diff --git a/server/handlers/oauth_callback.go b/server/handlers/oauth_callback.go
index 8b25618..36681b2 100644
--- a/server/handlers/oauth_callback.go
+++ b/server/handlers/oauth_callback.go
@@ -492,8 +492,8 @@ func processAppleUserInfo(code string) (models.User, error) {
 	fmt.Println("=> claims", claims)
 
 	if val, ok := claims["email"]; !ok {
-		log.Debug("Failed to extract email from claims")
-		return user, fmt.Errorf("unable to extract email")
+		log.Debug("Failed to extract email from claims.")
+		return user, fmt.Errorf("unable to extract email, please check the scopes enabled for your app. It needs `email`, `name` scopes")
 	} else {
 		user.Email = val.(string)
 	}
diff --git a/server/handlers/oauth_login.go b/server/handlers/oauth_login.go
index fae2527..aaee2a6 100644
--- a/server/handlers/oauth_login.go
+++ b/server/handlers/oauth_login.go
@@ -184,7 +184,8 @@ func OAuthLoginHandler() gin.HandlerFunc {
 				return
 			}
 			oauth.OAuthProviders.AppleConfig.RedirectURL = hostname + "/oauth_callback/" + constants.SignupMethodApple
-			url := oauth.OAuthProviders.AppleConfig.AuthCodeURL(oauthStateString, oauth2.SetAuthURLParam("response_mode", "form_post"))
+			// Scope from the root config was not passed for apple login
+			url := oauth.OAuthProviders.AppleConfig.AuthCodeURL(oauthStateString, oauth2.SetAuthURLParam("response_mode", "form_post"), oauth2.SetAuthURLParam("scope", "name email"))
 			c.Redirect(http.StatusTemporaryRedirect, url)
 		default:
 			log.Debug("Invalid oauth provider: ", provider)
diff --git a/server/oauth/oauth.go b/server/oauth/oauth.go
index a320d68..9172890 100644
--- a/server/oauth/oauth.go
+++ b/server/oauth/oauth.go
@@ -130,7 +130,6 @@ func InitOAuth() error {
 				AuthURL:  "https://appleid.apple.com/auth/authorize",
 				TokenURL: "https://appleid.apple.com/auth/token",
 			},
-			Scopes: []string{"openid", "name", "email"},
 		}
 	}