Sign In with Apple Button - Full Name Scope Issue

I'm unable to request the full name in my SignInWithAppleButton. However, I can correctly gather the apple id and use the email in the requested scope.

I have a testing and production project which have the same exact code block for reproducing the sign in button experience within an iOS app. In the testing project, I'm able to gather the full name and email (just as intended) with the same "Sign in with Apple" Capability and signing + signing certificate. Which leads me to think there's some conflict in entitlements or target properties which conflict with ability to gather the full name in the "SignInWithAppleButton"

Any help with this would be greatly appreciated before I have to run through each entitlement/property and play with how it affects the SSO capability. Thank you in advance!

Code block:


import SwiftUI
import AuthenticationServices


struct ContentView: View {
    var body: some View {
        VStack {
            SignInWithAppleButton(.continue, onRequest: {request  in
                request.requestedScopes = [.fullName, .email]
                
            }, onCompletion: {result in
                switch result {
                case .success(let auth):
                    guard let cred = auth as? ASAuthorizationAppleIDCredential else {return}
                    print(cred.authorizedScopes)
                case .failure(let err):
                    print(err)
                }
            })
        }
        .padding()
    }
}
Answered by DTS Engineer in 800022022

Hi @awhittle,

You wrote:

I have a testing and production project which have the same exact code block for reproducing the sign in button experience within an iOS app. In the testing project, I'm able to gather the full name and email (just as intended) with the same "Sign in with Apple" Capability and signing + signing certificate. Which leads me to think there's some conflict in entitlements or target properties which conflict with ability to gather the full name in the "SignInWithAppleButton"

The requested scopes are used to authorize the client's access to the user's information. The only values for Sign in with Apple include the user's email address and full name.

The user's email address and full name (if requested) are included in the initial authorization response. However, for subsequent authorization requests, the user's email is included within the identity (ID) token as the email claim, and the full name is not included at all.

Please see the following documentation to learn more about this expected behavior:

In particular, this quote:

Use the user identifier instead of an email address to identify the user. If you request the user’s full name, Sign in with Apple collects the information to pass along to your app. The name defaults to the user’s name from their Apple ID, but the user can change their name.

Important

Apple doesn’t receive the user’s full name shared with the system UI. The raw data is passed directly to your app from the browser and is not included in the user’s identity token. To help prevent cross-site scripting attacks, validate and sanitize the user-submitted first and last name values before storing on your app servers.

If you request the user’s verified email address, Sign in with Apple prompts the user to share it with your app. The user may choose to share their real email address or an anonymous one that uses the private email relay service. In both cases, Apple verifies that the email address works and is ready for use.

You can invalid your user tokens (and user sessions) by revoking your app's access to your user data. To learn how to manually revoke a client's access to a users's data for Sign in with Apple, see below:

Cheers,

Paris X Pinkney |  WWDR | DTS Engineer

Hi @awhittle,

You wrote:

I have a testing and production project which have the same exact code block for reproducing the sign in button experience within an iOS app. In the testing project, I'm able to gather the full name and email (just as intended) with the same "Sign in with Apple" Capability and signing + signing certificate. Which leads me to think there's some conflict in entitlements or target properties which conflict with ability to gather the full name in the "SignInWithAppleButton"

The requested scopes are used to authorize the client's access to the user's information. The only values for Sign in with Apple include the user's email address and full name.

The user's email address and full name (if requested) are included in the initial authorization response. However, for subsequent authorization requests, the user's email is included within the identity (ID) token as the email claim, and the full name is not included at all.

Please see the following documentation to learn more about this expected behavior:

In particular, this quote:

Use the user identifier instead of an email address to identify the user. If you request the user’s full name, Sign in with Apple collects the information to pass along to your app. The name defaults to the user’s name from their Apple ID, but the user can change their name.

Important

Apple doesn’t receive the user’s full name shared with the system UI. The raw data is passed directly to your app from the browser and is not included in the user’s identity token. To help prevent cross-site scripting attacks, validate and sanitize the user-submitted first and last name values before storing on your app servers.

If you request the user’s verified email address, Sign in with Apple prompts the user to share it with your app. The user may choose to share their real email address or an anonymous one that uses the private email relay service. In both cases, Apple verifies that the email address works and is ready for use.

You can invalid your user tokens (and user sessions) by revoking your app's access to your user data. To learn how to manually revoke a client's access to a users's data for Sign in with Apple, see below:

Cheers,

Paris X Pinkney |  WWDR | DTS Engineer

Sign In with Apple Button - Full Name Scope Issue
 
 
Q