#How to retrieve the apple email from apple sign in

I already integrated Apple Sign In in my Directus Instance and also can login with it. But it does not send the email address if you login for the first time. Is there something to do in the env of directus or should I set up something from apple ?

It's a known issue with the Apple flow. They only return the user email on specific response types that we don't support. I plan on looking at adding a fix in the near future

Here is the original thread https://discord.com/channels/725371605378924594/1027918993945804852

@median nexus I’ll try to change the response type. Thanks for the link!

Changing the response type won't fix the issue without the proper support in Directus

Ohh 😮

@median nexus How much work would it be? Maybe I could take a look and implement the change?

Not hard. I've already made the change. Just need to test it

Any idea when your pr will be merged?

I couldn't tell you. If everything goes smoothly, probably fairly soon

PR ready https://github.com/directus/directus/pull/16231

Wow this is awesome! Hopefully they merge it soon. Thank you for your effort 👍

And released, if you're able to verify it fixes your issues https://github.com/directus/directus/releases/tag/v9.20.0

Awesome, thanks !

That’s amazing 🤩 Thank you very much 🙏

I’ll check it soon

@median nexus It still does not work 😦

export AUTH_APPLE_DRIVER="openid"
export AUTH_APPLE_CLIENT_ID="com.XXXX.XXXX"
export AUTH_APPLE_CLIENT_SECRET="ey...."
export AUTH_APPLE_ISSUER_URL="https://appleid.apple.com/.well-known/openid-configuration"
export AUTH_APPLE_ALLOW_PUBLIC_REGISTRATION="true"
export AUTH_APPLE_DEFAULT_ROLE_ID="..."
export AUTH_APPLE_SCOPE="name email"
export AUTH_APPLE_IDENTIFIER_KEY="email"
export AUTH_APPLE_PARAMS="{"response_mode":"form_post"}"
export AUTH_APPLE_ICON="apple"

v9.20.4

Post any errors you get

@median nexus

Hm... Looks like the param was never sent. Might be an issue with escaping. Try export AUTH_APPLE_PARAMS={"response_mode":"form_post"}

And verify that "response_mode" is in the apple URL when you get redirected

@median nexus How should the url look like with the response mode?

Nvm, here the apple url:

https://appleid.apple.com/auth/authorize?client_id=com.XXXXXX&scope=name%20email&response_type=code&redirect_uri=https%3A%2F%2FXXXXX.com%2Fauth%2Flogin%2Fapple%2Fcallback&access_type=offline&code_challenge=xxxxxxxx-8kTKc&code_challenge_method=xxxxxx

Doesnt seems to send the response_mode at all

Any errors in your Directus console about not being able to read the PARAMS variable? Ignore that. Directus doesn't log when it fails to parse JSON values 😦

ALSO FUUUUUCK... Discord removed my escaped quotes in my previous message. Lemme try again:

export AUTH_APPLE_PARAMS="{\"response_mode\":\"form_post\"}"

😂

@median nexus Now I got to the apple login page. After entering the credentials and going back to directus, the url says this:

.../admin/login?reason=INVALID_CREDENTIALS

Directus log files:

Nov 04 19:02:13 [18:02:12] GET /auth 304 22ms
Nov 04 19:02:13 [18:02:12] GET /server/info?limit=-1 304 25ms
Nov 04 19:02:15 [18:02:14] GET /auth/login/apple?redirect=https://XXXX.com/admin/login?continue 302 13ms
Nov 04 19:02:20 [18:02:19] POST /auth/login/apple/callback 303 22ms
Nov 04 19:02:20 [18:02:20] GET /server/ping 200 12ms
Nov 04 19:02:21 [18:02:21] WARN (63 on e5c16099-22ca-4f74-a2d3-d5ea17fa4149): [OpenID] Failed to find user identifier for provider "apple"
Nov 04 19:02:21 [18:02:21] WARN (63 on e5c16099-22ca-4f74-a2d3-d5ea17fa4149): Invalid user credentials.
Nov 04 19:02:21 err: {
Nov 04 19:02:21 "type": "InvalidCredentialsException",
Nov 04 19:02:21 "message": "Invalid user credentials.",
Nov 04 19:02:21 "stack":
Nov 04 19:02:21 Error: Invalid user credentials.
Nov 04 19:02:21 at OpenIDAuthDriver.getUserID (/app/code/node_modules/directus/dist/auth/drivers/openid.js:145:19)
Nov 04 19:02:21 at async AuthenticationService.login (/app/code/node_modules/directus/dist/services/authentication.js:45:22)
Nov 04 19:02:21 at async /app/code/node_modules/directus/dist/auth/drivers/openid.js:278:28
Nov 04 19:02:21 "status": 401,
Nov 04 19:02:21 "code": "INVALID_CREDENTIALS",
Nov 04 19:02:21 "extensions": {}
Nov 04 19:02:21 }

The user credentials are correct on apple...

Only this config seems to work, but only openId as scope. Problem is, I do not get the mail or name from apple

export AUTH_APPLE_SCOPE="openid"
export AUTH_APPLE_IDENTIFIER_KEY="sub"

Failed to find user identifier for provider "apple" indicates that the email was not returned by Apple 🤔

@median nexus Does it mean the error is on apple site?

Not necessarily. There are two scenarios: firstly that because you've already approved the account for Directus, subsequent requests use the old scope (without email). You can verify this by revoking Directus access in your Apple account, and trying again

The second one is that Apple may only return the email address the first time you sign in with apple, which would be a PITA. There are some docs describing this scenario

I was unable to test Apple sign in when I made the PR, so my tests have only been with Google using "form_post", but I did ask if Rijk would give it a try. Not sure if he ever did though 😅

@median nexus It WORKED after revoking my directus webapp on my apple id account page

But does it work when you log out, then log back in? ;P

Maybe Apple will screw us yet

Let me try

It did work

Noice 😎