question

xanril avatar image
0 Votes"
xanril asked ryanchill edited

Name information on Apple Sign In

We enabled the Sign in With Apple feature in Azure App Service as instructed in this page:
https://docs.microsoft.com/en-us/azure/app-service/configure-authentication-provider-apple

We were able to make it work, however, we are having trouble getting the user's name information, even though this is part of the scope parameter. When we get the user's info via .auth/me endpoint, this info is not present whereas Other SSO Providers that we are using with the feature such as Google and Facebook has this information.

I researched Apple Docs/Forums as well, and it mentions that this info is only available upon initial sign in of the user to the application.
https://developer.apple.com/forums/thread/121496

I am expecting that on initial sign in via Azure App Service, we would get this information as well, but for some reason, we cannot.

Since it is the App Service that handles the initial response after a successful login, is this a bug on App Service side? Do you have any recommendations on how we can get the name information, at least even on initial sign up?

azure-webappsazure-webapps-authentication
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

ryanchill avatar image
0 Votes"
ryanchill answered ryanchill edited

Hi @xanril,

If your configuration is as such

"apple": {
    "registration": {
        "clientId": "<client ID>",
        "clientSecretSettingName": "APP_SETTING_CONTAINING_APPLE_CLIENT_SECRET"
    },
    "login": {
        "scopes": [
            "name",
            "email"
        ]
    }
}

then &scope=name%20email sent in the request to apple. Enable web server logging to verify the URL is correctly being sent. Apple should then send a response back containing the user information. If you're getting the email but not the name, then the omission may have something to do with the private relay Apple recently released; see https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/authenticating_users_with_sign_in_with_apple.



UPDATE: Currently, Apple Easy Auth provided only uses the email provided in the jwt from Apple and not the name.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @ryanchill , thanks for taking time to respond to my question!

Regarding the configuration, yes, this is already how it is configured on our end. The scopes are defined appropriately in its section.

Unfortunately, Web Service Logs/App Service Logs option is disabled in our Azure Function instance. However, I did manage to look into the paramaters and responses from Fiddler. I can see that the scopes parameter are being sent as &scope=name%20email as well. I also did find this response from apple indicating the info that we want.

state=<POST_REDIRECT_URL>://&code=<CODE_FROM_APPLE>user={"name":{"firstName":<FIRST_NAME>,"lastName":<LAST_NAME>},"email":<EMAIL>}

However, this response is being handled by the built-in authentication .auth/callback/apple. After the authentication flow, when we try to call .auth/me, we don't see the first name and last name information.

I don't think this is related to private relay, since the issue happens even if the user does not opt to use hide my email/private relay email.

Since we don't have control over .auth/callback/apple, is this an issue in the Azure Function Authentication side?






0 Votes 0 ·