How to get user's name on Sign in with Apple?

Question

I'm trying to authenticate users with Apple on the web (which is required as we also have an iOS app and have a Login with Facebook option and we have to bring Sign in with Apple too otherwise Apple rejects our app updates on iOS side) and here is my meta tags (with sensitive info redacted) as in Apple's example:

<meta name="appleid-signin-client-id" content="com.myapp">
<meta name="appleid-signin-scope" content="name email">
<meta name="appleid-signin-redirect-uri" content="https://my.return.url">
<meta name="appleid-signin-state" content="x login">
<meta name="appleid-signin-nonce" content="some number">
<meta name="appleid-signin-use-popup" content="false">

When the user taps the button it asks for sharing a name and/or email correctly:

I proceed, and my redirect URL is called as expected. However, when I decode the returned id_token I see only email and email_verified fields in addition to the JWT-related fields. I don't have anything related to the user's name. I know that the name field is populated only on the first auth so this is after a fresh login after removing my app from my Apple ID from the "Apps & Websites using Apple ID" page. If I change appleid-signin-scope on meta tags to name I don't get an email either, so that value is somehow being respected. I also haven't touched anything regarding the name field as in the screenshot (I could proceed by Touch ID without even clicking anything) yet the id_token can only have email, not name. I need to get users' names in addition to email in order to finish registration, and I'm forced to add Sign-in with the Apple option to push any updates to my iOS app. Many people have reported that they get the name only the first time (as clearly stated by Apple), but I'm not getting it even on the first time.

What am I doing wrong?

Answer 1

The code needs to request the UserI property, as specified in the Sign in with Apple API documentation.

Sample:

<meta name="appleid-signin-client-id" content="com.myapp">
<meta name="appleid-signin-scope" content="UserI">
<meta name="appleid-signin-redirect-uri" content="https://my.return.url">
<meta name="appleid-signin-state" content="x login">
<meta name="appleid-signin-nonce" content="some number">
<meta name="appleid-signin-use-popup" content="false">

Answer 2

Unfortunately, it seems this isn't possible. However the name is returned as JSON in the response body from the "authorization" endpoint along with the id token. This is only available the first time a user signs in, when they give consent for your application to access their name and email address, not on subsequent sign-ins.

Apple documentation - Retrieve the User’s Information

If you request the user’s full name, Sign in with Apple collects the information to pass along to your app. The name defaults to the user’s name from their Apple ID, but the user can change their name. The modified name is only shared with your app and not with Apple, and hence isn’t included in the ID token.

Response from "https://appleid.apple.com/auth/authorize" including "user" object:

{
  "code": "AUTH_CODE",
  "id_token": "ID_TOKEN",
  "user": {
    "name": {
      "firstName": "Jeb",
      "lastName": "Kerman"
    },
    "email": "[email protected]"
  }
}

Apple documentation - Handle authorization Response