davinci_pas_test_kit 0.12.2 → 0.13.0

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/client_tests/pas_client_approval_submit_test.rb

@@ -1,11 +1,14 @@
 require_relative '../../../urls'
+require_relative '../../../descriptions'
 require_relative '../../../user_input_response'
+require_relative '../../../session_identification'
 
 module DaVinciPASTestKit
   module DaVinciPASV201
     class PASClientApprovalSubmitTest < Inferno::Test
       include URLs
       include UserInputResponse
+      include SessionIdentification
 
       id :pas_client_v201_approval_submit_test
       title 'Client submits a claim using the $submit operation'
@@ -17,12 +20,6 @@ module DaVinciPASTestKit
       verifies_requirements 'hl7.fhir.us.davinci-pas_2.0.1@58', 'hl7.fhir.us.davinci-pas_2.0.1@62',
                             'hl7.fhir.us.davinci-pas_2.0.1@70', 'hl7.fhir.us.davinci-pas_2.0.1@202'
 
-      input :access_token,
-            title: 'Access Token',
-            description: %(
-              Access token that the client will provide in the Authorization header of each request
-              made during this test.
-            )
       input :approval_json_response,
             title: 'Claim approved response JSON',
             type: 'textarea',
@@ -34,6 +31,19 @@ module DaVinciPASTestKit
               If not provided, an approval response will be generated from the submitted Claim.
               In either case, the response will be validated against the PAS Response Bundle profile.
             )
+      input :client_id,
+            title: 'Client Id',
+            type: 'text',
+            optional: true,
+            locked: true,
+            description: INPUT_CLIENT_ID_LOCKED
+      input :session_url_path,
+            title: 'Session-specific URL path extension',
+            type: 'text',
+            optional: true,
+            locked: true,
+            description: INPUT_SESSION_URL_PATH_LOCKED
+
       submit_respond_with :approval_json_response
 
       run do
@@ -47,16 +57,17 @@ module DaVinciPASTestKit
           ))
         end
 
+        wait_identifier = session_wait_identifier(client_id, session_url_path)
+        submit_endpoint = session_endpont_url(:submit, client_id, session_url_path)
+
         wait(
-          identifier: access_token,
+          identifier: wait_identifier,
           message: %(
             **Approval Workflow Test**:
 
             Submit a PAS request to
 
-            `#{submit_url}`
-
-            The request must have an `Authorization` header with the value `Bearer #{access_token}`.
+            `#{submit_endpoint}`
 
             If the optional '**#{input_title(:approval_json_response)}**' input is populated, it will
             be returned, updated with current timestamps. Otherwise, an approval response will

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/client_tests/pas_client_denial_submit_test.rb

@@ -1,10 +1,13 @@
 require_relative '../../../urls'
+require_relative '../../../descriptions'
 require_relative '../../../user_input_response'
+require_relative '../../../session_identification'
 
 module DaVinciPASTestKit
   module DaVinciPASV201
     class PASClientDenialSubmitTest < Inferno::Test
       include URLs
+      include SessionIdentification
       include UserInputResponse
 
       id :pas_client_v201_denial_submit_test
@@ -17,12 +20,6 @@ module DaVinciPASTestKit
       verifies_requirements 'hl7.fhir.us.davinci-pas_2.0.1@58', 'hl7.fhir.us.davinci-pas_2.0.1@62',
                             'hl7.fhir.us.davinci-pas_2.0.1@70', 'hl7.fhir.us.davinci-pas_2.0.1@202'
 
-      input :access_token,
-            title: 'Access Token',
-            description: %(
-              Access token that the client will provide in the Authorization header of each request
-              made during this test.
-            )
       input :denial_json_response,
             title: 'Claim denied response JSON',
             type: 'textarea',
@@ -34,6 +31,18 @@ module DaVinciPASTestKit
               If not provided, a denial response will be generated from the submitted Claim.
               In either case, the response will be validated against the PAS Response Bundle profile.
             )
+      input :client_id,
+            title: 'Client Id',
+            type: 'text',
+            optional: true,
+            locked: true,
+            description: INPUT_CLIENT_ID_LOCKED
+      input :session_url_path,
+            title: 'Session-specific URL path extension',
+            type: 'text',
+            optional: true,
+            locked: true,
+            description: INPUT_SESSION_URL_PATH_LOCKED
       submit_respond_with :denial_json_response
 
       run do
@@ -47,16 +56,17 @@ module DaVinciPASTestKit
           ))
         end
 
+        wait_identifier = session_wait_identifier(client_id, session_url_path)
+        submit_endpoint = session_endpont_url(:submit, client_id, session_url_path)
+
         wait(
-          identifier: access_token,
+          identifier: wait_identifier,
           message: %(
             **Denial Workflow Test**:
 
             Submit a PAS request to
 
-            `#{submit_url}`
-
-            The request must have an `Authorization` header with the value `Bearer #{access_token}`.
+            `#{submit_endpoint}`
 
             If the optional '**#{input_title(:denial_json_response)}**' input is populated, it will
             be returned, updated with current timestamps. Otherwise, a denial response will

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/client_tests/pas_client_inquire_must_support_test.rb

@@ -1,9 +1,12 @@
 require_relative '../../../urls'
+require_relative '../../../descriptions'
+require_relative '../../../session_identification'
 
 module DaVinciPASTestKit
   module DaVinciPASV201
     class PASClientInquireMustSupportTest < Inferno::Test
       include URLs
+      include SessionIdentification
 
       id :pas_client_inquire_v201_must_support_test
       title 'Client inquires about claims using the $inquire operation to demonstrate coverage of must support elements'
@@ -11,17 +14,26 @@ module DaVinciPASTestKit
         This test allows the client to send $inquire requests in addition to any already sent in previous test groups
         for Inferno to evaluate coverage of must support elements.
       )
-      input :access_token,
-            title: 'Access Token',
-            description: %(
-              Access token that the client will provide in the Authorization header of each request
-              made during this test.
-            )
+      input :client_id,
+            title: 'Client Id',
+            type: 'text',
+            optional: true,
+            locked: true,
+            description: INPUT_CLIENT_ID_LOCKED
+      input :session_url_path,
+            title: 'Session-specific URL path extension',
+            type: 'text',
+            optional: true,
+            locked: true,
+            description: INPUT_SESSION_URL_PATH_LOCKED
       config options: { accepts_multiple_requests: true }
 
       run do
+        wait_identifier = session_wait_identifier(client_id, session_url_path)
+        inquire_endpoint = session_endpont_url(:inquire, client_id, session_url_path)
+
         wait(
-          identifier: access_token,
+          identifier: wait_identifier,
           message: %(
             The client system may now make multiple $inquire requests before continuing. These requests should
             cumulatively demonstrate coverage of all required profiles and all must support elements within those
@@ -40,9 +52,9 @@ module DaVinciPASTestKit
 
             Submit PAS requests to
 
-            `#{inquire_url}`
+            `#{inquire_endpoint}`
 
-            and [click here](#{resume_pass_url}?token=#{access_token}) when done.
+            and [click here](#{resume_pass_url}?token=#{wait_identifier}) when done.
           )
         )
       end

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/client_tests/pas_client_pended_submit_test.rb

@@ -1,11 +1,14 @@
 require_relative '../../../urls'
+require_relative '../../../descriptions'
 require_relative '../../../user_input_response'
 require_relative '../../../pas_bundle_validation'
+require_relative '../../../session_identification'
 
 module DaVinciPASTestKit
   module DaVinciPASV201
     class PASClientPendedSubmitTest < Inferno::Test
       include URLs
+      include SessionIdentification
       include UserInputResponse
       include PasBundleValidation
 
@@ -25,12 +28,6 @@ module DaVinciPASTestKit
                             'hl7.fhir.us.davinci-pas_2.0.1@203'
 
       config options: { accepts_multiple_requests: true }
-      input :access_token,
-            title: 'Access Token',
-            description: %(
-              Access token that the client will provide in the Authorization header of each request
-              made during this test.
-            )
       input :notification_bundle,
             title: 'Claim updated notification JSON',
             type: 'textarea',
@@ -77,6 +74,19 @@ module DaVinciPASTestKit
               in the `channel.header` element. If a value for the `authorization` header is provided in
               `channel.header`, this value will override it.
             )
+      input :client_id,
+            title: 'Client Id',
+            type: 'text',
+            optional: true,
+            locked: true,
+            description: INPUT_CLIENT_ID_LOCKED
+      input :session_url_path,
+            title: 'Session-specific URL path extension',
+            type: 'text',
+            optional: true,
+            locked: true,
+            description: INPUT_SESSION_URL_PATH_LOCKED
+
       submit_respond_with :pended_json_response
       inquire_respond_with :inquire_json_response
 
@@ -120,17 +130,19 @@ module DaVinciPASTestKit
           ))
         end
 
+        wait_identifier = session_wait_identifier(client_id, session_url_path)
+        submit_endpoint = session_endpont_url(:submit, client_id, session_url_path)
+        inquire_endpoint = session_endpont_url(:inquire, client_id, session_url_path)
+
         wait(
-          identifier: access_token,
+          identifier: wait_identifier,
           timeout: 600,
           message: %(
             **Pended Workflow Test**:
 
             1. Submit a PAS request to
 
-            `#{submit_url}`
-
-            The request must have an `Authorization` header with the value `Bearer #{access_token}`.
+            `#{submit_endpoint}`
 
             If the optional '**#{input_title(:pended_json_response)}**' input is populated, it will
             be returned, updated with current timestamps. Otherwise, a pended response will
@@ -144,9 +156,7 @@ module DaVinciPASTestKit
 
             3. Once the notification has been received, submit a PAS inquiry request to
 
-            `#{inquire_url}`
-
-            The request must have an `Authorization` header with the value `Bearer #{access_token}`.
+            `#{inquire_endpoint}`
 
             If the optional '**#{input_title(:inquire_json_response)}**' input is populated, it will
             be returned, updated with current timestamps. Otherwise, an approval response will
@@ -158,7 +168,7 @@ module DaVinciPASTestKit
             to be able to faithfully answer the attestations.
 
             Once the client has completed these steps,
-            [click here to complete the test](#{resume_pass_url}?token=#{access_token})
+            [click here to complete the test](#{resume_pass_url}?token=#{wait_identifier})
             and continue Inferno's evaluation of the interaction.
           )
         )

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/client_tests/pas_client_response_attest.rb

@@ -12,12 +12,6 @@ module DaVinciPASTestKit
         the receipt of response and attest that users are able to see the appropriate
         updates to the corresponding prior authorization request in their system.
       )
-      input :access_token,
-            title: 'Access Token',
-            description: %(
-              Access token that the client will provide in the Authorization header of each request
-              made during this test.
-            )
 
       def workflow_tag
         config.options[:workflow_tag]
@@ -39,16 +33,17 @@ module DaVinciPASTestKit
       end
 
       run do
+        identifier = SecureRandom.hex(32)
         wait(
-          identifier: access_token,
+          identifier:,
           message: %(
             **#{workflow_name} Workflow Test**:
 
             #{attest_message}
 
-            [Click here](#{resume_pass_url}?token=#{access_token}) if the above statement is **true**.
+            [Click here](#{resume_pass_url}?token=#{identifier}) if the above statement is **true**.
 
-            [Click here](#{resume_fail_url}?token=#{access_token}) if the above statement is **false**.
+            [Click here](#{resume_fail_url}?token=#{identifier}) if the above statement is **false**.
           )
         )
       end

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/client_tests/pas_client_submit_must_support_test.rb

@@ -1,9 +1,12 @@
 require_relative '../../../urls'
+require_relative '../../../descriptions'
+require_relative '../../../session_identification'
 
 module DaVinciPASTestKit
   module DaVinciPASV201
     class PASClientSubmitMustSupportTest < Inferno::Test
       include URLs
+      include SessionIdentification
 
       id :pas_client_submit_v201_must_support_test
       title 'Client submits claims using the $submit operation to demonstrate coverage of must support elements'
@@ -14,17 +17,26 @@ module DaVinciPASTestKit
       verifies_requirements 'hl7.fhir.us.davinci-pas_2.0.1@58', 'hl7.fhir.us.davinci-pas_2.0.1@62',
                             'hl7.fhir.us.davinci-pas_2.0.1@70', 'hl7.fhir.us.davinci-pas_2.0.1@202'
 
-      input :access_token,
-            title: 'Access Token',
-            description: %(
-              Access token that the client will provide in the Authorization header of each request
-              made during this test.
-            )
+      input :client_id,
+            title: 'Client Id',
+            type: 'text',
+            optional: true,
+            locked: true,
+            description: INPUT_CLIENT_ID_LOCKED
+      input :session_url_path,
+            title: 'Session-specific URL path extension',
+            type: 'text',
+            optional: true,
+            locked: true,
+            description: INPUT_SESSION_URL_PATH_LOCKED
       config options: { accepts_multiple_requests: true }
 
       run do
+        wait_identifier = session_wait_identifier(client_id, session_url_path)
+        submit_endpoint = session_endpont_url(:submit, client_id, session_url_path)
+
         wait(
-          identifier: access_token,
+          identifier: wait_identifier,
           message: %(
             The client system may now make multiple $submit requests before continuing. These requests should
             cumulatively demonstrate coverage of all required profiles and all must support elements within those
@@ -49,9 +61,9 @@ module DaVinciPASTestKit
 
             Submit PAS requests to
 
-            `#{submit_url}`
+            `#{submit_endpoint}`
 
-            and [click here](#{resume_pass_url}?token=#{access_token}) when done.
+            and [click here](#{resume_pass_url}?token=#{wait_identifier}) when done.
           )
         )
       end

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/client_tests/pas_client_subscription_create_test.rb

@@ -1,9 +1,12 @@
 require_relative '../../../urls'
+require_relative '../../../descriptions'
+require_relative '../../../session_identification'
 
 module DaVinciPASTestKit
   module DaVinciPASV201
     class PASClientSubscriptionCreateTest < Inferno::Test
       include URLs
+      include SessionIdentification
 
       id :pas_client_v201_subscription_create_test
       title 'Client submits a Subscription Creation Request'
@@ -14,33 +17,40 @@ module DaVinciPASTestKit
       verifies_requirements 'hl7.fhir.us.davinci-pas_2.0.1@137', 'hl7.fhir.us.davinci-pas_2.0.1@140',
                             'hl7.fhir.us.davinci-pas_2.0.1@142'
 
-      input :access_token,
-            title: 'Access Token',
-            description: %(
-              Access token that the client will provide in the Authorization header of each request
-              made during this test.
-            )
+      input :client_id,
+            title: 'Client Id',
+            type: 'text',
+            optional: true,
+            locked: true,
+            description: INPUT_CLIENT_ID_LOCKED
+      input :session_url_path,
+            title: 'Session-specific URL path extension',
+            type: 'text',
+            optional: true,
+            locked: true,
+            description: INPUT_SESSION_URL_PATH_LOCKED
       input :client_endpoint_access_token,
             optional: true,
             title: 'Client Notification Access Token',
             description: %(
               The bearer token that Inferno will send on requests to the client under test's rest-hook notification
-              endpoint. Not needed if the client under test will create a Subscription with an appropriate header value
-              in the `channel.header` element. If a value for the `authorization` header is provided in
-              `channel.header`, this value will override it.
+              endpoint, including handshake notifications sent after Subscription creation. Not needed if the client
+              under test will create a Subscription with an appropriate header value in the `channel.header` element.
+              If a value for the `authorization` header is provided in `channel.header`, this value will override it.
             )
 
       run do
+        wait_identifier = session_wait_identifier(client_id, session_url_path)
+        subscription_endpoint = session_endpont_url(:subscription, client_id, session_url_path)
+
         wait(
-          identifier: access_token,
+          identifier: wait_identifier,
           message: %(
             **Subscription Creation Test**:
 
             Submit a POST with a Subscription to:
 
-            `#{fhir_subscription_url}`
-
-            The request must have an `Authorization` header with the value `Bearer #{access_token}`.
+            `#{subscription_endpoint}`
 
             Upon receipt, Inferno will send a handshake request to verify that notifications can be
             delivered and continue the test with a pass or fail based on the result.

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/client_tests/pas_client_subscription_pas_conformance_test.rb

@@ -1,8 +1,12 @@
 # frozen_string_literal: true
 
+require_relative '../../../pas_subscription_verification'
+
 module DaVinciPASTestKit
   module DaVinciPASV201
     class SubscriptionPASConformanceTest < Inferno::Test
+      include PASSubscriptionVerification
+
       id :pas_client_v201_subscription_pas_conformance_test
       title 'Client Subscription PAS Conformance Verification'
       description %(
@@ -19,30 +23,7 @@ module DaVinciPASTestKit
         skip_if(requests.none?, 'Inferno did not receive a Subscription creation request')
         subscription_resource = request.request_body
 
-        assert_valid_json(subscription_resource)
-        subscription = JSON.parse(subscription_resource)
-
-        unless subscription['criteria'] == 'http://hl7.org/fhir/us/davinci-pas/SubscriptionTopic/PASSubscriptionTopic'
-          add_message('error', %(
-            The created Subscription must use the PAS-defined Subscription topic
-            `http://hl7.org/fhir/us/davinci-pas/SubscriptionTopic/PASSubscriptionTopic`
-            in the `Subscription.criteria` element.
-          ))
-        end
-
-        filter_criteria = subscription.dig('_criteria', 'extension')
-          &.select do |ext|
-            ext['url'] == 'http://hl7.org/fhir/uv/subscriptions-backport/StructureDefinition/backport-filter-criteria'
-          end
-        unless filter_criteria&.length == 1
-          add_message('error', %(
-            The created Subscription must include a single filter on the submitting organization
-            in the `Subscription.criteria.extension` element.
-          ))
-        end
-
-        assert messages.none? { |msg| msg[:type] == 'error' },
-               'The Created Subscription does not conform to PAS requirements - see messages for details.'
+        verify_pas_subscription(subscription_resource)
       end
     end
   end

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/error_tests/pas_inquiry_error_test.rb

@@ -19,6 +19,7 @@ module DaVinciPASTestKit
         via the error capability.
       )
       makes_request :pa_invalid_inquiry
+      verifies_requirements 'hl7.fhir.us.davinci-pas_2.0.1@112', 'hl7.fhir.us.davinci-pas_2.0.1@113'
 
       run do
         file_path = File.join(File.dirname(__FILE__), 'nonconformant_pas_bundle.json')

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/error_tests/pas_submission_error_test.rb

@@ -20,7 +20,9 @@ module DaVinciPASTestKit
 
         The server SHOULD respond within 15 seconds.
       }
-      verifies_requirements 'hl7.fhir.us.davinci-pas_2.0.1@70'
+      verifies_requirements 'hl7.fhir.us.davinci-pas_2.0.1@104', 'hl7.fhir.us.davinci-pas_2.0.1@105',
+                            'hl7.fhir.us.davinci-pas_2.0.1@106', 'hl7.fhir.us.davinci-pas_2.0.1@112',
+                            'hl7.fhir.us.davinci-pas_2.0.1@113'
 
       output :response_time
       makes_request :pa_invalid_request

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/notification/pas_subscription_notification_test.rb

@@ -1,40 +1,44 @@
+require_relative '../../../urls'
+
 module DaVinciPASTestKit
   module DaVinciPASV201
+    # TODO: none of file name, class name, or ID match
     class PasUpdateNotificationTest < Inferno::Test
+      include URLs
       id :prior_auth_claim_response_update_notification_validation
       title 'Server notifies the client that the pended claim was updated.'
       description %(
         This test validates that the server can notify the client that a final
         decision has been made about a pended claim so that the client can query
-        for the details. Currently, testers attest that the decision on the prior
-        authorization request has been finalized so that Inferno can check the rest of
-        the pended workflow. In the future, Inferno will validate that the server
-        can accept requests for a subscription and send notifications alerting the client
-        to the availability of updates to the prior authorization request (see details on this limitation
-        [here](https://github.com/inferno-framework/davinci-pas-test-kit/blob/main/lib/davinci_pas_test_kit/docs/server_suite_description_v201.md#testing-limitations)).
+        for the details. This test depends on prior successful subscription creation in
+        Test Group **1 Subscription Setup**.
       )
+      verifies_requirements 'hl7.fhir.us.davinci-pas_2.0.1@141'
+
+      input :access_token,
+            title: 'Notification Access Token',
+            description: %(
+              An access token that the server under test will send to Inferno on notifications
+              so that the request gets associated with this test session. The token must be
+              provided as a `Bearer` token in the `Authorization` header of HTTP requests
+              sent to Inferno.
+            )
 
       run do
-        token = SecureRandom.hex(32)
-        # rubocop:disable Layout/LineLength
         wait(
-          identifier: token,
+          identifier: "notification #{access_token}",
           message: %(
-            Inferno has received a 'Pended' claim response indicating that a final decision
-            has not yet been made on the prior authorization request.
+            Inferno has received a 'Pended' claim response indicating that a final decision has not yet been made on the
+            prior authorization request.
 
-            Please
-            **[click
-            here](#{Inferno::Application['base_url']}/custom/davinci_pas_server_suite_v201/resume_after_notification?token=#{token})**
-            when the status of this claim has been finalized to inform Inferno to resume testing.
+            Inferno will now wait for a notification at its rest-hook endpoint before making an $inquire request.
+            Inferno will automatically resume when a notification is received.
 
-            Future versions of this test will validate subscription-based notifications as
-            described within the implementation guide (see
-            [here](https://github.com/inferno-framework/davinci-pas-test-kit/blob/main/lib/davinci_pas_test_kit/docs/server_suite_description_v201.md#testing-limitations)
-            for more details on this current limitation).
+            _If the server is unable to send a notification or if Inferno has not automatically resumed after the server
+            attempted to send a notification, you may
+            **[click here](#{resume_skip_url}?token=notification+#{access_token})** to skip this test._
           )
         )
-        # rubocop:enable Layout/LineLength
       end
     end
   end

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/pas_client_approval_group.rb

@@ -8,10 +8,10 @@ module DaVinciPASTestKit
   module DaVinciPASV201
     class PASClientApprovalGroup < Inferno::TestGroup
       id :pas_client_v201_approval_group
-      title 'Demonstrate Approval Workflow'
+      title 'Approval Workflow'
       description %(
-        Demonstrate the ability of the client to initiate a prior authorization
-        request and respond appropriately to an 'approved' decision.
+        During these tests, the client will initiate a prior authorization
+        request and show it can respond appropriately to an 'approved' decision.
       )
       run_as_group
 
@@ -20,6 +20,7 @@ module DaVinciPASTestKit
       test from: :pas_client_v201_approval_submit_test
       test from: :pas_client_v201_request_bundle_validation_test,
            config: { options: { workflow_tag: APPROVAL_WORKFLOW_TAG } }
+
       test from: :pas_client_v201_response_bundle_validation_test,
            config: { options: { workflow_tag: APPROVAL_WORKFLOW_TAG } }
       test from: :pas_client_v201_response_attest,
@@ -31,7 +32,8 @@ module DaVinciPASTestKit
            ),
            config: { options: {
              workflow_tag: APPROVAL_WORKFLOW_TAG,
-             attest_message: "I attest that the client system displays the submitted claim as 'approved' meaning that the user can proceed with ordering or providing the requested service." # rubocop:disable Layout/LineLength
+             attest_message: "I attest that the client system displays the submitted claim as 'approved' meaning " \
+                             'that the user can proceed with ordering or providing the requested service.'
            } }
     end
   end

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/pas_client_auth_smart_group.rb

@@ -0,0 +1,32 @@
+require 'smart_app_launch_test_kit'
+require_relative 'pas_client_options'
+require_relative '../../tags'
+
+module DaVinciPASTestKit
+  module DaVinciPASV201
+    class PASClientAuthSMARTGroup < Inferno::TestGroup
+      id :pas_client_v201_auth_smart
+      title 'Review Authentication Interactions'
+      description %(
+        During these tests, Inferno will verify that the client interacted with Inferno's
+        simulated SMART authorization server in a conformant manner when requesting access tokens
+        and that the client under test was able to use provided access tokens to make PAS
+        requests.
+
+        Before running these tests, execute the tests for at least one "PAS workflows" sub-group
+        so that the client will request an access token and use it on a PAS request.
+      )
+      run_as_group
+
+      # smart auth verification
+      test from: :smart_client_token_request_bsca_verification,
+           config: {
+             options: { endpoint_suite_id: :davinci_pas_client_suite_v201 }
+           }
+      test from: :smart_client_token_use_verification,
+           config: {
+             options: { access_request_tags: [SUBMIT_TAG, INQUIRE_TAG] }
+           }
+    end
+  end
+end