Use response_mode = form_post when requesting name or email scope

If you are requesting name or email scope when invoking the authorization endpoint, include the parameter response_mode=form_post.


Otherwise, you will see the error: "Request missing required parameter or unsupported parameters or invalid redirect url"


We will be fixing the error message to provide more specific information in a follow-up build

Post not yet marked as solved Up vote post of Apple Staff Down vote post of Apple Staff
5.5k views

Replies

thanks - any plans to update the docs? Spent quite a bit of time trying to figure out why my app stopped working until I saw this. Also the whole flow still doesn't seem to work for me. I no longer get "invalid redirect url" but when redirected back to my URL after sign in, the `code` does not seem to be included

Are there any plans to support returning the data through the query parameters like the previous implementation or is it only going to be through form data?

+1 - we would really appreciate this endpoint being documented.


We have a variety of use cases that the JS SDK is impractical for, so it would be really helpful for developers working hard on getting Sign In with Apple into their apps to have this endpoint documented.


w.r.t `code` - the use of request_mode=form_post means that parameters will be sent back in the body of the POST request. If you haven't updated your callback to accept these parameters from the POST body (rather than as URL parameters), that'll need to be done.

Is their a reason for not using response_mode=query to fetch the email scope? That is how our current IdP's (Facebook, Google etc.) work using the OIDC standard. This enables web redirects to occour inside the browser to complete an /authorize call to occour seamlessly. As we are using a third party identity and access manager to handle these requests on behalf of the client it will not function with Apple Sign in as it doesn't comply with supporting response_mode=query.