I think I solved the issue in my project. It turned out that someone on the team used SIWA without defining the scope and every Apple account which used his version for the first time, would forever receive id_token's without email cause once you agree on a scope with the user, you stick with it forever. You can't extend the scope on next sign in. Only if user disconnects and reconnects his/hers Apple account with your app.
Post not yet marked as solved
I think I solved the issue in my project. It turned out that someone on the team used SIWA without defining the scope and every Apple account which used his version for the first time, would forever receive id_token's without email cause once you agree on a scope with the user, you stick with it forever. You can't extend the scope on next sign in. Only if user disconnects and reconnects his/hers Apple account with your app.
Post not yet marked as solved
I think I solved the issue in my project. It turned out that someone on the team used SIWA without defining the scope and every Apple account which used his version for the first time, would forever receive id_token's without email cause once you agree on a scope with the user, you stick with it forever. You can't extend the scope on next sign in. Only if user disconnects and reconnects his/hers Apple account with your app.
Post not yet marked as solved
We were also missing email field in case of some users. It turned out later that it depended on the device that user was using on initiall authentication through Sign in with Apple. In the mobile app it worked fine but when user was using a web browser on the initialization then the frontend team didn't define scope=email. It's forcing the response_mode=form_post and they weren't able to support a POST request in a Single Page App in JavaScript.
Too bad that Apple doesn't allow scope extension later. The scope sticks up to the point when a user reconnects his AppleId account with your app.
I've been working on implementing Sign in with Apple in my team about a month ago and email property in the identityToken was ALWAYS present for every sign in attempt on all tested AppleID accounts. Yesterday we started experiencing a missing email property with random users. Meanwhile we implemented SIWA in that way that we always expect the email property to be inside of the identityToken. What now?
Post not yet marked as solved
As far as I know, user selects a specific e-mail out of the list of all his contact e-mails when signing in to your app for the first time and this e-mail "sticks" with following sign-ins. Or disappears randomly which happens to us currently... The email field in identityToken is not present for some users.
Post not yet marked as solved
I'm having the same problem and really hoping for finding a solution. Its not consistent enought to give a 100% scenario but we do have one AppleID account in our team which fails to have the email field in id_token more often than others. It happens both in our iOS app (built with Cordova using a plugin for supporting native behavior) and on our website using official JS library.
Post not yet marked as solved
We return the email only for the first time, for the second time you can get email by extracting appleIdCredential.identityToken Unfortunately that isn't always true. We've found out in our team that identityToken is sometimes missing the email property. That field is critical for the registration process in our app and we haven't figured that out yet why this property is disappearing randomly.
Post not yet marked as solved
These are good questions. Too bad that no one replied to them since october. I would like to know the answers too.
