Sign-in with Apple: user's name won't be retrieved

Question

Created Sep ’21

Replies 2

Boosts 0

Views 4.4k

Participants 3

As per the Developper documentation (https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/incorporating_sign_in_with_apple_into_other_platforms, paragraph Send the Required Query Parameters), I'm trying to get the user's name as long as I'm getting the authorization code.

My issue is quite straightforward: I never see any user's name in the request's response, even if the scope parameter is name%20email or even name.

To provide more details, the request URL is: [GET] https://appleid.apple.com/auth/authorize

and the query string is in form of:

 response_type=code
&response_mode=form_post
&scope=name
&client_id=*****
&redirect_uri=*****
&state=*****

The response is a JSON containing a id_token key. The matching value is a JWT whose payload, one base64-decoded, is on form of:

 {
  "iss": "https://appleid.apple.com",
  "aud": "*****",
  "exp": 1632208524,
  "iat": 1632122124,
  "sub": "*****",
  "at_hash": "*****",
  "email": "*****",
  "email_verified": "true",
  "is_private_email": "true",
  "auth_time": 1632122123,
  "nonce_supported": true
}

Is the documentation irrelevant? Am I missing something?

Note: this kind of response is return when the user hides his email. Sharing the email doesn't impact the response structure, yet.

Boost

Answer 1

DTS Engineer OP

Apple

Sep ’21

Hi David5781,

The user's email is provided in the ID token, as well as the following claims:

iss
sub
aud
iat
exp
nonce
nonce_supported
email
email_verified
is_private_email
real_user_status
transfer_sub (if within 60-day app transfer period)

However, the user's full name is not included in the ID Token, as documented on the same page linked above:

If you request the user’s full name, Sign in with Apple collects the information to pass along to your app. The name defaults to the user’s name from their Apple ID, but the user can change their name. The modified name is only shared with your app and not with Apple, and hence isn’t included in the ID token.

If you've already authenticated your test user, you will need to revoke access to your app to invoke the initial authorization flow.

If you have further questions about Sign in with Apple, please submit a Technical Support Incident and I'll be happy to assist.

Cheers,

Paris

0

Answer 2

David5781 OP

Sep ’21

Hi Paris,

Thank you for your support.

If I understand it well (quoting the documentation) "The modified name is only shared with your app and not with Apple" basically means that I have no chance to retrieve the user's full name via the https://appleid.apple.com/auth/authorize API, is that right?

If yes, I wonder how some websites can actually retrieve the user's name after an SSO (OAuth 2) login.

0

	response_type=code
	&response_mode=form_post
	&scope=name
	&client_id=*****
	&redirect_uri=*****
	&state=*****

	{
	"iss": "https://appleid.apple.com",
	"aud": "*****",
	"exp": 1632208524,
	"iat": 1632122124,
	"sub": "*****",
	"at_hash": "*****",
	"email": "*****",
	"email_verified": "true",
	"is_private_email": "true",
	"auth_time": 1632122123,
	"nonce_supported": true
	}