Apple Login IDP Mapping UI Validation Issue

We recently added support for “Sign in with Apple” using instructions posted here: https://developer.okta.com/docs/guides/add-an-external-idp/apple/create-an-app-at-idp/

Worked like a charm – fantastic instructions and UX. Kudos to your docs people.

However, apparently there are some users who do not have first name and last name configured for Apple, namely their app store people who tests your app before approving it (and anyone who chooses to use Apple’s piracy features).

This then results in this issue when they try to sign in:

Unable to JIT user from the Identity Provider

which is caused by this:

with the following validation errors: firstName field failed validation with value ‘null’: The field cannot be left blank.
lastName field failed validation with value ‘null’: The field cannot be left blank

Since we don’t use first name and last name anyways, I decided to remove it from the Apple IDP mappings and that’s when I noticed this bug. Without me changing anything at all, the default values for the mappings page for Apple cannot be saved/updated at all.

This is without any changes from me at all. There is also no way to change the login mapping, which is probably the correct thing to do here but the validation doesn’t seem to understand that.

A solution to either the JIT user creation problem or the validation problem would be good.

Thanks!

In order to create the user in Okta, the user must have: an email, first name, and last name. This is likely why you’re encountering this error when attempting to JIT the user.

If the issue is with the app store reviewers, you should be able to add App Review Information to your submission to indicate which fields are required.

Thanks @andreaskouras but I think you’ve misunderstood the issue (apologies for not communicating the issue more clearly). The crux of the issue here is that the Okta UI won’t allow me to change any of the mapping fields at all. It generates validation error about the login without me changing it or anything else. The login field mapping isn’t a field I’m allowed to change by the UI yet when I click “Save Mapping” the UI throws a validation error back about that field.