Name/surname not received from API

We've encountered an issue with implementing "Sign in with Apple." We've set up an authorization mechanism that returns a JWT, which includes the following fields in the IdTokenPayload: iss, aud, exp, iat, sub, at_hash, email, email_verified, auth_time, and nonce_supported.

We tested this using an Apple ID that had not previously been used with our app. At this stage, we expected to receive the user's name, but instead, the relevant fields are returning null values, and all we receive is the email address.

Here’s an example of the JWT payload we're receiving:

{ "iss": "https://appleid.apple.com", "aud": "com.octocrm.webapp", "exp": 1724833875, "iat": 1724747475, "sub": "000335.ad7cef1b0a3c474b842531f95444f2ad.1205", "at_hash": "perz_dvgtpe4cglpuzzj-a", "email": "firma.pl", "email_verified": true, "auth_time": 1724747463, "nonce_supported": true }

We were expecting the user's name fields (e.g., name, given_name, family_name) to be populated in the JWT, but instead, they are returning as null. Is there something we're missing in our implementation, or is there a specific condition that needs to be met for these fields to be included? Any guidance on how to resolve this issue would be greatly appreciated.

Answered by DTS Engineer in 801980022

Hi @orafix,

You wrote:

[...] We were expecting the user's name fields (e.g., name, given_name, family_name) to be populated in the JWT, but instead, they are returning as null. [...]

This is the expected behavior and is by design. Apple does not receive the user's provided name from the authentication UI—it is delivered directly to the Sign in with Apple client so cannot be included in the ID token.

The user's name is contained in the authorization response for the initial Sign in with Apple authorization request and will not be included in subsequent requests.

This behavior is documented below:

Important

Apple doesn’t receive the user’s full name shared with the system UI. The raw data is passed directly to your app from the browser and is not included in the user’s identity token. To help prevent cross-site scripting attacks, validate and sanitize the user-submitted first and last name values before storing on your app servers.

Authenticating users with Sign in with Apple: Retrieve the user’s information from Apple ID servers

To revoke your user credentials to test the expected flow, please see Manage your apps with Sign in with Apple.

Cheers,

Paris X Pinkney |  WWDR | DTS Engineer

Hi @orafix,

You wrote:

[...] We were expecting the user's name fields (e.g., name, given_name, family_name) to be populated in the JWT, but instead, they are returning as null. [...]

This is the expected behavior and is by design. Apple does not receive the user's provided name from the authentication UI—it is delivered directly to the Sign in with Apple client so cannot be included in the ID token.

The user's name is contained in the authorization response for the initial Sign in with Apple authorization request and will not be included in subsequent requests.

This behavior is documented below:

Important

Apple doesn’t receive the user’s full name shared with the system UI. The raw data is passed directly to your app from the browser and is not included in the user’s identity token. To help prevent cross-site scripting attacks, validate and sanitize the user-submitted first and last name values before storing on your app servers.

Authenticating users with Sign in with Apple: Retrieve the user’s information from Apple ID servers

To revoke your user credentials to test the expected flow, please see Manage your apps with Sign in with Apple.

Cheers,

Paris X Pinkney |  WWDR | DTS Engineer

Name/surname not received from API
 
 
Q