Worst decision ever: Both Google and Facebook make no distinction between the SIGN-IN and SIGN-UP, but Apple YES. In this case, instead of handling both situations in one shot (LIKE WE DO WITH ALL OTHER SERVICES), we have to distinguish both cases: SIGNUP (Praying that everything will work in your backend because in case of db connection errors you are lost): Take from ajax POST request the fields: name,email,token_id -> Validate token_id using apple api, check if the user already exists on db and if not exist insert and generate your app token, if exist just create and pass your app token. SIGNIN (Praying that signup has been completed without errors): Take from ajax POST request the only available field token_id -> Validate token_id using apple api and check if the user already exist. If not exist return error, if exist generate and return your app token

Sorry Apple but i consider a BUG not indicating here https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/configuring_your_webpage_for_sign_in_with_apple the real difference between SIGNIN and SIGNUP. You can't hide this huge conceptual difference within the single "Signin" term. By the way: this is the crucial JS part for those people going mad understanding the flux with this chaotic documentation AppleID.auth.signIn().then((data) => { if('user' in data){ alert("SIGNIN"); console.log(data.user.name.firstName); console.log(data.authorization.id_token); } else { alert("SIGNIN"); // data.user object DOESN'T EXIST, only authorization console.log(data.authorization.id_token); } }); When you are testing the SIGNUP case you have always to delete the permission inside your apple device Settings->Click on your account name->Password & Security-> App that use Apple ID-> Choose the app id associated to your site-> Stop the use of apple id.