I have tried everything to get the user field returned with Sign in flow and it never does, not for new users, not even if i create a new app! Working with Apple is so frustrating and you have to pay for it!!
Referencing this page, I am using scope=name email. I have tried using + and %20 as the spacer and neither makes a difference. I have also tried setting response_type = code and code id_token (again with + and %20 as the spacer) which also doesn't make a difference. Always the id_token is returned and always the email, but never the user.
AUTHORIZE REQUEST
https://appleid.apple.com/auth/authorize?
{
"response_type": "code",
"client_id": "com.example.service",
"scope": "name email",
"state": "77264297-813c-4738-83ef-f1b77daea04c",
"redirect_uri": "https://example.com/auth/apple/callback",
"code_challenge_method": "S256",
"code_challenge": "2SJCneEpjKcN.....xIIHnpqcvjK_Y0s",
"access_type": "offline",
"nonce": "1734523662",
"response_mode": "form_post"
}
TOKEN REQUEST
https://appleid.apple.com/auth/token?
{
"grant_type": "authorization_code",
"code": "c870aaec987a14.....dqakaGP4Yn1nH3dnPgww",
"client_id": "com.hikesync.service",
"client_secret": "eyJhbGciOiJFUzI....3izij6dojYfdV6JMdbQPx3sOA",
"redirect_uri": "https://hikesync.com/auth/apple/callback",
"code_verifier": "38hHUC....mYuE0zfYVNTycg"
}
RESPONSE
{
"access_token": "a2b70e12d38b446....4hA7-RLNj0ifU5Q",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "rb4ed9be2b4024......w5RWjVFUQ",
"id_token": "eyJraWQiOiJyQlJmV.......0Df0ihEJiA"
}
JWT
{
"iss": "https://appleid.apple.com",
"aud": "SERVICE_ID",
"exp": 1734606699,
"iat": 1734520299,
"sub": "000000.f7f7c0ac.....db9fad7e19.1111",
"nonce": "NONCE",
"at_hash": "NAfjmciTi2NtmPYIMAgjig",
"email": "abc123@privaterelay.appleid.com",
"email_verified": true,
"is_private_email": true,
"auth_time": 1734520297,
"nonce_supported": true
}