Apple SSO: Random email address for user - ios

I'm interested to implement Apple SSO through AuthenticationService SDK to my app, but there is a thing that bother me: Will Apple generate new random email address for user every time he use Apple SSO in my app? Or once user use Apple SSO, the generated random email address will always assigned to his real email address forever?
Please provide official document/statement from Apple if you have any answer for my question.
Thank you very much, guys!

It is per app per Apple ID as far as I know. If user signs out, and later signs back in he will receive the same email address unless user has explicitly changed it in settings.
Check this out:
https://support.apple.com/en-il/HT210426#change

Related

Sign in with Apple without email id

My application is rejected twice for the “Apple with sign-in“ option. I try to get an email id after the user chooses apple with a sign-in option but in one scenario somehow I don’t get an email id while doing “Sign in with Apple” functionality. I was trying to find ways to reproduce this issue but couldn’t reproduce. Finally today I got to know that in iPhone after creating Apple ID if you go to settings -> Apple ID, you have an option to remove your email id and use the only phone number in place of email id, in this case, I will never get email id while doing “Sign in with Apple”. Unfortunately, my whole application is working based on email id as a primary parameter. In this case, anyone has any idea that how we can handle the uniqueness of the user without changing the architecture of the application?
So the main issue is If the user is using Apple ID as the mobile
number I am not able to get the email address of the user or phone
number
I am stuck in this issue for one week and apple is rejecting my application. Please help me if anyone Is having any idea about it. Thanks in advance
You can use the next steps.
If your users use an Apple sign in and you didn't get an email of the user, then you can simply redirect him to the specific additional step where he should add his email for the end of the registration. After that, you will get an email of this user and it will not necessary to change the architecture of the app

Sign in with Apple ASAuthorizationAppleIDCredential returns random email when user select 'Hide My Email' option for iOS

When I go through the Sign in with apple I am getting first time exact email address and basic details of the user which I want but second time in response there is no email field in response.
My concern is that I want email address of the user so in future I can send notification email to that particular user. but apple gives random created email, in reality that doesn't exists. How to contact to user in future by email?
You might have to register the outbound email with apple, check this for more information on using the private email provided also look at the sign in with apple docs here.
As far as I know the random created email apple gives is actually connected to user's actual mail id. All the mail you send will be forwarded to it. But they can unlink their mail in future. This gives users some privacy and protection from spamming.
When I was finding solution I got to know, we have to pass an email address for following:
The email addresses you register will be able to send and receive messages to and from customers using Apple’s private email relay service.
Once I added this I am able to send and receive the emails.
https://developer.apple.com/account/resources/services/configure
Short answer :
You need to add sender email id or domain name into to your developer account.
Add your email and domain name.
Long answer
You need to follow below steps:
Log in with your developer account in https://developer.apple.com
Goto More section. Please refer below screenshot.
Click on configure button. Please refer below screenshot.
Add domain and email address, You want to communicate.
Add email and domain here

Cannot get name & email with sign in with Apple on real device

So I'm implementing sign in with Apple, everything goes well on the simulator, I request email, fullName scopes, the authenticate UI shows, and I can get the data, as images shown below:
But when testing on real device (iPadOS 13, iPad 2018), the UI didn't show (it does not asks for name and email on the UI), and I can't get the email, fullName from the response, and I can also confirm that the authorizedScopes are empty, I can only get the user identifier
I believe this is a bug and will file a radar, also posted a discussion on the Apple developer forum (but they usually won't approve my post, I don't know why)
If this is not a bug, can somebody tell me how to fix this?
Thanks
Problem solved! tl;dr
This is an expected behavior
Answered by Apple Engineer
(Original post link: https://forums.developer.apple.com/thread/121496)
Hi aslkdjalksdjasdasd,
This behaves correctly, user info is only sent in the ASAuthorizationAppleIDCredential upon initial user sign up. Subsequent
logins to your app using Sign In with Apple with the same account do
not share any user info and will only return a user identifier in the
ASAuthorizationAppleIDCredential. It is recommened that you securely
cache the initial ASAuthorizationAppleIDCredential containing the user
info until you can validate that an account has succesfully been
created on your server.
Patrick
2019/12/15 Edit
This behavior is also documented on Apple's Sign in with Apple doc, check the documentation.
Ensure that your app relays the credentials and user information to your app servers.
The API collects this information and shares it with your app the first time the user logs in to the app using Sign in with Apple. If the user then uses Sign in with Apple on another device, the API doesn't ask for the user’s name or email again. It collects the information again only if the user stops using Sign in with Apple and later reconnects to your app.
If someone fails in storing "user email", "first-name" first time, then he should follow the following steps:
iPhone Settings -> Apple Id -> Password & Security -> Apple ID logins -> {YOUR APP} > Stop using Apple ID.

Adding Sandbox Tester in iTunes Connect with an existing Apple account

I'm trying to add sandbox testers in iTunes Connect. But I'm getting this error:
The email address you entered already belongs to an existing Apple account. Please try again.
My question is how can I add sandbox testers with existing Apple ID accounts?
Update by Dimitar Nestorov May 2021
I just tried the sub+email trick and it works again.
(Not confirmed by OP)
Update June 2020
So Apple has decided in their infinite power trip to no longer allow the previous sub+email trick to work.
Big thank you to Josef Grunig in the comments for pointing out a new workaround, at least in Gmail.
You can still use the "." trick with gmail accounts: name.surname#gmail.com or namesurname#gmail.com without dot is the same account for Gmail while they are different for Apple Sandbox. Just tried and it worked.
This will allow you to have "multiple" email accounts all going to the same email, since you can put the "." anywhere in the email string before the #.
Example:
s.tandardappleid#apple.com
st.andardappleid#apple.com
sta.ndardappleid#apple.com
stan.dardappleid#apple.com
and so on, and Apple hopefully won't be able to kill this workaround since periods are allowed in email addresses normally.
If any other email providers allow this kind of functionality then feel free to include it in the comments.
The following has been left for historical record
Currently you cannot. The closest you can get is to use an email sub+address, if your email allows it. Gmail does for sure, others probably do too.
So if your normal itunes email is email#gmail.com, then you could set up a sandbox user like email+ios1#gmail.com and then do all the email confirmation and stuff in your normal inbox. This is useful because you don't have to create actual brand new address for the sandbox account.
This is still a huge pain though because itunes sees it as a seperate, unique account from your normal itunes account, and so if you want to try out the sandboxed app, you have to log out of itunes, log in with the new sub addressed account, and then when you are done testing you have to log out of the sub account and log back in with your normal account to have access to all your other apps.
Update April 2017
So I contacted Apple developer support, and after finally getting through their horrible Contact Us system, I got this reply back:
Thank you for reporting your sandbox issue.
Aliasing for sandbox testers is allowed if the main email is already registered in our system as being only a sandbox Apple ID.
The following is an example.
If standardappleid#apple.com is already registered as a regular account, you can not add standardappleid+alias#apple.com as a sandbox tester.
We will not be able to fix this for you as it is expected behavior.
I know it was working with normal apple id email addresses in Feb 2017. So now it looks like you'll have to have one address that is not associated with any Apple account in order to use sub addressing.
EDIT
Just to clarify a little more. If you use email#gmail.com as your main apple id, you can no longer use any variations of it with sandbox testing accounts.
Instead, Apple wants you to make a complete new and unnecessary email account such as email1#gmail.com that hasn't been used as an apple ID, and THEN use that one as your base email for the subaddressing. So once making email1#gmail.com, you could register email1+ios1#gmail.com, and email1+ios2#gmail.com, etc.
The errors
The email address you entered already belongs to an existing Apple account. Please try again.
and
An unknown error has occurred.
and
An error has occurred. Try again later.
are equivalent.
It means that your email address is not accepted. The email field may also be highlighted red when the error message is shown.
Apple blocks these email addresses (this is undocumented):
Existing Apple accounts
Existing Apple accounts with the Gmail + trick added to the sandbox user account
Mailinator
Mailinator alternate domains
Other, undocumented stuff
I'm just going to post the real solution here, since this is what other people are wanting to know:
ANSWER
Login to MyDomain, or GoDaddy or whatever you use to manage your personal domain (if you don't control any domains you can turn in your nerd card now)
Create a new MX record for anon.yourdomain.com and point it to mail.mailinator.com. Or, possibly, realize that you already did this a while ago for some previous reason
Register the sandbox with some email like appleserrormessagessuck#anon.yourdomain.com
Then you're done
I fixed this by creating a brand new (free) Google account myappsandbox#gmail.com and adding that as a new sandbox tester. This makes a new Apple ID for that email address. It's a pain but it worked.
My problem was the password (at least 1 capital letter, 1 number and 1 punctuation char)
If you own a domain and can configure your mail server, many of them allow you to set a "Catch-All" mailbox that receives the e-mails destined to non-existing accounts. This way you can create addresses such as tester123#yourdomain.com and you'll get the verification e-mail.
For each sandbox tester, you’ll need to collect the following information:
Email address that has never been used as an Apple ID to purchase iTunes or App Store content, nor associated with any existing Apple ID. Consider creating a dedicated email address for each sandbox tester.
https://help.apple.com/app-store-connect/#/dev8b997bee1
This means that you cannot use use an existing Apple ID or #icloud.com email as a sandbox tester.
June 2020 Solution
You need a different email address than your standard AppleID. If your AppleID is name#gmail.com, then you have to use a complete different email like othername#gmail.com.
If you use gmail, you can use many test accounts with the same email address (but different from the standard AppleID). Just add a dot to generate multiple test users with the same email address:
othername#gmail.com
o.thername#gmail.com
ot.hername#gmail.com
and so on
The email cannot be associated with an existing account, please see the link below.
Because the email address used to create a sandbox tester account can't be associated with any existing Apple account, consider creating a dedicated email address for each sandbox tester.
https://developer.apple.com/library/ios/documentation/LanguagesUtilities/Conceptual/iTunesConnect_Guide/Chapters/SettingUpUserAccounts.html

iPhone - Add an email account from my app

I want to add an email account from code in the list of accounts to use it later in my app (like iCloud or Gmail accounts). It is possible???
Thank you for advance.
EDIT:
I found the ACAccount class, with this class I will do that??
EDIT 2:
Now, I'm saving the user and password in the keychain. This is a good alternative or no?
It is not possible on a non jailbreaked iOS device. This has to be done by the user manually.
Edit:
If you have gained user and password from the user (legs way) storing it in the keychain is the optimal procedure.
As Volker stated, you can't do it on a non jailbroken device.
The ACAccount class that you refer to is mostly used to get/store credential from a previously configured Facebook, Twitter, Sina Weibo, Trecent Weibo account in your iPhone, which is not the case.
Apple can't grant access to Mail account both read/write.
You can only send an email within your code, by using the Message UI framework.
A valid example on how to use it can be found here.
Hope this helps.

Resources