🐛 Bug Report: Sign in with Apple, user name should not be email

[canbi]

👟 Reproduction steps

Sign in with Apple to any app, you will get user information, in this information you get email as name instead of name itself.

Scope details for Sign in with Apple: ['email', 'name']

👍 Expected behavior

In Sign in with Apple, only on first time login/registration does the app get the name information (if the user has given permission to share). For logins after the first login, the name information is blank (Apple only provides this information the first time). The developer must handle the name information themselves.

👎 Actual Behavior

Name information always comes as an e-mail.

🎲 Appwrite version

Version 1.4.x

💻 Operating system

Linux

🧱 Your Environment

One-click Digital Ocean droplet

👀 Have you spent some time to check if this issue has been raised before?

• I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?

• I have read the Code of Conduct

[matee-safi]

I'm not familiar with php but I think the problem is caused by the getUserName function:

appwrite/src/Appwrite/Auth/OAuth2/Apple.php

Lines 161 to 173 in 5a715ff

	public function getUserName(string $accessToken): string
	{
	if (
	isset($this->claims['email']) &&
	!empty($this->claims['email']) &&
	isset($this->claims['email_verified']) &&
	$this->claims['email_verified'] === 'true'
	) {
	return $this->claims['email'];
	}
	return '';
	}

it does not return the name in any case, the modified version should look like this:

public function getUserName(string $accessToken): string
{
    if (
        isset($this->claims['email']) &&
        !empty($this->claims['email']) &&
        isset($this->claims['email_verified']) &&
        $this->claims['email_verified'] === 'true'
    ) {
        // If the user has email and the email is verified
        return isset($this->claims['name']) ? $this->claims['name'] : $this->claims['email'];
    }

    return '';
}

[stnguyen90]

@canbi, thanks for raising this issue! 🙏🏼 It looks like a lot of the confusion happens because the name isn't always returned.

@matee-safi, have you confirmed what's in the name claim? I found these docs that indicate name is a JSON string like:

{ "name": { "firstName": "string", "lastName": "string" }, "email": "string" }

[matee-safi]

@stnguyen90 No I haven't but you are right the solution is a bit more complex than I imagined, thank you for clarifying 🙏

[xuelink]

@stnguyen90 Let me try to solve it ;) You can assign me.

[stnguyen90]

@behics, assigned! Thanks for your interest!

Related discord thread: https://discord.com/channels/564160730845151244/1206906875245887528

[stnguyen90]

So, it looks like the user's name is only returned when:

1. it's the first time doing OAuth2 w/ Apple
2. it's returned in the redirect back like:

POST https://cloud.appwrite.io/v1/account/sessions/oauth2/callback/apple/[PROJECT ID]

state={"success":"https:\/\/cloud.appwrite.io\/auth\/oauth2\/success","failure":"https:\/\/cloud.appwrite.io\/auth\/oauth2\/failure"}&
code=ksjafljsdklfjsdklfja&
user={"name": {"firstName": "John", "lastName": "Doe"}, "email": "jdoe@example.com"}

This is very different from how all the other OAuth2 providers work and would require us to update the params of the OAuth2 callback and OAuth2 redirect to have the user param.

I'll need to talk to the team to see if we want to move forward with this.

[stnguyen90]

We're hesitating with adding an additional parameter to the endpoint just for Apple because it's not very scalable. What if another provider has another param tomorrow? We need to think about other possible options to handle this better.