Cannot get email & name while scopes requested on IOS14

[ivanlecodebento]

it works fine previously where users get to give permission to plugin for email and fullname,
this.signInWithApple.signin({ requestedScopes: [ ASAuthorizationAppleIDRequest.ASAuthorizationScopeFullName, ASAuthorizationAppleIDRequest.ASAuthorizationScopeEmail ] })
but now, when sign in using apple, the request permission page is gone, and it just sign in using a masked email

[Radecom]

The same thing happens to me. Even Apple rejected my app, arguing that the registration using sig in with Apple should save the user the process of typing their name and email. Still, even if I follow the instructions correctly, I cannot obtain that from Apple Sig In.

[josephlaw]

use jwt_decode to get email....but i don't know how to get full name
e.g.
var decoded = jwt_decode(result.identityToken);
console.log(JSON.stringify(decoded));
console.log(decoded.email);

[adeuman]

We are also experiencing this issue with our app! Would be nice to see this issue addressed

[faugusztin]

This is not an issue, but how Sign in with apple works. Email in the token is provided by Apple only on first request, for tokens received later you need to use Apple's REST API to exchange token for user details.

[Radecom]

This is not an issue, but how Sign in with apple works. Email in the token is provided by Apple only on first request, for tokens received later you need to use Apple's REST API to exchange token for user details.

Do you have a detailed example @faugusztin ?

[faugusztin]

https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens
https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/authenticating_users_with_sign_in_with_apple

You get your tokens from sign in, then you validate the authorization grant code, from which you get the JWT claim and a refresh token. For any future communication with the sign in REST servers you send the refresh token (Validate an Existing Refresh Token), as the authorization grant code is invalidated after trading it for a refresh token.

If i remember correctly i used the https://github.com/aaronpk/sign-in-with-apple-example as a start on how to use the Apple REST API. Unfortunately i don't have any code to give out to translate the Ruby/PHP code examples into JS or Objective C/Swift, that is up to you if you need to do it on device.

Edit: Just a note, to generate client_secret while communicating with the REST API one needs to use a private key, which is why it is not a good idea to perform this communication in the app itself, but instead on a well secured backend server.

[bameriters]

Login works fine and we can able to get email by decoding Identity token like this.

$identity_token = ''; //Your token here
$id_token = explode(".",$identity_token)[1];
$id_token = base64_decode($id_token);
$id_token = json_decode($id_token);
$id_token = (array)($id_token);

OUTPUT :

But not able to get name.. Any help?

[mirko77]

This is not an issue, but how Sign in with apple works. Email in the token is provided by Apple only on first request, for tokens received later you need to use Apple's REST API to exchange token for user details.

This. The user object is sent only the first time, then the email can be extracted from the jwt.
To have the user object sent again, the user needs to remove the connection to the app from the Apple ID page

[dhayaljaswantgit]

Hello Guys,
Did you able to resolve the 'Full Name' issue?, I'm able to retrieve email but not the Full Name, and apple is rejecting my app because of this, getting the below message from apple when submitted the app without retrieving the Full Name :

---

We noticed that after users authenticate their account with Sign in with Apple, they are required to take additional steps before they can access content and features in your app. Specifically:

• Your app requires users to provide their name after using Sign in with Apple.
• Sign in with Apple is designed to be a self-contained, all-in-one login system. With security features like built-in two-factor authentication, you can remove additional sign-up steps so users can focus on your app's content and features.

---

Thanks in advance
Jaswant Dhayal

[mirko77]

@dhayaljaswantgit you can get the fullName only the first time the user logs in. Afterward, Apple will only send the email. This is how it works, there is not any way around that. You need to save the fullName the first time the user logs in.
From Apple:

This behaves correctly, user info is only sent in the ASAuthorizationAppleIDCredential upon initial user sign up. Subsequent logins to your app using Sign In with Apple with the same account do not share any user info and will only return a user identifier in the ASAuthorizationAppleIDCredential. It is recommened that you securely cache the initial ASAuthorizationAppleIDCredential containing the user info until you can validate that an account has succesfully been created on your server.

[kurybr]

JSON.stringify(decoded)

Work to me, Thanks <3

[ensemblebd]

Per apple's documentation: Link here
The user information like first name, is only sent the first time, and never again.
Email comes everytime and can be decoded from the jwt claims.

The user must remove the app from their settings -> Profile -> password & security -> apple id logins, for us to ever receive that information again.

They are rejecting my app on the same basis, because they are too <redacted word> to clear the app from their test device prior to testing the app, and don't know their own documentation.
I will likely have to file an appeal.

But for now my approach is to simply notify the user with a popup saying "hey, you already authenticated once before, we can't get your full name per Link here".
Gonna find out tomorrow how Apple's super intelligent review-staff handles that scenario.

[dhayaljaswantgit]

@dhayaljaswantgit you can get the fullName only the first time the user logs in. Afterward, Apple will only send the email. This is how it works, there is not any way around that. You need to save the fullName the first time the user logs in.
From Apple:

This behaves correctly, user info is only sent in the ASAuthorizationAppleIDCredential upon initial user sign up. Subsequent logins to your app using Sign In with Apple with the same account do not share any user info and will only return a user identifier in the ASAuthorizationAppleIDCredential. It is recommened that you securely cache the initial ASAuthorizationAppleIDCredential containing the user info until you can validate that an account has succesfully been created on your server.

Yes Got that, Thanks @kurybr

[globules-io]

It seems like even at the first login, the name is now missing? Anyone else faces that issue?

[sevkonline]

It seems like even at the first login, the name is now missing? Anyone else faces that issue?

yes, i am having the same problem. fullName and email always return empty results.

[remoorejr]

I'm not having any problems with this plugin on my iPhone 13, iOS v 15.5, Xcode v 13.3.1. It is behaving as documented by Apple.

On 1st login email, family name (last name) and given name (first name) if shared, are populated. This data should be persisted to your server and/or stored in a persistent location on the device ( IndexedDB or a local SQLite DB are a few ideas that come to mind). On subsequent logins, those properties are returned as null strings. The returned user property (user id) is consistent in both cases and thus should be used to lookup the users persisted data.

The only way to logout the user and receive the users email and name info once again is for the user to go into settings on the device and click on their name (account), tap on password & security then tap on apps using Apple ID, then tap on the app and finally tap on Stop Using Apple ID. The next time the app is launched, the users info (if shared) will be included once again since as far as the device is concerned, this is the first login with Apple ID.

[mirko77]

No problems here either, iPhone SE (2020), iOS 14.5, Xcode 13.2.1