We recently added support for “Sign in with Apple” using instructions posted here: https://developer.okta.com/docs/guides/add-an-external-idp/apple/create-an-app-at-idp/
Worked like a charm – fantastic instructions and UX. Kudos to your docs people.
However, apparently there are some users who do not have first name and last name configured for Apple, namely their app store people who tests your app before approving it (and anyone who chooses to use Apple’s piracy features).
This then results in this issue when they try to sign in:
Unable to JIT user from the Identity Provider
which is caused by this:
with the following validation errors: firstName field failed validation with value ‘null’: The field cannot be left blank.
lastName field failed validation with value ‘null’: The field cannot be left blank
Since we don’t use first name and last name anyways, I decided to remove it from the Apple IDP mappings and that’s when I noticed this bug. Without me changing anything at all, the default values for the mappings page for Apple cannot be saved/updated at all.
This is without any changes from me at all. There is also no way to change the login mapping, which is probably the correct thing to do here but the validation doesn’t seem to understand that.
A solution to either the JIT user creation problem or the validation problem would be good.