Sign in with Apple is missing user email

We’re trying to setup Sign in with Apple. We’ve setup everything on the iOS side and it’s sending all the necessary information to Auth0. We can see the email in the Auth0 log when a successful login is made.
The problem is that when the server tries to call /userinfo the users’ email is not included in the resulting payload (see sample payload below):
{ "sub": "apple|000109.6b2727499ac54f708cadbb624XXXXXXXXXX", "nickname": "kayttXXXXX", "name": "kayttXXXXX@privaterelay.appleid.com", "picture": "https:\/\/s.gravatar.com\/avatar\/81a508397c4fb8b60ef200d993609aee?s=480&r=pg&d=https://cdn.auth0.com/avatars/ka.png", "updated_at": "2020-07-02T19:23:14.995Z", "http:\/\/har.com\/claims\/groups": [], "given_name": "kayttXXXXX@privaterelay.appleid.com", "family_name": "" }
Is there something else that we have to configure?

Thanks,

1 Like

Hey there!

Can you share with us the link to the doc / quickstart that you followed so we can try to reproduce that? Thank you!

We followed these steps, but in Objective-C, should be the same. https://auth0.com/docs/quickstart/native/ios-swift-siwa
Another weird thing we noticed was that the Authorized Applications tab of the user that’s created doesn’t have any applications. Not sure if that’s why it’s happening.
We are using the native flow, not the web flow.

Gotchya thanks for providing that context. Can we work together with the quickstart maintainer in order to solve that hurdle by creating a GitHub issue in the qucikstart repo?

Create the issue copy-pasting the context you shared here and share with us the link to the issue so we can proceed. Thanks!

I would love to do that, but it will probably be a while. I have a couple of other apps to work on. I’m surprised no else has gotten this issue before, so I’m assuming something is wrong in our configuration or something, although it’s so weird that it’s half working.

Gotchya! If you managed to find something on your end then let us know!

Hello @hardeverick

Could you please tell me if the user profile (found in your dashboard at manage.auth0.com) contains the email?

Thanks.

Hey there @hardeverick!

Have you had a chance to see last message from @thomas.osborn?

Hi,

Sorry I was on vacation last week. The profile does include the email. We ended up creating a rule that returns this email. We had to change the backend to look for this new key with the email. Ideally we would want it to work just like all the other social logins we use.

We’re seeing the same issue where /userinfo is not returning the email address when using Sign in with Apple.

We’re using Universal Login in our apps with Lock.js v11.26.1. We do not see this problem with Username-Password or Google logins.

So seems like an issue with the Apple Account I used when setting up Sign In With Apple. Other Apple Accounts are working fine. I did do things like ‘Try Connection’ and made other changes to Apple and Auth0 settings and was repeatedly using an Apple account which seems to have gotten in a bad state even though the Profile information looked correct. Also note we tested on both Lock.js v11.26.1 and v11.22.5.

Note that we came across a weird issue which may be related when trying to delete a User account created via Apple Sign In from our Auth0 tenant. Once it was discovered other Apple accounts seem to work as expected, I tried to delete my Auth0 user from the tenant and try again. On signing-up again with my Apple ID, I became a “ghost” user in Auth0 with (empty) name and limited profile information. I then went into my Apple ID settings to remove the apps as approved Sign With Apple apps and went and deleted the “empty” user in Auth0 and then everything started working as I had a new Apple User ID provided to Auth0.

Definitely weirdness around scopes or permissions so maybe trick is to either use a new Apple Account when you encounter trouble or make sure to delete auth entries in both Auth0 Tenant and Apple ID Settings when trying to start from scratch.

Are you guys using Sign In with Apple on the web or in a native app? We tried with 3 different Apple accounts and they all gave us the same issue.

We’re using Universal Login (Classic) with customizations so Lock.js on the web technically.

We haven’t tried the web yet, we’re using a native app. Although the tests we did through the Auth0 dashboard seems to return all the necessary information, but I’m not sure how a web implementation would differ.

Thanks,

One thing we started checking was if we had correct scopes requested to get email which may be helpful to double-check.

In Auth0 Tenant Users & Roles -> Users, select a particular User that used Apple, and check the Authorized Applications lists your application with openid profile email perms.

Authorized Applications is empty for anyone logging in through native Sign in with Apple for us. Also because it’s not web the scope is set in Swift code in the Apple’s Sign in SDK.
We can see in the log that the email is set in the profile. I’m guessing that some how because the Authorized Applications are empty /userinfo doesn’t return the email since there’s no authorized application, but I’m not sure.