Can't retrieve name and email from Sign In flow

Question

Hi,

We've just implemented Apple Sign In according to the documentation (https://developer.apple.com/documentation/signinwithapplerestapi), the login is working fine, but there is no way to get the email from the token. We tried a lot of different scopes, and while only a few seem to be valid (name, email, openid), they don't seem to change anything to the response of the token. The only field that's in there is "id_token", and the only useful field in the "id_token" is "sub", which seems to be a unqiue identifier. Is there a way to retrieve the email address?

Thanks!

Sign in with Apple

66k

Posted by

HalvinCarris

Reply

Add a Comment

Answer 1

To request user information in the `id_token` (assuming you are requesting via the `/auth/authorize` REST API), you'll need to include the `scope` query parameter, which supports the values—`name` and `email`. You can request one, both, or none.

Note: Use space separation and percent-encoding for multiple scopes; for example, `"scope=name%20email"`.

For additional information about preparing the authorization request, please see the following documentation—

https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/incorporating_sign_in_with_apple_into_other_platforms

Posted by

ppinkney

Add a Comment

Answer 2

Hello,

I'm still not getting the name and email from Sign in Flow. My application is implemented in .Net Core 3.1 using the OpenIdConnect.

I've specified the scopes as following but when getting the code and idtoken, not user data is added.

.AddOpenIdConnect("Apple", async options => 
{
 options.Scope.Clear();                    
 options.Scope.Add("name");
 options.Scope.Add("email");
  ...
}
..
options.Events.OnAuthorizationCodeReceived = async context =>
{
 // no user object within the idtoken
}

The authentication cookie is generated but can't proceed with new account creation. I'm also using the ExternalLogin structure OnGetCallbackAsync. The url seems to have all required info as explained in this ticket.

Is someone facing same issue? Thanks

Posted by

ConstantinT

Add a Comment

Answer 3

Surprisingly, it's 2022 and this is still an issue for many developers. My issue is that some id_token from cetain users won't include email, even when it is their very first login attempt. The 'form_post issue' almost forced me to not include scope and I believe this is causing random exclusion of email information in the id_token.

How come apple not able to support a better developer experience just like they publicize in the ads for their customers?

Posted by

dondev

Add a Comment

Answer 4

And there is still no solution for this problem, unfortunately ☹️

Posted by

ivan_pomortsev

Add a Comment

Answer 5

Yea... turns out we're the last victims of this. This is just a very very bad experience overall. We get no email no nothing regardless of the first, last or nth time of login.

Posted by

DoubleWing

Add a Comment

Answer 6

In accepted response is To request user information in the id_token... But it is not true, user info is never in id_token but just after first sign-in (Ok, Apple decided just one time and makes developer life complicated as Apple always does) after redirection from https://appleid.apple.com/auth/authorize to redirect_uri When authorizing we set also 'response_type' => 'code id_token' + 'scope' => 'name email' but user info is not included in decoded id_token but just as separate parameter "user"...

<h2>POST params:</h2>Array ( [state] => ... [code] => ... [id_token] => eyJr...UUg [user] => {"name":{"firstName":"...","lastName":"..."},"email":"..."} )

What about security dear Apple? How we can trust fields in user param? Email, OK, it is included also in id_token which can we verify by signature and Appples public key.

@ppinkney are you sure user info is included in id_token?

Posted by

AppleDevx

Add a Comment

Answer 7

Hello Everyone

I am passing the name and email scope aswell but still name property is missing from the object.

any suggestions on this ?

https:&#x2F;&#x2F;appleid.apple.com&#x2F;auth&#x2F;token?grant_type=authorization_code&amp;code=my_code&amp;client_id=my_clientid&amp;client_secret=my_client_secrate&amp;redirect_uri=redirect_url

I am getting this type of response in id token

{
  "iss": "https:&#x2F;&#x2F;appleid.apple.com",
  "aud": "com.abc.def.dev.apple",
  "exp": 1680356668,
  "iat": 1680270268,
  "sub": "000924.ddd8b76bd42c4200ba3195d047430f95.582",
  "at_hash": "Au9BDTdPg_QshtISK4npYQ",
  "email": "abc@gmail.com",
  "email_verified": "true",
  "auth_time": 16802702287,
  "nonce_supported": true
}

Posted by

enestDev

@ernestDev You will never get name prop (and any other except email) in id_token because of Apple's world. In google and facebook oauth 2.0 it works as you expect but not in Apple's world. You will get name only as GET['user'] after redirecting when user authorizes request/permissions. Note that there is a another problem - Apple adds GET['user'] only after first sign in. GET['user'] is json stringified string like: {"name":{"firstName":"...","lastName":"..."},"email":"..."}

—
AppleDevx

Add a Comment

Answer 8

I can't retrieve name and email from Sign In flow

following this

https://appleid.apple.com/auth/authorize?response_type=code%20id_token&response_mode=form_post&client_id=&redirect_uri=&scope=name%20email&state=***

how to get user's email

Posted by

Bayarsaikhan

Add a Comment

Answer 9

You need to follow this following steps

iPhone Settings -> Apple Id -> Password & Security -> Apple ID logins -> {YOUR APP} > Stop using Apple ID.

Posted by

SrKiaDev

Add a Comment

Can't retrieve name and email from Sign In flow

Accepted Reply

Replies