Surprisingly, it's 2022 and this is still an issue for many developers. My issue is that some id_token from cetain users won't include email, even when it is their very first login attempt. The 'form_post issue' almost forced me to not include scope and I believe this is causing random exclusion of email information in the id_token. How come apple not able to support a better developer experience just like they publicize in the ads for their customers?

It's still happening in 2022. Some users receive email in their id_token, othes do not.

I've wasted weeks searching for true reason why I randomly fail to get email information. Following are the conclusions I came up after long suffering: You do not define scope and response_mode in the login uri(url which you would link to the button click event), you will get email in the id_token as JWT only once and this cannot be reverted unless you change the uri and add scope and response_mode first and delete the app you once signed in with 'Sign in with apple' in the appleid.apple.com manage page consequently. If you do not specify scope and response_mode, this will let you use GET method to redirect(or "return") to your frontend and it will enable easy login feature just like other major service providers. However, you cannot use email(true email or anonymous email all together) to authorize your users later and your only option is to use sub values in the id_token. You define scope and reponse_mode in the login uri, you will get email in the id_token everytime. You can use this email to authorize your users. However, if you delete scope and response_mode after users have signed up to your service, some users will still be provided with email in their id_token but others won't be provided with their email anymore. This randomness hit me hard for days. If you stick to specifying scope and response_mode in the uri, then this will not let you get id_token and code in your frontend since the only response_mode possible is POST(form_post) method. You might have to setup redirect uri(or "return url") to somewhere POST method is accepted. Probably like backend server or another api that changes POST method to a GET method. Since your response to your request from frontend will not land back to frontend, you will then have to figure out how to send back the user info and the token needed for authenticating the user in the frontend without relying on the 'reponse' from the apple server. I personally had to use HttpResponseRedirect as the return value of the backend api. I urlencoded the information I wanted to send to frontend. I hope this clumsy depiction of what I went through can shed some light on others who are stuck with this issue.