Sign In with Apple returns an empty user object

Hello.


We have implemented Sign In with Apple on our website. But the problem is that it only works with our developer's Apple ID.

I tried to use my personal Apple ID from the same environment, and the sign in process also did run fine.


However, when real users are trying to use this feature, Apple returns the wrong response:


{
  "state": "20cadefd",
  "code": "c0f4d18d62a124c9482dec72e9b647f6d.0.nwus.L-JUin6NT_fZPDn4B8oYaA",
  "user" => "{}"
}


As you can see, the user object is empty.

Querying https://appleid.apple.com/auth/token gives back no email claim as well. It is also reported that users do not see the usual step where one can share or hide his real email.


What are we missing here?

Up vote post of FlexoUser Down vote post of FlexoUser
4.3k views
Posted by
FlexoUser
Reply
Add a Comment

Replies

I got state, code, and id_token (JWT). Where does Apple say that user object will be returned?

Posted by
sarunw
Up vote reply of sarunw Down vote reply of sarunw
Add a Comment

Your response lacks user field because it's only available for the first sign in, and I am aware of that.

As for the correct first sign in response, here's what Apple documentation says:


https://developer.apple.com/documentation/signinwithapplejs/incorporating_sign_in_with_apple_into_other_platforms

----------------- A successful response contains the following parameters: 
code

A single-use authorization code that is valid for five minutes.

id_token

A JSON web token containing the user’s identity information.

state

The state contained in the Authorize URL.

user

A JSON string containing the data requested in the 

scope
property. The returned data is in the following format: 
{ "name": { "firstName": string, "lastName": string }, "email": string }

If an error occurs, the HTTP body contains the following parameters:

error

The returned error code.

state

The state contained in the Authorize URL.

---------------


I can get the firstName and email, but only if the user signs in to Apple using password, not TouchID. In case of TouchID, {} is returned.

Posted by
FlexoUser
Up vote reply of FlexoUser Down vote reply of FlexoUser
Add a Comment

The correct answer is here

https://forums.developer.apple.com/thread/118209

So the problem was in scope encoding: we sent `name+email` `name%20email`.

I'm not quite sure why it worked for the password, but not for Touch ID, but still.

Posted by
FlexoUser
Up vote reply of FlexoUser Down vote reply of FlexoUser
Add a Comment