unfortunatelly, Apple returns weird success response..

Author: nov

lib/omniauth/strategies/apple.rb

@@ -100,7 +100,12 @@ def fetch_jwks
         end
         res = conn.get 'https://appleid.apple.com/auth/keys'
         if res.success?
-          res.body
+          jwks = res.body
+          if jwks.is_a?(Hash)
+            jwks
+          else
+            fail!(:jwks_fetching_failed, CallbackError.new(:jwks_fetching_failed, "Invalid format of JWKS returned: #{jwks}"))
+          end
         else
           fail!(:jwks_fetching_failed, CallbackError.new(:jwks_fetching_failed, 'HTTP Error when fetching JWKs'))
         end

spec/omniauth/strategies/apple_spec.rb

@@ -380,5 +380,24 @@
         subject.info
       end
     end
+
+    context 'when JWKS format is missing :keys' do
+      before do
+        stub_request(:get, 'https://appleid.apple.com/auth/keys').to_return(
+          body: 'true',
+          headers: {
+            'Content-Type': 'application/json'
+          }
+        )
+      end
+
+      it do
+        expect(subject).to receive(:fail!).with(
+          :jwks_fetching_failed,
+          instance_of(OmniAuth::Strategies::OAuth2::CallbackError)
+        )
+        subject.info
+      end
+    end
   end
 end