Can't retrieve name and email from Sign In flow

Hi,


We've just implemented Apple Sign In according to the documentation (https://developer.apple.com/documentation/signinwithapplerestapi), the login is working fine, but there is no way to get the email from the token. We tried a lot of different scopes, and while only a few seem to be valid (name, email, openid), they don't seem to change anything to the response of the token. The only field that's in there is "id_token", and the only useful field in the "id_token" is "sub", which seems to be a unqiue identifier. Is there a way to retrieve the email address?


Thanks!

Answered by DTS Engineer in 413866022

To request user information in the `id_token` (assuming you are requesting via the `/auth/authorize` REST API), you'll need to include the `scope` query parameter, which supports the values—`name` and `email`. You can request one, both, or none.


Note: Use space separation and percent-encoding for multiple scopes; for example, `"scope=name%20email"`.


For additional information about preparing the authorization request, please see the following documentation—


https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/incorporating_sign_in_with_apple_into_other_platforms

I know your responses are a few months old and that things have likely changed but do you have any idea why I might be getting "invalid_grant"? There are a couple of other people in here who are struggling with it and it seems to be a complete blocker. Thank you.

Is the name included in the id_token? Assuming the scope parameter included in the authorization URL looks like 'scope=email name'.


Which URL encoding do you expect on the API for the space symbol within the scope parameter? Should spaces be replaced by '+' or %20? Many libraries use '+', and that's how it worked for me, but as shown on this thread, this user is using %20.


Thanks

I have recevied email address in id_token, but i am unable to receive privatlyrelay email address if user not share email address. Also i never received user name in id_token.

Accepted Answer

To request user information in the `id_token` (assuming you are requesting via the `/auth/authorize` REST API), you'll need to include the `scope` query parameter, which supports the values—`name` and `email`. You can request one, both, or none.


Note: Use space separation and percent-encoding for multiple scopes; for example, `"scope=name%20email"`.


For additional information about preparing the authorization request, please see the following documentation—


https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/incorporating_sign_in_with_apple_into_other_platforms

Here is auth request;

https://appleid.apple.com/auth/authorize?state=local&client_id=com.xyz.auth&redirect_uri=https%3A%2F%2Fxyzcom%2Fcallback%2Fapple&scope=name%20email&response_mode=form_post&response_type=code%20id_token


i am still not able to recevie privatelyrelay email address.

here is id_token

eyJraWQiOiJlWGF1bm1MIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnRvZG8tY2xvdWQuYXV0aCIsImV4cCI6MTU4NjMyODg1MiwiaWF0IjoxNTg2MzI4MjUyLCJzdWIiOiIwMDAzMTkuYjNmYzZmNjJlMThlNDU3MjgwNTU1YTY0N2JhN2RhNTkuMDcxOSIsImNfaGFzaCI6InFLMldrTjFGSERGNF9YN2FfdWt0UVEiLCJhdXRoX3RpbWUiOjE1ODYzMjgyNTIsIm5vbmNlX3N1cHBvcnRlZCI6dHJ1ZX0.jWudBpsSYBZ5PYa89AfikrjP-jsQh2G-iraDEIM_138nE5nn-XB9qqtkf6u250PpZqSdfI2Unw5G-VM_qUlOdSqGRYCte4J4sUMua_Bku6A75N0NBsBb4hT49htyuLX-0mJufiLJklLiXGXp0nWxbiHgX5cAlo80vETl3Bl9iDXjGCzT_6-H1WkNCpvsOQObxj-5P-NT3_yVNnHbjCvb4nCQRn9lvJYUbP4-iCA5YN3s3lZZS6INISkRcJFuukgt8KzbTVYM70m3f-ySdRt4d_C66v1G0ejdaQSwxZFsffgWJ2X-sqzwuB9z-uWz7TbYvDRK6k4Z_txmywS9SbNrEw

My auth request is https://appleid.apple.com/auth/authorize?client_id=com.***.yyy&redirect_uri=http://xyz.com&response_type=code%20id_token&scope=name%20email&response_mode=form_post but I am still only getting the user information at the first request. From then on, only the code and id_token is getting received.

Another thing that confused me, that it seems like th API doesn't send the information as JSON data in the post, instead it is sending it, as if it was the addition to the query, for example: "code=<code>&id_token=<id_token>" usually. But when I request it the first time, so the user gets send with, it is like "code=<code>&id_token=<id_token>&user={"name":{"firstName":<firstName>,"lastName":<lastName>},"email":<strange String what isn't an email>}".

As you can see, only the user is send as Json, and the email is not an email (eg: it was "wj92b" one time"), but this could be fixed by receiving it through the JWT in the id_token.

I don't know how to fix it, I would really appreciate an answer.

@ppinkney

can you please reply ? i am still unable to receive relayemail address.

Here is auth request;

https://appleid.apple.com/auth/authorize?state=local&client_id=com.xyz.auth&redirect_uri=https%3A%2F%2Fxyzcom%2Fcallback%2Fapple&scope=name%20email&response_mode=form_post&response_type=code%20id_token


i am still not able to recevie privatelyrelay email address.

here is id_token

eyJraWQiOiJlWGF1bm1MIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL2FwcGxlaWQuYXBwbGUuY29tIiwiYXVkIjoiY29tLnRvZG8tY2xvdWQuYXV0aCIsImV4cCI6MTU4NjMyODg1MiwiaWF0IjoxNTg2MzI4MjUyLCJzdWIiOiIwMDAzMTkuYjNmYzZmNjJlMThlNDU3MjgwNTU1YTY0N2JhN2RhNTkuMDcxOSIsImNfaGFzaCI6InFLMldrTjFGSERGNF9YN2FfdWt0UVEiLCJhdXRoX3RpbWUiOjE1ODYzMjgyNTIsIm5vbmNlX3N1cHBvcnRlZCI6dHJ1ZX0.jWudBpsSYBZ5PYa89AfikrjP-jsQh2G-iraDEIM_138nE5nn-XB9qqtkf6u250PpZqSdfI2Unw5G-VM_qUlOdSqGRYCte4J4sUMua_Bku6A75N0NBsBb4hT49htyuLX-0mJufiLJklLiXGXp0nWxbiHgX5cAlo80vETl3Bl9iDXjGCzT_6-H1WkNCpvsOQObxj-5P-NT3_yVNnHbjCvb4nCQRn9lvJYUbP4-iCA5YN3s3lZZS6INISkRcJFuukgt8KzbTVYM70m3f-ySdRt4d_C66v1G0ejdaQSwxZFsffgWJ2X-sqzwuB9z-uWz7TbYvDRK6k4Z_txmywS9SbNrEw

Hello! I've managed to get the user's email address on the first login but never got the name. Is this normal? I'm using OpenId Connect on ASP.NET Web Forms.

Hi, were you able to retrieve the user's email address on subsequent logins?

Hello ppinkey!
And everyone having trouble,
We've just implemented Apple Sign In for bubble.is as a plugin according to the documentation. (https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/incorporating_sign_in_with_apple_into_other_platforms).
The login is working fine, but we can't retrieve the name, even if the purpose set in scope is only "name". what we receive:

  1. { "state": "EN", "code": "c10ab6**********************Ckggusd4UAdj-A",
  2. "id_token": "eyJraWQiOiJBSURP*****UOQ",
  3. "user": "{\"email\":\"********\"}" }

can this be an issue apple side? Can you please check that the scopes are correctly set?
Thanks a lot for your help.

Is there any help on getting user's name with ID Token?
Hi am doing apple sign in with react js here. Was stucked with the form_post responseMode for a long time. Any assistance?

Code Block
fetch(`${redirectUri}`, {
method: "POST",
headers: {
"Content-Type": "application/x-www-form-urlencoded"
}
})
.then(res => res.json())
.then(responseJson => {
console.log(responseJson);
});


on inspect, Network tab, no response was found.
Am i doing it correctly?
Hello,
email is now retreived from id_token and it works fine.
However, I have problem retrieving user's name and surname from response of the authorize method when I call it more than once. I know it's a feature by Apple, but there are cases when I need to ping Apple endpoint again to retrieve user's name and surname again.
Example: user registers in my app using Apple sign in, user deletes account, then registers again. I can't get his name and surname this time.
I asked it on stack overflow but it's mostly ignored so far:
https://stackoverflow.com/questions/63500926/apple-sign-in-authorize-method-returns-name-only-first-time

I recommend you read more about authentication and authorization. For example view this review
I recommend read more about your question in this blog
Can't retrieve name and email from Sign In flow
 
 
Q