---
title: Receiving a User’s Identity Token
framework: signinwithapple
role: article
role_heading: Article
path: signinwithapple/receiving-a-users-identity-token
---

# Receiving a User’s Identity Token

Retrieve the user’s information from Apple Account servers

## Overview

Overview After successfully authenticating the user, the server returns an identity JSON Web Token (JWT), single-use authorization grant code, the state contained in the authorization request, and user identifier to your app. For more information, see Request an authorization to the Sign in with Apple server and id_token. The information you retrieve must include the credentials required to verify the user’s identity. The server returns the credentials and user information based on the initial request. The information that returns can include user identity, full name, verified email address, and real user status. note: If the user signs in with a managed Apple Account, the value of the email claim is a real email address, not a proxy address. Alternatively, if the managed Apple Account is in Apple School Manager, the email claim may be empty. Students, for example, often don’t have an email that the school issues. Use the authorization grant code to verify the token claims with Apple servers, and exchange them for refresh tokens. For more information, see Token validation. Use the user identifier instead of an email address to identify the user. The user identifier remains unique and static for your developer team. If you request the user’s verified email address, Sign in with Apple prompts the user to share it with your app. The user may choose to share their real email address or an anonymous one that uses the private email relay service. In both cases, Apple verifies that the email address works and is ready for use. If you request the user’s full name, Sign in with Apple collects the information to pass along to your app. The name defaults to the user’s name from their Apple Account, but the user can change their name when creating an account. important: Apple doesn’t receive the user’s full name shared with the system UI. The raw data is passed directly to your app from the browser and is not included in the user’s identity token. To help prevent cross-site scripting attacks, validate and sanitize the user-submitted first and last name values before storing on your app servers. For more information, see Communicating using the private email relay service.

## See Also

### Authentication and verification of users

- [Authenticating users with Sign in with Apple](signinwithapple/authenticating-users-with-sign-in-with-apple.md)
- [Verifying a user](signinwithapple/verifying-a-user.md)
- [Processing changes for Sign in with Apple accounts](signinwithapple/processing-changes-for-sign-in-with-apple-accounts.md)
- [Request an authorization to the Sign in with Apple server](signinwithapplerestapi/request-an-authorization-to-the-sign-in-with-apple-server..md)