Known issues and limitations
The following are known issues or limitations for the Apple Cloud Identity Connector.
Known limitations
-
Sign in with Apple ID does not create a session in the browser, so sign in is required every time and there is no single logout function.
-
Apple handles scope requests in a unique way:
-
The
emailscope behaves as follows:
-
If you request this scope the first time a user signs on, Apple will return the email address. If you then request this scope at a later time, Apple will return the email address.
-
If you do not request this scope the first time a user signs on, Apple will not return the email address. If you then request this scope at a later time, Apple will not return the email address.
-
-
The
namescope behaves as follows:
-
If you request this scope the first time a user signs on, Apple will return the name. If you then request this scope at a later time, Apple will not return the name.
-
If you do not request this scope the first time a user signs on, Apple will not return the name. If you then request this scope at a later time, Apple will not return the name.
-
If you need these attributes, have your application capture and store the values.
-
To reset these scenarios, the user has to manually revoke permissions from your application and then sign in again.