Apple Sign In — given_name/family_name never available in ID token or /userinfo

Get Help
,
1

When users authenticate via Sign In with Apple OAuth flow (through react-native-auth0’s authorize(), which uses ASWebAuthenticationSession), the Auth0 ID token and /userinfo endpoint never include given_name or family_name; even when Auth0 Post Login Actions are configured to map them. This makes it impossible to prefill a user’s name during onboarding, which is a requirement Apple explicitly enforces (App Store Review Guideline 5.1.1).

Environment

  • SDK: react-native-auth0 v4.6.0

  • Platform: iOS (React Native)

  • Auth0 Connection: Apple social connection (production keys configured)

I’ve tried adding the following Post Login Action to map Apple’s stored name fields to OIDC claims:
exports.onExecutePostLogin = async (event, api) => {
if (event.connection.strategy === ‘apple’) {
const firstName = event.user.first_name;
const lastName = event.user.last_name;
if (firstName) api.idToken.setCustomClaim(‘given_name’, firstName);
if (lastName) api.idToken.setCustomClaim(‘family_name’, lastName);
}
};

Observed Behavior

Both the ID token payload and /userinfo response are missing all name-related fields. The name claim is set to the user’s (private relay) email address, not their actual name. Full observed /userinfo response

1 Like
3

Hi @nate5,

Welcome to the Auth0 Community!

This issue should be related to how the name scope is mapped to the Auth0 user profile when using an Apple Connection.

Apple’s documentation on the matter - Authenticating users with Sign in with Apple should answer a few of your questions here:

The API collects this information and shares it with your app the first time the user logs in using Sign in with Apple. If the user then uses Sign in with Apple on another device, the API doesn’t ask for the user’s name or email again. It collects the information again only if the user stops using Sign in with Apple and later reconnects to your app.

Although Apple provides the user’s email address in the identity token on all subsequent API responses, it doesn’t include other information about the user, such as their name. When you receive user information from the API response, immediately store it locally so your app can access it again.

It also mentions that “You can request to receive the user’s information, such as name and email address.”, meaning that the name scope has to be explicitly requested. When the name scope is present Apple will include a name object with the first name and last name of the user in the ID token issued.

This article explains how to request the name scope within Auth0 - Cannot Update Scopes in Apple Social Connection. For steps that might be needed on Apple’s side, you can check out this article - ‘Name’ and ‘Email Address’ Attributes Missing in Apple Connection User Profile. Here you can see why some users might encounter this type of behavior - Apple Connection - First Name and Last Name Missing for Some Users.

I hope this helps and if you have further questions please let me know.
Best regards,
Remus

4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.