Receiving a User’s Identity Token
Retrieve the user’s information from Apple Account servers
Overview
After successfully authenticating the user, the server returns an identity JSON Web Token (JWT), single-use authorization grant code, the state contained in the authorization request, and user identifier to your app. For more information, see Request an authorization to the Sign in with Apple server and id_token.
The information you retrieve must include the credentials required to verify the user’s identity. The server returns the credentials and user information based on the initial request. The information that returns can include user identity, full name, verified email address, and real user status.
Use the authorization grant code to verify the token claims with Apple servers, and exchange them for refresh tokens. For more information, see Token validation.
Use the user identifier instead of an email address to identify the user. The user identifier remains unique and static for your developer team.
If you request the user’s verified email address, Sign in with Apple prompts the user to share it with your app. The user may choose to share their real email address or an anonymous one that uses the private email relay service. In both cases, Apple verifies that the email address works and is ready for use.
If you request the user’s full name, Sign in with Apple collects the information to pass along to your app. The name defaults to the user’s name from their Apple Account, but the user can change their name when creating an account.
For more information, see Communicating using the private email relay service.