Turns out you do need to actually ask for the email of the apple user, and I had just not realized this because once a users grants it, even if it's not asked for in scopes in the future, it'll keep sending it

arimendelow · arimendelow · commit 593169205f29 · 2023-09-08T23:45:22.000-07:00
diff --git a/api/src/OAuthHandler.ts b/api/src/OAuthHandler.ts
@@ -139,14 +139,14 @@ export class OAuthHandler<
   /** class constant: maps the functions to their required HTTP verb for access */
   static get VERBS(): Record<OAuthMethodNames, 'GET' | 'POST' | 'DELETE'> {
     return {
-      linkAppleAccount: 'GET',
+      linkAppleAccount: 'POST',
       linkGitHubAccount: 'GET',
       linkGoogleAccount: 'GET',
       unlinkAccount: 'DELETE',
-      loginWithApple: 'GET',
+      loginWithApple: 'POST',
       loginWithGitHub: 'GET',
       loginWithGoogle: 'GET',
-      signupWithApple: 'GET',
+      signupWithApple: 'POST',
       signupWithGitHub: 'GET',
       signupWithGoogle: 'GET',
       getConnectedAccounts: 'GET',
diff --git a/web/src/oauth.ts b/web/src/oauth.ts
@@ -168,12 +168,10 @@ export default class OAuthClient {
     switch (provider) {
       case 'apple':
         /**
-         * no matter what you put here, you don't get anything back in the initial response, even though
+         * no matter what you put here, you don't get name back in the initial response, even though
          * the apple documentation says it'll send back a 'user' object with the email and name (https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/incorporating_sign_in_with_apple_into_other_platforms/#3332115).
-         * additionally, no matter what you put here, you still get the email in the ID token.
          */
-        scope = ''
-        // scope = 'name email'
+        scope = 'name email'
         break
       case 'github':
         scope = 'read:user user:email'
@@ -191,8 +189,7 @@ export default class OAuthClient {
     switch (provider) {
       case 'apple':
         clientSpecificOptions = {
-          response_mode: 'query',
-          // response_mode: 'form_post',
+          response_mode: 'form_post',
         }
         break
       case 'github':
