providers/apple
AppleProfileβ
See more at: Retrieve the User's Information from Apple ID Servers
Propertiesβ
audβ
aud:
string
The audience registered claim identifies the recipient for which the identity token is intended.
Since the token is meant for your application, the value is the client_id from your developer account.
emailβ
email:
string
A String value representing the user's email address. The email address is either the user's real email address or the proxy address, depending on their status private email relay service.
email_verifiedβ
email_verified: true | "true"
A String or Boolean value that indicates whether the service has verified the email.
The value of this claim is always true, because the servers only return verified email addresses.
The value can either be a String ("true") or a Boolean (true).
expβ
exp:
number
The expiration time registered identifies the time on or after which the identity token expires, in terms of number of seconds since Epoch, in UTC. The value must be greater than the current date/time when verifying the token.
iatβ
iat:
number
The issued at registered claim indicates the time at which Apple issued the identity token, in terms of the number of seconds since Epoch, in UTC.
is_private_emailβ
is_private_email:
boolean| "true" | "false"
A String or Boolean value that indicates whether the email shared by the user is the proxy address.
The value can either be a String ("true" or "false") or a Boolean (true or false).
issβ
The issuer registered claim identifies the principal that issued the identity token.
Since Apple generates the token, the value is https://appleid.apple.com.
nonceβ
nonce:
string
A String value used to associate a client session and the identity token. This value mitigates replay attacks and is present only if passed during the authorization request.
nonce_supportedβ
nonce_supported:
boolean
A Boolean value that indicates whether the transaction is on a nonce-supported platform. If you sent a nonce in the authorization request but don't see the nonce claim in the identity token, check this claim to determine how to proceed. If this claim returns true, you should treat nonce as mandatory and fail the transaction; otherwise, you can proceed treating the nonce as options.
real_user_statusβ
real_user_status: 0 | 1 | 2
An Integer value that indicates whether the user appears to be a real person.
Use the value of this claim to mitigate fraud. The possible values are: 0 (or Unsupported), 1 (or Unknown), 2 (or LikelyReal).
For more information, see ASUserDetectionStatus.
This claim is present only on iOS 14 and later, macOS 11 and later, watchOS 7 and later, tvOS 14 and later;
the claim isn't present or supported for web-based apps.
subβ
sub:
string
The subject registered claim identifies the principal that's the subject of the identity token. Since this token is meant for your application, the value is the unique identifier for the user.
transfer_subβ
transfer_sub:
string
A String value representing the transfer identifier used to migrate users to your team. This claim is present only during the 60-day transfer period after an you transfer an app. For more information, see Bringing New Apps and Users into Your Team.