I’m able to sign a user in successfully via Apple sign in. The logs show that “oauth2-apple” succeeded. However, I am unable to access Realm.User.profile, and when I check the App Users section in the Realm console, there’s a user with an “unknown” Name and the provider shows “Unknown, oauth2-apple” that matches the userId of the user that was successfully signed in via “oauth2-apple” in the logs .
Are there additional steps for Apple sign-in to create a Realm user? Google sign-in automatically creates a Realm user with the user’s Google data, so I thought Apple sign-in might be similar.
I’m having trouble with Apple sign-in. Apple sign-in is able to log a person in, but it looks like Realm is creating an anonymous user for that person in the backend rather than a user with information populated from Apple. The provider information in the Realm console shows “Unknown, oauth2-apple”.
I’m creating a Realm app with:
let realmApp = new Realm.App({
id: APP_ID,
timeout: 10000,
app: {
name: 'default',
version: '0',
}
});
Then, this is how I’m signing a user in through Apple:
So actually, Apple does not give any user information intentionally. The workaround here would be to use Realm’s custom user data to populate any extra information about the user when they login via a Realm
You can do this after the user logs in from the client or via an authentication trigger (these do not support Apple OAuth yet but we’re expecting that should be fixed within the next release in ~2 weeks).
Just out of curiosity, why does storing the Apple user information require an authentication trigger? Apple does receive the email and full name (or requested scopes) for the user the first time a user signs in via Apple (or the first time a user signs in after revoking Apple credentials for the app). The information is available in the identity token that’s passed into Realm.Credentials.apple. Are there any plans to store the user information in the identity token automatically in Realm.User.profile in the future?
Again, thanks for the help! Can’t wait for the next release (:
I mentioned using Authentication triggers as a way to populate Custom User Data as that is a standard pattern that developers use when developing with Realm.
I believe the reason we chose not to populate name/email is that they can’t be trusted and the email address could sometimes be an alias - see article from Okta here
Note: Apple will send the user’s name and email in the form post response back to your redirect URL. You should not treat these values as authoritative, because like the OAuth Implicit flow, the data cannot be safely trusted at this point. Unfortunately Apple does not return the user’s name in the ID token where it would be safe to trust.
If you have suggestions based on Apple’s current API that might improve the experience, feel free to drop a suggestion here so we can track collective feedback from the community. Hope this was helpful!
Does it mean that with Apple Auth the email and username are unavailable? Or it’s only in a currentUser.profile, while we still can get the user’s email and username in auth trigger via user.data.email and user.data.name?
I am using the same code as Jerry_Wang. I would like to know the e-mail and name provided by the user via “Sign in with Apple”. user.profile.email is populated, but user.profile.name is not. From the Apple Authentication both are available. Is there a way to get the name from the profile or store it in CustomData upon creation?
