amplify-js: signInWithApple does not import firstName and lastName attribute on first sign in

Before opening, please confirm:

I have searched for duplicate or closed issues and discussions.
I have read the guide for submitting bug reports.
I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

JavaScript Framework

React

Amplify APIs

Authentication

Amplify Categories

auth

Environment information

# Put output below this line

Describe the bug

Hi,

Before you ask, I’ve seen previous closed issues on this subject but the accepted answers did not help. I want to import first name and last name attribute for a user that Sign In with Apple for the first time to pre-fill information inputs. Despite my best efforts, I can’t manage to make this happen. I’ve made sure to delete my test user from pool and “stop using apple sign for service” for my app via Apple ID dashboard for every tests, I’ve tried mapping to standard attributes and custom attributes as well to see any difference, I’ve tried to go via hosted UI to get around any implementation problem. All of this gets the same result I can sign in without any problem but cannot get the attributes I am looking for. Can anybody think of something for my problem, I’ve even tried to log pre sign up event via lambda to see if something is up but don’t see any issue, just not the attributes I am looking for. Perhaps it’s from my pool config, I’ll attach some screenshot so maybe someone sees something I don’t.

Thank you all for your help !

PreSignUp event logs :

{  
  version: '1',  
  region: 'eu-central-1',  
  userPoolId: 'MY_POOL_ID',  
  userName: 'signinwithapple_001324.e1a3f6f0f6264f43b3ae0189a97ca8f2.1457',  
  callerContext: {    
    awsSdkVersion: 'aws-sdk-unknown-unknown',    
   clientId: 'MY_CLIENT_ID'  
  },  
  triggerSource: 'PreSignUp_ExternalProvider',  
  request: {    
    userAttributes: {      
      email_verified: 'false',     
      'cognito:email_alias': '',     
      'cognito:phone_number_alias': '',      
       email: 'USER_TEST_MAIL'    
    },    
   validationData: {}  
  },  
  response: {    
    autoConfirmUser: false,    
    autoVerifyEmail: false,    
   autoVerifyPhone: false  
  }
}

Expected behavior

I want my user to have Given Name and Family Name properly mapped to firstName and lastName for a first time apple sign in

Reproduction steps

Delete user from pool, stop using Apple ID for service via apple dashboard and sign in again on my app. Sign in is successful but attributes are not mapped

Code Snippet

<button onClick={() => Auth.federatedSignIn({provider: 'SignInWithApple'})} type="button">
     sign up with apple
</button>

Log output

// Put your logs below this line

aws-exports.js

const config = {
    Auth: {
        userPoolId: MY_POOL_ID,
       userPoolWebClientId: MY_WEB_CLIENT_ID,
       mandatorySignIn: false,
       authenticationFlowType: 'USER_SRP_AUTH',
       oauth: {
            domain: 'MY_DOMAIN.eu-central-1.amazoncognito.com',
            scope: ['phone', 'email', 'profile', 'openid', 'aws.cognito.signin.user.admin'],
            redirectSignIn: config.oauthRedirect,
            redirectSignOut: config.oauthRedirect,
            responseType: 'code' 
        }
    }
}

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

About this issue

Original URL
State: open
Created 2 years ago
Reactions: 4
Comments: 26 (3 by maintainers)

Most upvoted comments

Has this issue been resolved yet? Kinda crazy to add Apple auth in your provided services but not provide the necessary functionality to have it accepted by Apple.

spap975 on Mar 2, 2024

I managed to find a solution:

1 - Make sure you checked “Name” on Authorized scopes in your SignInWithApple (user pools -> identity providers -> SignInWithApple)

2 - After that you must map the fields: Captura de Tela 2023-12-18 às 16 34 01

taylorbyks on Dec 18, 2023

@trobert2 . Our team observed that the reason the attribute sometimes gets mapped is because of the presence of the attribute middleName in the object apple returns to cognito (together with firstName and lastName) In some cases apple doesn’t send this parameter and the mapping happens as expected, but if the parameter is included then it seems the entire name get’s discarded. Unfortunately we haven’t figured it out why sometimes apple sends or doesn’t send this parameter, in some accounts we tested they send middleName as an empty sting even if the user never added a middle name, breaking the mapping Since it looks like a cognito bug, for now our team had to exclude the name mapping from iOS devices

AlanAevo on Feb 6, 2023

I’m having the same issue, has there been any progress on this?

garethrhughes on Jan 27, 2023

I noticed that the attributes are actually mapped correctly after you signed in with Apple for the first time. However, all subsequent calls to SignInWithApple - including the call that is triggered to get a JWT - won’t contain the requested attributes, hence they are removed by Cognito.

There is an answer in the Apple Developer Forums which confirms my observation.

Assuming that Apple won’t change their workflow, there should be two options:

Wait for the Service Team at AWS to handle Apple’s workflow. This would probably have the biggest positive impact for all Cognito users, since the attribute mapping is just not working right now without obvious reason.
Untested workaround: Implement a Lambda trigger that puts the relevant attributes in a DynamoDB table right after the initial sign in but before the first JWT was issued. PostConfirmation should be the right choice. Whenever a JWT is being issued, use the PreTokenGeneration trigger to get the attributes from DynamoDB and add them to the token. I haven’t tested this workaround specifically with SignInWithApple, but I’d be happy if somebody confirms if it works.

After all it’s still unclear to me how SignInWithApple behaves when an attribute changes on Apple side. I assume they add the changed attribute one time to the first response after the attribute was changed.

joeig on Aug 30, 2023

I got the same issue, but finally I found out the solution for this issue.

Add to scope: ‘profile’
Remove your first sign in on apple

It currently works for me now. Share this for everyone. ✌️

Give me a 👍 if you find it helpful. Thanks

suupham2506 on Jan 26, 2024

Hello @arceusVen1, We are having the exact same problemas with Apple’s 4.0 guidelines. It appears they do send the name and lastName in the first login, but Cognito doesn’t seem to be mapping the attributes. Can you please tell us what workaround you’re using to get over this issue?

AlanAevo on Dec 7, 2022

Hi @arceusVen1 👋,

Thank you for raising this issue. I can confirm that I’m able to consistently reproduce this on my end as well. From what I’ve gathered so far, it appears that the Name attributes are either not returned from Apple, or there’s an issue with the attributes mapped on Cognito’s end. Also as @eltaf-buckitapp has mentioned, this issues doesn’t appear to be specific to Amplify JS.

I’m taking a further look into this and will update you once I have additional info.

nadetastic on Sep 29, 2022