I struggled with this too and I found two issues that you need to resolve:
Make sure you specify scope=email when you send your initial authorize request (appleid.apple.com/auth/authorize endpoint). This requires that you use form-post response mode, so your callback URI will be invoked with HTTP method POST instead of GET.
If you have already used your email address to log on, then the account hasn't consented to hand-over the email address to your website/application. Go to your account management page (https://appleid.apple.com/account/manage) and click on APPS & WEBSITES USING APPLE ID Manage.... Remove the website.
After these steps, I was able to obtain the email address in the identity token.
RamonDeKlein
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution
Last seen
User for