Can't retrieve name and email from Sign In flow

Thanks! My only concern is that the way things are changing it doesn't feel safe to code against a GET flow until it is documented as supported.

@Apple can we please document and support the GET redirect-flow to help with Android clients and others who don't handle POSTs well?

Do you plan on adding the name to the id token? It makes it easier to grab it alongside eveything else here.

Could you please add the name to the id_token? It's also really annoying that you only get this information the first time someone goes through the flow, is it possible to always add this information?

According to @Natthakorn123 using form_post will be required later on. I also don't feel quite conviced that the way we are developing our flow now will work when it's finally released. We can't implement form_post with a major overhaul in our authentication implementation and with some middleware API endpoint that handles redirecting between Apple and our Angular app.

I'm also having issues with exchanging the code from the mobile SDK serverside.

When I try to do an oAuth2 exchange with the authorizationCode from the mobile SDK, the server returns the HTTP 400 error "{"error":"invalid_grant"}"

what are your request details? grant_type='authorization_code' should be - is it?

@tdh42 how did you get the user json in response ? I implemented both "Sign in with Apple REST API" and "Sign in with Apple JS" and in both cases I didnt get the user json in response, I am sure i have implemented them correctly as I am getting response from Apple but no user info in both cases, in both cases I am getting following response :-

Sign in with Apple JS ==> { "code" : "...." , "state" : ".... ", "id_token" : "...." }

Sign in with Apple REST API ==> { "access_token" : "...." , "token_type" : "....", "bearer" : "......", "expires_in" : "......", "refresh_token" : ".....", "id_token" : "......." }

NOTE :-

1) I have also decoded and checked id_token there is no user info in there

2) "......" means some data

@aks_64

You'll only get the emailaddress once from the token validation: https://appleid.apple.com/auth/token in the id_token

You should save the email with the sub (identifier).

Indeed, too bad, they revoked the feature (thank you for the communication), No GET-response from the https://appleid.apple.com/auth/authorize anymore.

Example:

https://appleid.apple.com/auth/authorize?response_type=code+id_token&client_id=www.example.com&redirect_uri=https%3A%2F%2Fwww.example.com%2Fsocial-auth%2Fapple&state=bde56fc21c&scope=email&response_mode=form_post

All I get now is {"iss":"https://appleid.apple.com","aud":"*****","exp":1566915927,"iat":1566915327,"sub":"*****","at_hash":"LO4e93EaBSHzBZ3RajVYcA","auth_time":1566915325}, no email info, though my authUrl looks like https://appleid.apple.com/auth/authorize?response_type=code&client_id=****&redirect_uri=****&state=****&scope=name%20email&response_mode=form_post

where can I get email address?

This is still not the case today, any planning to include those?

Hi Natthakorn123,

Is it possible that there will be support also with a response_mode with a standard get? I've created a subroutine with response_mode=form_post but I want to have less maintenance and to keep this in line with the oauth providers (linkedin, google+, facebook etc).

Yes, this is what we do. We have it working using our web application, we get a proper code and can exchange it for a token.

However, when we try to exchange a code that was received by the app using the mobile SDK, we get the error message "invalid_grant".

This issue is still not completely resolved given the following scenario in this post:

https://forums.developer.apple.com/message/383083#383083

How about the name? Is it included in "id_token"? I am using the web API and I can retrieve the email but not the name. Tried removing as well my site in apple https://appleid.apple.com/account/manage but just keep getting the email and not the name.