Your client_id in your Apple Developer account.

The hash of the authorization code. It’s only used when you need to validate the authorization code.

[First login only] The user's email address.

[First login only] A Boolean value that indicates whether the service has verified the email. The value of this claim is always true because the servers only return verified email addresses.

The expiry time for the token. This value is typically set to five minutes.

The time the token was issued.

Determine whether email is Apple private (trough relay) one or not. In my testing, is_private_email property will only be present if it is true.

The issuer-registered claim key, which has the value https://appleid.apple.com.

A String value used to associate a client session and an ID token. This value is used to mitigate replay attacks and is present only if passed during the authorization request.

A Boolean value that indicates whether the transaction is on a nonce-supported platform. If you sent a nonce in the authorization request but do not see the nonce claim in the ID token, check this claim to determine how to proceed. If this claim returns true you should treat nonce as mandatory and fail the transaction; otherwise, you can proceed treating the nonce as optional.

The unique identifier for the user.