Apple provider sets users name as their email #2640

New Issue

GiteaMirror · 2026-03-13T10:10:10-05:00

GiteaMirror commented

2026-03-13 10:10:10 -05:00

Originally created by @darrencarlin on GitHub (Jan 2, 2026).

Originally assigned to: @bytaesu on GitHub.

Is this suited for github?

Yes, this is suited for github

I am using the Apple provider for my app and I've noticed in my database that some people who sign up with this end up having their name set as their email.

My app is a public facing review website and react native app so having their emails shown publicly is not ideal.

I've added a database hook to fix this for now generating a random name.

I believe this code is the culprit:

const name = token.user
	? `${token.user.name?.firstName} ${token.user.name?.lastName}`
	: profile.name || profile.email;

a420081245/packages/core/src/social-providers/apple.ts (L164)

I did search through the issues and didn't find anything similar so figured I would report this issue. Happy to make a PR if we think this is worth changing.

Current vs. Expected behavior

Current:

When a user signs up, their name is set as their email.

Expected

When a user signs up, their name should not be their email.

What version of Better Auth are you using?

1.3.31

System info

{
  "system": {
    "platform": "darwin",
    "arch": "arm64",
    "version": "Darwin Kernel Version 25.1.0: Mon Oct 20 19:32:41 PDT 2025; root:xnu-12377.41.6~2/RELEASE_ARM64_T6000",
    "release": "25.1.0",
    "cpuCount": 10,
    "cpuModel": "Apple M1 Max",
    "totalMemory": "32.00 GB",
    "freeMemory": "0.19 GB"
  },
  "node": {
    "version": "v22.20.0",
    "env": "development"
  },
  "packageManager": {
    "name": "npm",
    "version": "11.6.4"
  },
  "frameworks": [
    {
      "name": "react",
      "version": "19.2.0"
    },
    {
      "name": "hono",
      "version": "^4.9.9"
    }
  ],
  "databases": [
    {
      "name": "pg",
      "version": "^8.16.3"
    },
    {
      "name": "drizzle",
      "version": "^0.44.6"
    },
    {
      "name": "@neondatabase/serverless",
      "version": "^1.0.2"
    }
  ],
  "betterAuth": {
    "version": "^1.3.31",
    "config": {
      "appName": "The Guinness Map",
      "baseURL": "http://localhost:8000/api/auth",
      "databaseHooks": {
        "user": {
          "create": {}
        }
      },
      "trustedOrigins": [
      ],
      "advanced": {
        "disableOriginCheck": true,
        "defaultCookieAttributes": {
          "sameSite": "lax",
          "secure": false
        },
        "database": {}
      },
      "emailAndPassword": {
        "enabled": true,
        "requireEmailVerification": true,
        "password": {}
      },
      "emailVerification": {
        "sendOnSignUp": true,
        "autoSignInAfterVerification": true
      },
      "socialProviders": {
        "google": {
          "prompt": "select_account",
          "clientId": "[REDACTED]",
          "clientSecret": "[REDACTED]",
          "accessType": "offline"
        },
        "apple": {
          "clientId": "[REDACTED]",
          "clientSecret": "[REDACTED]",
          "appBundleIdentifier": "com.darrencarlin.theguinnessmap"
        }
      },
      "account": {
        "accountLinking": {
          "enabled": true,
          "trustedProviders": [
            "google",
            "twitter",
            "apple"
          ],
          "allowDifferentEmails": false
        }
      },
      "user": {
        "additionalFields": {
          "username": {
            "type": "string"
          },
          "country": {
            "type": "string"
          },
          "url": {
            "type": "string"
          },
          "bio": {
            "type": "string"
          },
          "badges": {
            "type": "string[]"
          },
          "publicProfile": {
            "type": "boolean"
          },
          "reviewCount": {
            "type": "number"
          },
          "checkInCount": {
            "type": "number"
          },
          "platform": {
            "type": "string"
          }
        }
      },
      "plugins": [
        {
          "name": "expo",
          "config": {
            "id": "expo",
            "hooks": {
              "after": [
                {}
              ]
            },
            "endpoints": {}
          }
        },
        {
          "name": "open-api",
          "config": {
            "id": "open-api",
            "endpoints": {}
          }
        }
      ]
    }
  }
}

Which area(s) are affected? (Select all that apply)

Backend, Client

Auth config (if applicable)

import { betterAuth } from "better-auth"
export const auth = betterAuth({
  emailAndPassword: {  
    enabled: true
  },
});

Additional context

No response

Originally created by @darrencarlin on GitHub (Jan 2, 2026). Originally assigned to: @bytaesu on GitHub. ### Is this suited for github? - [x] Yes, this is suited for github I am using the Apple provider for my app and I've noticed in my database that some people who sign up with this end up having their name set as their email. My app is a public facing review website and react native app so having their emails shown publicly is not ideal. I've added a database hook to fix this for now generating a random name. I believe this code is the culprit: ```ts const name = token.user ? `${token.user.name?.firstName} ${token.user.name?.lastName}` : profile.name || profile.email; ``` https://github.com/better-auth/better-auth/blob/a420081245802cb77392c24f6c495076d27593b4/packages/core/src/social-providers/apple.ts#L164 I did search through the issues and didn't find anything similar so figured I would report this issue. Happy to make a PR if we think this is worth changing. ### Current vs. Expected behavior Current: When a user signs up, their name is set as their email. Expected When a user signs up, their name should not be their email. ### What version of Better Auth are you using? 1.3.31 ### System info ```bash { "system": { "platform": "darwin", "arch": "arm64", "version": "Darwin Kernel Version 25.1.0: Mon Oct 20 19:32:41 PDT 2025; root:xnu-12377.41.6~2/RELEASE_ARM64_T6000", "release": "25.1.0", "cpuCount": 10, "cpuModel": "Apple M1 Max", "totalMemory": "32.00 GB", "freeMemory": "0.19 GB" }, "node": { "version": "v22.20.0", "env": "development" }, "packageManager": { "name": "npm", "version": "11.6.4" }, "frameworks": [ { "name": "react", "version": "19.2.0" }, { "name": "hono", "version": "^4.9.9" } ], "databases": [ { "name": "pg", "version": "^8.16.3" }, { "name": "drizzle", "version": "^0.44.6" }, { "name": "@neondatabase/serverless", "version": "^1.0.2" } ], "betterAuth": { "version": "^1.3.31", "config": { "appName": "The Guinness Map", "baseURL": "http://localhost:8000/api/auth", "databaseHooks": { "user": { "create": {} } }, "trustedOrigins": [ ], "advanced": { "disableOriginCheck": true, "defaultCookieAttributes": { "sameSite": "lax", "secure": false }, "database": {} }, "emailAndPassword": { "enabled": true, "requireEmailVerification": true, "password": {} }, "emailVerification": { "sendOnSignUp": true, "autoSignInAfterVerification": true }, "socialProviders": { "google": { "prompt": "select_account", "clientId": "[REDACTED]", "clientSecret": "[REDACTED]", "accessType": "offline" }, "apple": { "clientId": "[REDACTED]", "clientSecret": "[REDACTED]", "appBundleIdentifier": "com.darrencarlin.theguinnessmap" } }, "account": { "accountLinking": { "enabled": true, "trustedProviders": [ "google", "twitter", "apple" ], "allowDifferentEmails": false } }, "user": { "additionalFields": { "username": { "type": "string" }, "country": { "type": "string" }, "url": { "type": "string" }, "bio": { "type": "string" }, "badges": { "type": "string[]" }, "publicProfile": { "type": "boolean" }, "reviewCount": { "type": "number" }, "checkInCount": { "type": "number" }, "platform": { "type": "string" } } }, "plugins": [ { "name": "expo", "config": { "id": "expo", "hooks": { "after": [ {} ] }, "endpoints": {} } }, { "name": "open-api", "config": { "id": "open-api", "endpoints": {} } } ] } } } ``` ### Which area(s) are affected? (Select all that apply) Backend, Client ### Auth config (if applicable) ```typescript import { betterAuth } from "better-auth" export const auth = betterAuth({ emailAndPassword: { enabled: true }, }); ``` ### Additional context _No response_

GiteaMirror added the social-provider label 2026-03-13 10:10:10 -05:00

GiteaMirror closed this issue

2026-03-13 10:10:11 -05:00

GiteaMirror commented

2026-03-13 10:10:12 -05:00

@better-auth-agent[bot] commented on GitHub (Jan 2, 2026):

It seems you've encountered a situation where user names are being set to their email addresses when signing up through the Apple provider in your application. You've pinpointed the code responsible for this behavior, which defaults to using the email when the user's name isn't fully parsed.

This behavior appears to be a known issue. As you mentioned, many developers have found this to be problematic, especially in public-facing applications where email addresses shouldn't be displayed as names.

To address this issue, you could propose a change in the code you referenced, or alternatively, consider implementing a fix on your end as you've done by generating a random name for users who sign up via Apple.

If you're interested in pursuing a change to the Better Auth library itself, feel free to draft a Pull Request (PR). The community can benefit greatly from improvements like these! Additionally, if you'd like more insight or suggestions, consider tagging Beka and Max (@bekacru, @ping__) to get their input on this matter.

What do you think your next steps will be? Would you attempt to draft a PR for this behavior?

If you need more help, tag @better-auth-agent in a comment so I can respond.

Diagram • Discord • GitHub

@better-auth-agent[bot] commented on GitHub (Jan 2, 2026): It seems you've encountered a situation where user names are being set to their email addresses when signing up through the Apple provider in your application. You've pinpointed the code responsible for this behavior, which defaults to using the email when the user's name isn't fully parsed. This behavior appears to be a known issue. As you mentioned, many developers have found this to be problematic, especially in public-facing applications where email addresses shouldn't be displayed as names. To address this issue, you could propose a change in the code you referenced, or alternatively, consider implementing a fix on your end as you've done by generating a random name for users who sign up via Apple. If you're interested in pursuing a change to the Better Auth library itself, feel free to draft a Pull Request (PR). The community can benefit greatly from improvements like these! Additionally, if you'd like more insight or suggestions, consider tagging Beka and Max (@bekacru, @ping__) to get their input on this matter. What do you think your next steps will be? Would you attempt to draft a PR for this behavior? _If you need more help, tag @better-auth-agent in a comment so I can respond._  [Diagram](https://repodiagrams.s3.eu-north-1.amazonaws.com/skyvern_ultra_detailed_interactive.html) • [Discord](https://discord.gg/fG2XXEuQX3) • [GitHub](https://github.com/Skyvern-AI/Skyvern) [![Diagram](https://img.shields.io/badge/Diagram-2b3137?style=flat-square)](https://repodiagrams.s3.eu-north-1.amazonaws.com/skyvern_ultra_detailed_interactive.html) [![Join](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&style=flat-square)](https://discord.gg/fG2XXEuQX3) [![Star](https://img.shields.io/badge/star-181717?logo=github&logoColor=white&style=flat-square)](https://github.com/Skyvern-AI/Skyvern)

GiteaMirror commented

2026-03-13 10:10:12 -05:00

@DemaPy commented on GitHub (Jan 3, 2026):

@darrencarlin i think this is expected behavior

@DemaPy commented on GitHub (Jan 3, 2026): @darrencarlin i think this is expected behavior

GiteaMirror commented

2026-03-13 10:10:13 -05:00

@nicolascavallin commented on GitHub (Jan 4, 2026):

@DemaPy why expected? I'm facing same issue

@nicolascavallin commented on GitHub (Jan 4, 2026): @DemaPy why expected? I'm facing same issue

GiteaMirror commented

2026-03-13 10:10:13 -05:00

@DemaPy commented on GitHub (Jan 5, 2026):

@nicolascavallin because this is how code behaves in this auth library. They have added check, id name not exist use email.

You have to providd fix by your end. Just che k whether it is apple and email === name, o you can hide name.

@DemaPy commented on GitHub (Jan 5, 2026): @nicolascavallin because this is how code behaves in this auth library. They have added check, id name not exist use email. You have to providd fix by your end. Just che k whether it is apple and email === name, o you can hide name.

GiteaMirror commented

2026-03-13 10:10:14 -05:00

@nicolascavallin commented on GitHub (Jan 5, 2026):

@DemaPy sorry, I misunderstood. Yes, is expected since no name, surname, full-name is provided by Apple, then use the email, but I was testing, and this are my logs:

 LOG  Credential: {"email": "REDACTED", "fullName": {"familyName": "Cavallin", "givenName": "Nicolas", "middleName": null, "namePrefix": null, "nameSuffix": null, "nickname": null}, "hasAuthorizationCode": true, "hasIdentityToken": true, "realUserStatus": 2, "user": "001341.REDACTED.1128"}
 LOG  JWT FULL payload: {"aud": "REDACTED", "auth_time": 1767648198, "c_hash": "REDACTED", "email": "REDACTED", "email_verified": true, "exp": 1767734598, "iat": 1767648198, "iss": "https://appleid.apple.com", "nonce_supported": true, "real_user_status": 2, "sub": "001341.REDACTED.1128"}

My concern was if Apple was providing or not the data, and seems yes, even, with this payload, I get email as name in better-auth.

@nicolascavallin commented on GitHub (Jan 5, 2026): @DemaPy sorry, I misunderstood. Yes, is expected since no name, surname, full-name is provided by Apple, then use the email, but I was testing, and this are my logs: ``` LOG Credential: {"email": "REDACTED", "fullName": {"familyName": "Cavallin", "givenName": "Nicolas", "middleName": null, "namePrefix": null, "nameSuffix": null, "nickname": null}, "hasAuthorizationCode": true, "hasIdentityToken": true, "realUserStatus": 2, "user": "001341.REDACTED.1128"} LOG JWT FULL payload: {"aud": "REDACTED", "auth_time": 1767648198, "c_hash": "REDACTED", "email": "REDACTED", "email_verified": true, "exp": 1767734598, "iat": 1767648198, "iss": "https://appleid.apple.com", "nonce_supported": true, "real_user_status": 2, "sub": "001341.REDACTED.1128"} ``` My concern was if Apple was providing or not the data, and seems yes, even, with this payload, I get email as name in better-auth.

GiteaMirror commented

2026-03-13 10:10:14 -05:00

@bytaesu commented on GitHub (Jan 7, 2026):

Hi, I'm thinking about this!

@bytaesu commented on GitHub (Jan 7, 2026): Hi, I'm thinking about this!

GiteaMirror referenced this issue

2026-03-13 11:45:35 -05:00

[PR #2640] [MERGED] Use custom errorURL when available #4418

GiteaMirror referenced this issue

2026-04-13 08:31:33 -05:00

[PR #2640] [MERGED] Use custom errorURL when available #12665

GiteaMirror referenced this issue

2026-04-15 20:16:53 -05:00

[PR #2640] [MERGED] Use custom errorURL when available #21319

GiteaMirror referenced this issue

2026-04-17 21:13:37 -05:00

[PR #2640] [MERGED] Use custom errorURL when available #30019

Sign in to join this conversation.

Branches Tags

dependabot/npm_and_yarn/demo/electron/demo-minor-patch-227a091249

dependabot/github_actions/github-actions-98f3470200

2026-05-13/ci/stabilize-docker-startup

dependabot/npm_and_yarn/samlify-2.13.0

changeset-release/main

main

2026-05-22/chore/adopt-agents-md

2026-05-22/refactor/string-case-utils

2026-05-14/fix/passkey-verify-error-and-claim

changeset-release/next

client-assertions-main

2026-05-15/ci/fix-sqlite-abi-mismatch

2026-05-15/fix/organization-team-add-cascade

2026-05-15/fix/parse-set-cookie-value-validation

2026-05-13/feat/captcha-wildcard-endpoints

fix/i18n-before-hook-translation

fix/disable-migration-generate

2026-05-07/fix/admin-set-password-upsert

2026-05-10/fix/cookie-drain-order

2026-05-10/feat/hooks-finally

2026-05-09/fix/cookie-drain-order

2026-05-09/feat/hooks-finally

2026-05-08/feat/register-before-send

fix/stripe/subscription-data-merge

2026-05-01/chore/pnpm-v11-harden

chore/pnpm-v11

2026-04-29/feat/google-include-granted-scopes

2026-04-29/fix/oauth-account-scope-semantics

2026-04-27/fix/nextcookies-idempotent-writes

2026-04-26/fix/harden-proxy-host-validation

2026-04-26/refactor/stripe-callback-signature-cleanup

2026-04-26/fix/stripe-subscription-callback-timing

2026-04-11/fix/sveltekit-app-modules

feat/open-api-zod-contract

feat/oauth-provider-backchannel-logout-next

feat/oauth-idp-initiated-bounce

refactor/sign-in-challenges

2026-04-21/fix/oauth-rfc-input-validation

fix/release-notes-new-packages

fix/two-factor-identity-guard

fix/resource

feat/emailpassword-authorize

2026-04-12/security/dynamic-baseurl-proxy-trust-default

feat/oauth-provider-at-hash-v2

fix/release-grep-fallback

claude/address-review-comments-JhFLr

claude/slack-update-stripe-docs-consistency-8Sc0w

feat/async-auth

fix/two-factor-totp-verified-enrollment

feat/plugin-ui

codex/blog-1-6-release-post

2026-04-06/fix/type-any-guards

2026-04-05/chore/downgrade-better-call

2026-04-04/ci/skip-vercel-fork-prs

2026-03-28/ci/add-autofix-ci

chore/release-preview-script

himself65/2026/02/19/role

2026-03-24/fix/update-user-info-on-link

2026-03-20/docs/improve-website

2026-03-20/fix/anonymous-onlinkaccount-expo

2026-02-17/fix/anonymous-link-state

fix/8607-saml-inresponseto

fix/8549-scim-patch-noop

v1.4.x

refactor/migration-snapshot-tests

worktree-magic-link-additional-data

chore/migrate-build-to-rollup

worktree-fix-dynamic-baseurl-8447

2026-03-06/chore/public-api-check

fix/close-8156-regression-test

fix/secondary-storage-json-error-handling

himself65/verification-namespace

cursor/issue-8307-validation-79a3

himself65/2026/01/30/error-mdx

v1.4.x-staging

fix/email-otp-user

fix/restrict-full-organization-access-roles

himself65/2026/02/12/count

himself65/2026/02/04/define-plugin

2026-02-04/feat/add-pluralize

cursor/better-auth-js-integration-ec21

cursor/expo-state-mismatch-394c

2026-02-01/fix/org-update-role-sync-members

cursor/issue-7607-investigation-e146

cursor/email-generation-helper-0ff6

himself65/2026/01/21/avoid-spread-operator

himself65/2026/01/14/cli

claude/slack-add-docs-pr-NMvgO

claude/slack-add-advanced-useplural-WHKYL

feat/hooks-pos

feat/2fa-phone

feat/2fa

fix/rotation

fix/username-check

v1.3.x

refactor/organization

feat/multiple-client-ids-social-providers

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/better-auth#2640