issues simulating a Sign In with Apple in the simulator. After some searching, it seems this has been an issue in the past iOS's but haven't found anything recent (this year 2022). The turning wheel spins in the simulator and doesn't authorize. Is this a bug still happening? I'm on iOS 15.2 Thanks.

Hi, I'm currently implementing various social login flows in Salesforce. Such an implementation essentially requires 3 steps: get an authorization code get an access token using the authorization code get user info using the access token I'm struggling with step 3. For example, Google provides this endpoint URL: https://www.googleapis.com/oauth2/v3/userinfo, but I can't find the equivalent for Apple. Can anybody help? Thanks

When I try login with apple, get "Invalid web redirect url". How can I set or update redirect url for my app. I want to see redirect url that already was set before, but I can't find where I set redirect url.

I am sending a user to the apple authentication site where they fill in their apple login information on a form: const signInWithApple = () => { const params = { client_id: Config.APPLE_AUTH_CLIENT_ID, redirect_uri: 'https://www.example-site.com/auth/apple/', scope: 'name email', response_type: 'code', response_mode: 'form_post', }; const loginUrl = `https://appleid.apple.com/auth/authorize?${queryString.stringify(params)}`; window.open(loginUrl, '_blank', `scrollbars=yes, width=520, height=570`); }; After it has authenticated the user, it redirects the user to the URL that is defined in the redirect_uri property. Then I verify the token and log in the user on my end. That works beautifully. The problem occurs when, instead of opening the window with the form fields, it opens a sheet at the bottom of the Safari mobile browser to allow the user to use face id. If you follow through with that, it looks like it recognizes your face and closes the sheet but it never redirects the user to my URL page where I log in the user after verifying their token. Has anybody encountered this? I would love some ideas on how to solve this please!

in memberships comparation table talk about free to use "Sign In..." feature (see screenshot) How I can get it for my web-site? Secret key for OAuth protocol and domain confirmation. From Xcode also dont allow to use this feature Reporting error like a "profile has been member of Developer Team" (my account Personal). In many cases from blog post which I found talk about free to use.

I have submitted my app it was reviewed and it is available on appp store now. But the app is not opening after download. It gets stuck at Splash Screen..

Do we have any api to upload app screenshots and metadata or create experiments with Screenshots and metadata for appstore connect ?

Hi guys, I’m integrating my ERP to Apple GSX API, and I have some doubts.  My customer sent to my this link (https://eservicecentral.apple.com/), which I have a successful login. At this link, I can see swagger documentation, but I don’t have enough information about the first token. Googling I saw another link (gsxapi.apple.com) and it seems to be an old API using WSDL, not JSON/RESTFUL. What is the main URL from API (the newer one)? How do I authenticate to this API? Where do I get first token? Where I can find documentation about these steps? I saw a FAQ (https://gsxapi.apple.com/apidocs/prod/html/WSFaq.html), but it says to generate a CSR and use a WSDL API, which I believe is outdated, because “eservicecentral” uses an JSON API. Do I need to generate a CSR or not for this newer API (json)? I saw that you have 3 different environments (GSXIT, GSXUT and GSX). Does the newer API have the same sandbox/production environments also? How do I access them? What are the main URLs? Where I get the correct instruction to connect to “eservicecentral”? API DOCs don’t say much.   I need some help to do my first connection and to understand the processes I need to follow. Also, I received this “gsx2.apple.com” to see things at browser. Are there any other URL’s that I should be aware of?

Our app currently uses login with Apple ID inside a webview and due to some AppStore updates, we are now required to use the native Swift implementation. We generate tokens in the web version according to this documentation https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens, passing the client_id and response_type as code id_token in the request because the code and id_token in the response are used on our backend to complete the user's registration procedure (along with the optional name/email). However, when following the guide https://developer.apple.com/documentation/sign_in_with_apple/implementing_user_authentication_with_sign_in_with_apple, we only have the userIdentifier, fullName and email as a response after logging in with Apple. The login works on Apple side but we don't have the necessary info we need. Is there any Swift method or API from Apple's side that would allow me to retrieve a code and id_token (JWT) in conjunction with the userIdentifier? Or should the login procedure be a totally different flow from backend's perspective?

My application is linking with the customer's apple account on the front end with no problems. But I would like to validate the data when it comes to the backend. Having the userid how can I validate it in node.js? do you have any route that passes the id and returns data such as name and email? Thanks

Anyone has implemented login by Apple id with AWS Cognito? We are not receiving the name attribute in authentication token from apple which is mandatory in Cognito. Please let me know if you have faced the similar issue.

First, sign in with apple, I saw 2 options, first is Share email, it's original email, second is Hide email, it's an email generated by Apple. I choose option 2, and I go to iCloud setting in iPhone settings > Click on ID Apple, iCloud+ ... (first option) > iCloud > Hide My Email > Choose the email that are using > Deactivate email address and delete that email. I go to sign in with apple again, it does not show the option Hide email. How to enable this option again?

When I try testing the sign-in with apple button on ANY xcode simulator, it doesn't work. After inputting the password to sign in, the spinner in the password field never stops spinning and nothing from the oauth methods gets printed. I have tested the sign in on multiple real-world devices. It always works. It seems to just be simulators that are causing the issue I'm worried my app will be rejected because of this. Has anyone encountered this? Any fixes?

Hi everyone, I'm trying to integrate Sign In With Apple Server to Server Notification but I didn't receive anything in my server. I've respected all specification (TLS 1.2 or higher, ...) I've tried to revoke and disable email to receive notification but nothing... Someone knows which can be the problem? Thanks

I am implementing apple sign in on my website On my backend(Nodejs), I need to request an authentication token using https://appleid.apple.com/auth/token REST api. I used Axios and coded as following export const createSignWithAppleSecret = () => { const token = jwt.sign({}, signWithApplePrivateKey, { algorithm: 'ES256', expiresIn: '1h', audience: APPLE_DOMAIN, issuer: APPLE_TEAM_ID, subject: APPLE_SERVICE_ID, keyid: APPLE_KEY_ID, }); return token; }; export const getAppleToken = async (code: string) => axios.post( 'https://appleid.apple.com/auth/token', qs.stringify({ grant_type: 'authorization_code', code, client_secret: createSignWithAppleSecret(), client_id: APPLE_SERVICE_ID, redirect_uri: APPLE_REDIRECT_URI, }), { headers: { 'Content-Type': 'application/x-www-form-urlencoded', }, } ); But I am getting Reqest failed with status code 400 Error: Request failed with status code 400\n at createError (/home/ubuntu/sooldamhwa/www/node_modules/axios/lib/core/createError.js:16:15)\n at settle (/home/ubuntu/sooldamhwa/www/node_modules/axios/lib/core/settle.js:17:12)\n at IncomingMessage.handleStreamEnd (/home/ubuntu/sooldamhwa/www/node_modules/axios/lib/adapters/http.js:260:11)\n at IncomingMessage.emit (events.js:327:22)\n at IncomingMessage.EventEmitter.emit (domain.js:485:12)\n at endReadableNT (_stream_readable.js:1201:12)\n at processTicksAndRejections (internal/process/task_queues.js:84:21) The api endpoint is correct, and I have configured header as document instructed( https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens) Could someone please let me know what I did wrong?

Scope is "openid email name", but the returned id_token does not contain user's first name and last name. Is there any way to include this information in id_token?