Can't retrieve name and email from Sign In flow

Hi,


We've just implemented Apple Sign In according to the documentation (https://developer.apple.com/documentation/signinwithapplerestapi), the login is working fine, but there is no way to get the email from the token. We tried a lot of different scopes, and while only a few seem to be valid (name, email, openid), they don't seem to change anything to the response of the token. The only field that's in there is "id_token", and the only useful field in the "id_token" is "sub", which seems to be a unqiue identifier. Is there a way to retrieve the email address?


Thanks!

Answered by DTS Engineer in 413866022

To request user information in the `id_token` (assuming you are requesting via the `/auth/authorize` REST API), you'll need to include the `scope` query parameter, which supports the values—`name` and `email`. You can request one, both, or none.


Note: Use space separation and percent-encoding for multiple scopes; for example, `"scope=name%20email"`.


For additional information about preparing the authorization request, please see the following documentation—


https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/incorporating_sign_in_with_apple_into_other_platforms

Hello,

I'm still not getting the name and email from Sign in Flow. My application is implemented in .Net Core 3.1 using the OpenIdConnect.

I've specified the scopes as following but when getting the code and idtoken, not user data is added.

.AddOpenIdConnect("Apple", async options => 
{
 options.Scope.Clear();                    
 options.Scope.Add("name");
 options.Scope.Add("email");
  ...
}
..
options.Events.OnAuthorizationCodeReceived = async context =>
{
 // no user object within the idtoken
}

The authentication cookie is generated but can't proceed with new account creation. I'm also using the ExternalLogin structure OnGetCallbackAsync. The url seems to have all required info as explained in this ticket.

Is someone facing same issue? Thanks

Surprisingly, it's 2022 and this is still an issue for many developers. My issue is that some id_token from cetain users won't include email, even when it is their very first login attempt. The 'form_post issue' almost forced me to not include scope and I believe this is causing random exclusion of email information in the id_token.

How come apple not able to support a better developer experience just like they publicize in the ads for their customers?

And there is still no solution for this problem, unfortunately ☹️

Yea... turns out we're the last victims of this. This is just a very very bad experience overall. We get no email no nothing regardless of the first, last or nth time of login.

In accepted response is To request user information in the id_token... But it is not true, user info is never in id_token but just after first sign-in (Ok, Apple decided just one time and makes developer life complicated as Apple always does) after redirection from https://appleid.apple.com/auth/authorize to redirect_uri When authorizing we set also 'response_type' => 'code id_token' + 'scope' => 'name email' but user info is not included in decoded id_token but just as separate parameter "user"...

<h2>POST params:</h2>Array ( [state] => ... [code] => ... [id_token] => eyJr...UUg [user] => {"name":{"firstName":"...","lastName":"..."},"email":"..."} )

What about security dear Apple? How we can trust fields in user param? Email, OK, it is included also in id_token which can we verify by signature and Appples public key.

@ppinkney are you sure user info is included in id_token?

Hello Everyone

I am passing the name and email scope aswell but still name property is missing from the object.

any suggestions on this ?

https:&#x2F;&#x2F;appleid.apple.com&#x2F;auth&#x2F;token?grant_type=authorization_code&amp;code=my_code&amp;client_id=my_clientid&amp;client_secret=my_client_secrate&amp;redirect_uri=redirect_url

I am getting this type of response in id token

{
  "iss": "https:&#x2F;&#x2F;appleid.apple.com",
  "aud": "com.abc.def.dev.apple",
  "exp": 1680356668,
  "iat": 1680270268,
  "sub": "000924.ddd8b76bd42c4200ba3195d047430f95.582",
  "at_hash": "Au9BDTdPg_QshtISK4npYQ",
  "email": "abc@gmail.com",
  "email_verified": "true",
  "auth_time": 16802702287,
  "nonce_supported": true
}

I can't retrieve name and email from Sign In flow

following this

https://appleid.apple.com/auth/authorize?response_type=code%20id_token&response_mode=form_post&client_id=&redirect_uri=&scope=name%20email&state=***

how to get user's email

You need to follow this following steps

iPhone Settings -> Apple Id -> Password & Security -> Apple ID logins -> {YOUR APP} > Stop using Apple ID.

Can't retrieve name and email from Sign In flow
 
 
Q