davinci_pdex_test_kit 0.11.0 → 0.12.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 318708e3bf373fe0429d145f0bec49fe07739eea1a296dff8b6aedef2769b361
-  data.tar.gz: d2ab19dc58bc8734324f60b6eda28350df3e999c94e15218ba614df630fc02e2
+  metadata.gz: a0f40793433a43053718719f614805ddda0830e0cd2d984cc59d75f1762b13e5
+  data.tar.gz: 842fb47429ceb04acdbcda3d90dd90b22982e1a53ea314901d7b4342e4fa0e33
 SHA512:
-  metadata.gz: 57c7352a6207c74197bf2511a7e1305fca155c2d0135456aa725cc209f89cedb5ef8733daffa2f546042a12b6c2f91f94bb1fe9f58c4f3aa6a3253c051d58896
-  data.tar.gz: 7cbb1b8afee0ddc8e04fe6e19853b0a13f82981feff200d3197b92597fd248104c49cb3570a3ce0e0b4a183350a8c78a8d0c3a7feca16cf42ab8f201edbe08e6
+  metadata.gz: 40ce4e887659579ea541da03e3567f35bcb7abe5fa2ddb09d47dd26a777733c43ce538ea315dfdf6c06f47871713a2adaf49b02e9c09ce43852400e1b8463c19
+  data.tar.gz: 2f6584ff86cf25ab1de0019bc5f80bd0abb362d1ae5ad8f608391215b960f1b6d0366ee87bdb3a625e7dadc3ecc465948ab92fc1c80ca49ba05a52f48dd23517

data/config/presets/pdex_payer_client_postman_preset.json.erb

@@ -0,0 +1,67 @@
+{
+  "title": "Demo: Submit PDex Payer Client Requests With Postman",
+  "id": "pdex_payer_client_postman_demo_preset",
+  "test_suite_id": "pdex_payer_client",
+  "inputs": [
+    {
+      "name": "udap_client_uri",
+      "description": "The UDAP Client URI that will be used to register with Inferno's simulated UDAP server.",
+      "title": "UDAP Client URI",
+      "type": "text",
+      "value": "<%= Inferno::Application['base_url'] %>/custom/udap_security/fhir"
+    },
+    {
+      "name": "client_id",
+      "description": "Testers may provide a specific value for Inferno to assign as the client id. If no value is provided, the Inferno session id will be used.",
+      "optional": true,
+      "title": "Client Id",
+      "type": "text",
+      "value": "smart_client_test_demo"
+    },
+    {
+      "name": "smart_launch_urls",
+      "description": "If the client app supports EHR launch, a comma-delimited list of one or more URLs that Inferno can use to launch the app.",
+      "optional": true,
+      "title": "SMART App Launch URL(s)",
+      "type": "textarea",
+      "value": ""
+    },
+    {
+      "name": "smart_redirect_uris",
+      "description": "A comma-separated list of one or more URIs that the app will sepcify as the target of the redirect for Inferno to use when providing the authorization code.",
+      "title": "SMART App Launch Redirect URI(s)",
+      "type": "textarea",
+      "value": "<%= Inferno::Application['base_url'] %>/custom/smart_stu2_2/redirect"
+    },
+    {
+      "name": "smart_client_secret",
+      "description": "Provide the client secret that the confidential symmetric client will send with token requests to authenticate the client to Inferno.",
+      "title": "SMART Confidential Symmetric Client Secret",
+      "type": "text",
+      "value": "SAMPLE_SECRET"
+    },
+    {
+      "name": "smart_jwk_set",
+      "description": "The SMART client's JSON Web Key Set including the key(s) Inferno will need to verify signatures on token requests made by the client. May be provided as either a publicly accessible url containing the JWKS, or the raw JWKS JSON.",
+      "title": "SMART Confidential Asymmetric JSON Web Key Set (JWKS)",
+      "type": "textarea",
+      "value": "<%= Inferno::Application['base_url'] %>/custom/smart_stu2_2/.well-known/jwks.json"
+    },
+    {
+      "name": "launch_context",
+      "description": "Launch context details to be included in access token responses, specified as a JSON array. If provided, the contents will be merged into Inferno's token responses.",
+      "optional": true,
+      "title": "Launch Context",
+      "type": "textarea",
+      "value": ""
+    },
+    {
+      "name": "fhir_user_relative_reference",
+      "description": "A FHIR relative reference (<resource type>/<id>) for the FHIR user record to return when the openid and fhirUser scopes are requested. Include this resource in the **Available Resources** input so that it can be accessed via FHIR read.",
+      "optional": true,
+      "title": "FHIR User Relative Reference",
+      "type": "text",
+      "value": "Patient/999"
+    }
+  ]
+}

data/config/presets/pdex_payer_server_fhir_foundry_ri_preset.json

@@ -10,10 +10,10 @@
       "_type": "text"
     },
     {
-      "name": "credentials",
+      "name": "smart_auth_info",
       "value": null,
       "_title": "OAuth Credentials",
-      "_type": "oauth_credentials",
+      "_type": "auth_info",
       "_optional": true
     },
     {

data/config/presets/pdex_payer_server_inferno_ri_preset.json

@@ -10,10 +10,10 @@
       "_type": "text"
     },
     {
-      "name": "credentials",
+      "name": "smart_auth_info",
       "value": null,
       "_title": "OAuth Credentials",
-      "_type": "oauth_credentials",
+      "_type": "auth_info",
       "_optional": true
     },
     {

data/lib/davinci_pdex_test_kit/docs/payer_client_suite_description_v200.md

@@ -59,43 +59,59 @@ validated with the Java validator using `tx.fhir.org` as the terminology server.
 
 ### Quick Start
 
-For Inferno to simulate a server that returns a matching patient and responds to requests
-for that patient's data using FHIR read and search APIs, Inferno only needs to be able to
-identify when requests come from the client under test. Inferno piggybacks on the request 
-authentication for this purpose. Testers must provide a bearer access token that will be 
-provided within the `Authorization` header (`Bearer <token>`) on all requests made to 
-Inferno endpoints during the test. Inferno uses this information to associate the message
-with the test session and determine how to respond. How the token provided to Inferno is 
-generated is up to the tester. 
-
-Note: auth options for these tests have not been finalized and are subject to change
-as the requirements in the PDex IG evolve. If the implemented approach prevents you from using
-these tests, please 
-[provide feedback](https://github.com/inferno-framework/davinci-pdex-test-kit/issues) so the
-limitations can be addressed.
-
-Using the bearer token, the client under test will then demonstrate its ability to find
-a patient using `$member-match` and retrieve corresponding clinical data using read and search
-requests, the `$everything` operation, or the `$export` operation.
+Inferno's simulated payer endpoints require authentication using the OAuth flows
+conforming either to the
+- SMART [App Launch flow](https://hl7.org/fhir/smart-app-launch/STU2.2/app-launch.html), or
+- UDAP [Consumer-Facing flow](https://hl7.org/fhir/us/udap-security/STU1/consumer.html).
+
+When creating a test session, select the Client Security Type corresponding to an
+authentication approach supported by the client. Then, start by running the "Client Registration"
+group which will guide you through the registration process, including what inputs to provide. See the
+*Auth Configuration Details* section below for details. If the client is not able to use the SMART or
+UDAP protocols to obtain an access token, see the *Demonstration* section below for how to use the SMART
+or UDAP server tests to obtain an access token that the client can use.
+
+Once registration is complete, run the "Verify PDex Data Access" group and Inferno will 
+wait for the client to make PDex resource and search requests from the client, return the requested PDex
+resources to the client, and verify the interactions. The demographics of the target
+patient are listed in the *Test Methodology* section above.
 
 ### Postman-based Demo
 
 If you do not have a PDex client but would like to try the tests out, you can use
+the Inferno SMART App Launch test kit to request an access token and
 [this postman collection](https://github.com/inferno-framework/davinci-pdex-test-kit/blob/main/PDEX.postman_collection.json)
-to make requests against Inferno for these tests. To use the Postman demo on this test session
+to make requests against Inferno. To execute the Postman-based demo:
 
+1. Create a PDex Payer Client session, selecting one of the SMART options for the "Client Security Type"
+1. In the PDex Payer Client session, select the "Demo: Submit PDex Payer Client Requests With Postman" preset
+   from the dropdown in the upper left.
+1. Click the `RUN ALL TESTS` button in the upper right and then click the `SUBMIT` button in the input dialog
+   that appears. 
+1. Register and obtain and access token:
+   1. In a separate tab, create a SMART App Launch STU2.2 test session.
+   1. Select the "Demo: Run Against the SMART Client Suite" preset corresponding
+      to the authentication approach (public, confidential symmetric, or confidential asymmetric) chosen for
+      the PDex Payer Client session from the dropdown in the upper left.
+   1. Select the "Standalone Launch" group from the list at the left and click the "RUN TESTS" button in the upper right.
+   1. In the input dialog the follows, replace the **FHIR Endpoint** input with the FHIR endpoint displayed
+      in the wait dialog on the PDex Payer Client session.
+   1. Click "SUBMIT" and when the "User Action Required" dialog appears, click the link to authorize and complete the tests.
+   1. Find the `standalone_access_token` output in test **1.2.06** "Token exchange response body contains required information
+      encoded in JSON", and copy the value, which will be a ~100 character string of letters and numbers (e.g.,
+      eyJjbGllbnRfaWQiOiJzbWFydF9jbGllbnRfdGVzdF9kZW1vIiwiZXhwaXJhdGlvbiI6MTc0MzUxNDk4Mywibm9uY2UiOiJlZDI5MWIwNmZhMTE4OTc4In0).
+1. In the "User Action Required" dialog in the PDex Payer Client session, click to confirm client configuration. Another
+   "User Action Required" dialog will appear asking for the client to make PDex requests.
 1. Download the [collection](https://github.com/inferno-framework/davinci-pdex-test-kit/blob/main/PDEX.postman_collection.json) 
-   and import it into [Postman](https://www.postman.com/downloads/).
-2. Select the `PDex Payer Client Postman Demo` from the preset dropdown in the upper left.
-3. Click `Run All Tests` button in the upper right and click the `Submit` button in the dialog
-  that appears.
-4. When a `User Action Required` dialog appears, use Postman to first send a `$member-match` request
-   found in the "$member-match Requests" folder (the `missing CoverageToMatch` entry will return
-   a result, but will fail request validation). 
-5. Next, use the "Patient GET by identifier" request in the "Patient id Search" folder to turn the
+   and import it into [Postman](https://www.postman.com/downloads/) if not already done.
+1. Open the "Variables" tab of the `PDEX` collection, paste the access value obtained in the previous step into the "Current value"
+   column for the "access_token" variable, and save the collection.
+1. Use Postman to send a `$member-match` request found in the "$member-match Requests" folder
+   (the `missing CoverageToMatch` entry will return a result, but will fail request validation). 
+1. Next, use the "Patient GET by identifier" request in the "Patient id Search" folder to turn the
    returned Patient identifier (`99999` in system 
    `http://github.com/inferno-framework/target-payer/identifiers/member`) into a Patient resource id (`999`).  
-6. Now, make clinical data requests found in the other
+1. Now, make clinical data requests found in the other
    folders representing the three data access approaches: "Read and Search Requests", 
    "Patient $everything Requests", or "$export Requests". Specific paths that will completely pass
    the tests include:
@@ -112,8 +128,84 @@ to make requests against Inferno for these tests. To use the Postman demo on thi
      `output` entry, copy the `url` into the URL of the "ndjson retrieval" request and make it to
      get the data. Finally, make the "Read and Search Requests" to Read the Location
      and PractitionerRole instances since those aren't returned by the `$export` operation.
-7. After making all the requests you want, click the "Click here" link to finish the tests
-   and make the results available for review.
+1. After making all the requests you want, click the "Click here" link in the PDex Payer Client tests
+   to finish execution. Review the results.
+
+#### Optional Demo Modification: Tester-provided Client Id
+
+NOTE: Inferno uses **Client Id** input and the generated bearer tokens sent in the `Authorization` HTTP header 
+to associate requests with sessions. If multiple concurrent sessions are configured
+to use the same token, they may interfere with each other. To prevent concurrent executors
+of these sample executions from disrupting your session it is recommended, but not required, to:
+1. When running the Client Registration test group, leave the **Client Id** input blank or provide your own unique or
+   random value.
+2. When the wait dialog appears for confirmation of client registration, note the indicated `Client Id` value and copy it
+   into the **Client ID** input of the SMART tests.
+
+#### Optional Demo Modification: UDAP Authentication
+
+To run the demonstration using UDAP authentication to obtain an access token, replace step 4. "Register and obtain and access token"
+with the following:
+
+1. In another tab, start an Inferno session for the UDAP Security Server test suite. Select the "Demo: Run Against the UDAP Security
+   Client Suite" preset
+1. Select the "UDAP Authorization Code Flow" group, click the "RUN TESTS" button, and update the **FHIR Server Base URL**
+   input with the FHIR server URL displayed in the wait dialog of the PDex Payer Client test session.
+1. Click the "SUBMIT" button and click to authorize in the "User Action Required" dialog that appears, which will complete
+   the tests.
+1. Find the `udap_auth_code_flow_access_token` output in test **1.3.04** "Token exchange response body contains required information
+   encoded in JSON", and copy the value, which will be a ~100 character string of letters and numbers (e.g.,
+   eyJjbGllbnRfaWQiOiJzbWFydF9jbGllbnRfdGVzdF9kZW1vIiwiZXhwaXJhdGlvbiI6MTc0MzUxNDk4Mywibm9uY2UiOiJlZDI5MWIwNmZhMTE4OTc4In0).
+1. Return to the PDex Payer Client test session and confirm that UDAP registration has been completed in the current
+   "User Action Required" dialog.
+
+The PDex Client Registration tests will pass with the possible exception of some UDAP registration details.
+
+## Input Details
+
+### Auth Configuration Details
+
+When running these tests there are 4 options for authentication, which also allows 
+Inferno to identify which session the requests are for. The choice is made when the
+session is created with the selected Client Security Type option, which determines
+what details the tester needs to provide during the Client Registration tests:
+
+- **SMART App Launch Client**: the system under test will manually register
+  with Inferno and request access tokens to use when accessing FHIR endpoints
+  as per the SMART App Launch specification, which includes providing one or more
+  redirect URI(s) in the **SMART App Launch Redirect URI(s)** input, and optionally,
+  launch URL(s) in the **SMART App Launch URL(s)** input. Additionally, testers may provide
+  a **Client Id** if they want their client assigned a specific one. Depending on the
+  specific SMART flavor chosen, additional inputs for authentication may be needed:
+  - **SMART App Launch Public Client**: no additional authentication inputs
+  - **SMART App Launch Confidential Symmetric Client**: provide a secret using the
+    **SMART Confidential Symmetric Client Secret** input.
+  - **SMART App Launch Confidential Asymmetric Client**: provide a URL that resolves
+    to a JWKS or a raw JWKS in JSON format using the **SMART JSON Web Key Set (JWKS)** input.
+- **UDAP Authorization Code Client**: the system under test will dynamically register
+  with Inferno and request access tokens used to access FHIR endpoints
+  as per the UDAP specification. It requires the **UDAP Client URI** input
+  to be populated with the URI that the client will use when dynamically
+  registering with Inferno. This will be used to generate a client id (each
+  unique UDAP Client URI will always get the same client id). All other details
+  that Inferno needs will be provided as a part of the dynamic registration.
+
+### Inputs Controlling Token Responses
+
+Inferno's SMART simulation does not include the details needed to populate
+the token response [context data](https://hl7.org/fhir/smart-app-launch/STU2.2/scopes-and-launch-context.html)
+when requested by apps using scopes during the *SMART App Launch* flow. If the tested app
+needs and will request these details, the tester must provide them for Inferno
+to respond with using the following inputs:
+- **Launch Context**: Testers can provide a JSON
+  array for Inferno to use as the base for building a token response on. This can include
+  keys like `"patient"` when the `launch/patient` scope will be requested. Note that when keys that Inferno
+  also populates (e.g. `access_token` or `id_token`) are included, the Inferno value will be returned.
+- **FHIR User Relative Reference**: Testers
+  can provide a FHIR relative reference (`<resource type>/<id>`) for the FHIR user record
+  to return with the `id_token` when the `openid` and `fhirUser` scopes are requested.
+  If populated, ensure that the referenced resource is available in Inferno's simulated
+  FHIR server so that it can be accessed.
 
 ## Testing Limitations
 
@@ -129,7 +221,7 @@ likely to change in future versions of the PDex specification.
 
 At this time, coverage of additional scenarios beyond the happy path payer to payer workflow
 are not validated. These scenarios, such as a failed member match, will be tested in future
-versions of the tests.
+versions of these tests.
 
 ### Demographic Matching
 
@@ -165,7 +257,7 @@ includes two auth steps, one for obtaining a token that allows `$member-match` i
 that gets access for a specific member Patient. Inferno requires that clients choose and send a single
 bearer token for the duration of the tests.
 
-### Requireed Patient id Search 
+### Required Patient id Search 
 
 The [HRex 1.0.0 $member-match
 operation](https://hl7.org/fhir/us/davinci-hrex/STU1/OperationDefinition-member-match.html#membermatch)

data/lib/davinci_pdex_test_kit/pdex_payer_client/client_auth_smart_alca_group.rb

@@ -0,0 +1,32 @@
+require 'smart_app_launch_test_kit'
+
+module DaVinciPDexTestKit
+  module PDexPayerClient
+    class PDexClientAuthSMARTConfidentialAsymmetricGroup < Inferno::TestGroup
+      id :pdex_client_auth_smart_alca
+      title 'Review Authentication Interactions'
+      description %(
+        During these tests, Inferno will verify that the client interacted with Inferno's
+        simulated SMART authorization server in a conformant manner when requesting access tokens
+        and that the client under test was able to use provided access tokens to make PDex
+        requests.
+
+        Before running these tests, perform the Data Access group so that the client
+        will request an access token and use it on a data access request.
+      )
+      run_as_group
+
+      # smart auth verification
+      test from: :smart_client_authorization_request_verification,
+          id: :pdex_client_authorization_smart_alca_verification,
+          config: { options: { endpoint_suite_id: :pdex_payer_client } }
+      test from: :smart_client_token_request_alca_verification,
+          id: :pdex_client_token_smart_alca_verification,
+          config: { options: { endpoint_suite_id: :pdex_payer_client } }
+      test from: :smart_client_token_use_verification,
+            config: {
+              options: { access_request_tags: [RESOURCE_ID_TAG, RESOURCE_API_TAG] }
+            }
+    end
+  end
+end

data/lib/davinci_pdex_test_kit/pdex_payer_client/client_auth_smart_alcs_group.rb

@@ -0,0 +1,32 @@
+require 'smart_app_launch_test_kit'
+
+module DaVinciPDexTestKit
+  module PDexPayerClient
+    class PDexClientAuthSMARTConfidentialSymmetricGroup < Inferno::TestGroup
+      id :pdex_client_auth_smart_alcs
+      title 'Review Authentication Interactions'
+      description %(
+        During these tests, Inferno will verify that the client interacted with Inferno's
+        simulated SMART authorization server in a conformant manner when requesting access tokens
+        and that the client under test was able to use provided access tokens to make PDex
+        requests.
+
+        Before running these tests, perform the Data Access group so that the client
+        will request an access token and use it on a data access request.
+      )
+      run_as_group
+
+      # smart auth verification
+      test from: :smart_client_authorization_request_verification,
+          id: :pdex_client_authorization_smart_alcs_verification,
+          config: { options: { endpoint_suite_id: :pdex_payer_client } }
+      test from: :smart_client_token_request_alcs_verification,
+          id: :pdex_client_token_smart_alcs_verification,
+          config: { options: { endpoint_suite_id: :pdex_payer_client } }
+      test from: :smart_client_token_use_verification,
+            config: {
+              options: { access_request_tags: [RESOURCE_ID_TAG, RESOURCE_API_TAG] }
+            }
+    end
+  end
+end

data/lib/davinci_pdex_test_kit/pdex_payer_client/client_auth_smart_alp_group.rb

@@ -0,0 +1,32 @@
+require 'smart_app_launch_test_kit'
+
+module DaVinciPDexTestKit
+  module PDexPayerClient
+    class PDexClientAuthSMARTPublicGroup < Inferno::TestGroup
+      id :pdex_client_auth_smart_alp
+      title 'Review Authentication Interactions'
+      description %(
+        During these tests, Inferno will verify that the client interacted with Inferno's
+        simulated SMART authorization server in a conformant manner when requesting access tokens
+        and that the client under test was able to use provided access tokens to make PDex
+        requests.
+
+        Before running these tests, perform the Data Access group so that the client
+        will request an access token and use it on a data access request.
+      )
+      run_as_group
+
+      # smart auth verification
+      test from: :smart_client_authorization_request_verification,
+          id: :pdex_client_authorization_smart_alp_verification,
+          config: { options: { endpoint_suite_id: :pdex_payer_client } }
+      test from: :smart_client_token_request_alp_verification,
+          id: :pdex_client_token_smart_alp_verification,
+          config: { options: { endpoint_suite_id: :pdex_payer_client } }
+      test from: :smart_client_token_use_verification,
+            config: {
+              options: { access_request_tags: [RESOURCE_ID_TAG, RESOURCE_API_TAG] }
+            }
+    end
+  end
+end

data/lib/davinci_pdex_test_kit/pdex_payer_client/client_auth_udap_group.rb

@@ -0,0 +1,31 @@
+require 'udap_security_test_kit'
+
+module DaVinciPDexTestKit
+  module PDexPayerClient
+    class PDexClientAuthUDAPGroup < Inferno::TestGroup
+      id :pdex_client_auth_udap
+      title 'Review UDAP Authentication Interactions'
+      description %(
+        During these tests, Inferno will verify that the client interacted with Inferno's
+        simulated UDAP authorization server in a conformant manner when requesting access tokens
+        and that the client under test was able to use provided access tokens to make PDex
+        requests.
+
+        Before running these tests, perform the Data Access group so that the client
+        will request an access token and use it on a data access request.
+      )
+      run_as_group
+
+      test from: :udap_client_authorization_request_verification,
+          id: :pdex_client_authorization_udap_verification,
+          config: { options: { endpoint_suite_id: :pdex_payer_client } }
+      test from: :udap_client_token_request_ac_verification,
+          id: :pdex_client_token_udap_verification,
+          config: { options: { endpoint_suite_id: :pdex_payer_client } }
+      test from: :udap_client_token_use_verification,
+            config: {
+              options: { access_request_tags: [RESOURCE_ID_TAG, RESOURCE_API_TAG] }
+            }
+    end
+  end
+end

data/lib/davinci_pdex_test_kit/pdex_payer_client/client_member_match_tests/client_member_match_validation_test.rb

@@ -1,21 +1,22 @@
-require_relative '../client_validation_test.rb'
+require_relative '../client_validation_test'
 
 module DaVinciPDexTestKit
   module PDexPayerClient
     class PDexInitialMemberMatchValidationTest < Inferno::Test
       include ClientValidationTest
-  
+
       id :pdex_initial_member_match_validation
       title 'Client provides a valid $member-match request'
       description %(
         This test will validate the received $member-match-request input, ensuring it corresponds to the
         [HRex member-match-in profile](http://hl7.org/fhir/us/davinci-hrex/StructureDefinition/hrex-parameters-member-match-in).
       )
-      input :access_token
-  
+
+      verifies_requirements 'hl7.fhir.us.davinci-pdex_2.0.0@29'
+
       run do
-        skip_if !member_match_request.present?, "No previous $member-match request received"
-        
+        skip_if !member_match_request.present?, 'No previous $member-match request received'
+
         parameters = FHIR.from_contents(member_match_request.request_body)
         assert_resource_type(:parameters, resource: parameters)
         assert_valid_resource(resource: parameters, profile_url: 'http://hl7.org/fhir/us/davinci-hrex/StructureDefinition/hrex-parameters-member-match-in')

data/lib/davinci_pdex_test_kit/pdex_payer_client/client_registration/configuration_display_smart_test.rb

@@ -0,0 +1,38 @@
+require_relative '../urls'
+
+module DaVinciPDexTestKit
+  module PDexPayerClient
+    class PDexlientRegistrationConfigurationSMARTDisplay < Inferno::Test
+      include URLs
+
+      id :pdex_client_reg_config_smart_display
+      title 'Confirm client configuration'
+      description %(
+        This test provides all the information needed for testers to configure
+        the client under test to communicate with Inferno's simulated PDex server
+        including SMART endpoints to obtain access tokens using the SMART App Launch flow.
+      )
+
+      input :client_id
+
+      run do
+        wait(
+          identifier: client_id,
+          message: %(
+            **Inferno Simulated Server Details**:
+
+            FHIR Base URL: `#{fhir_base_url}`
+
+            Authentication Details:
+            - SMART Client Id: `#{client_id}`
+            - Authorization endpoint: `#{authorization_url}`
+            - Token endpoint: `#{token_url}`
+
+            [Click here](#{resume_pass_url}?token=#{client_id}) once you have configured
+            the client to connect to Inferno at the above endpoints.
+          )
+        )
+      end
+    end
+  end
+end

data/lib/davinci_pdex_test_kit/pdex_payer_client/client_registration/configuration_display_udap_test.rb

@@ -0,0 +1,38 @@
+require_relative '../urls'
+
+module DaVinciPDexTestKit
+  module PDexPayerClient
+    class PDexClientRegistrationConfigurationUDAPDisplay < Inferno::Test
+      include URLs
+
+      id :pdex_client_reg_config_udap_display
+      title 'Confirm client configuration'
+      description %(
+        This test provides all the information needed for testers to configure
+        the client under test to communicate with Inferno's simulated PDex server
+        including UDAP endpoints to obtain access tokens using the authorization_code flow.
+      )
+
+      input :client_id
+
+      run do
+        wait(
+          identifier: client_id,
+          message: %(
+            **Inferno Simulated Server Details**:
+
+            FHIR Base URL: `#{fhir_base_url}`
+
+            Authentication Details:
+            - UDAP Client Id: `#{client_id}`
+            - Authorization endpoint: `#{authorization_url}`
+            - Token endpoint: `#{token_url}`
+
+            [Click here](#{resume_pass_url}?token=#{client_id}) once you have configured
+            the client to connect to Inferno at the above endpoints.
+          )
+        )
+      end
+    end
+  end
+end

data/lib/davinci_pdex_test_kit/pdex_payer_client/client_registration_group.rb

@@ -0,0 +1,67 @@
+require 'udap_security_test_kit'
+require 'smart_app_launch_test_kit'
+require_relative 'pdex_client_options'
+require_relative 'client_registration/configuration_display_smart_test'
+require_relative 'client_registration/configuration_display_udap_test'
+
+module DaVinciPDexTestKit
+  module PDexPayerClient
+    class PDexClientRegistrationGroup < Inferno::TestGroup
+      id :pdex_client_registration
+      title 'Client Registration'
+      description %(
+        Register the client under test with Inferno's simulated PDex Server,
+        including configuration of the system under test to hit the correct endpoints and
+        enable authentication and authorization of PDex requests.
+      )
+      run_as_group
+
+      # smart registration tests
+      test from: :smart_client_registration_alca_verification,
+            required_suite_options: {
+              client_type: PDexClientOptions::SMART_APP_LAUNCH_CONFIDENTIAL_ASYMMETRIC
+            }
+      test from: :smart_client_registration_alcs_verification,
+            required_suite_options: {
+              client_type: PDexClientOptions::SMART_APP_LAUNCH_CONFIDENTIAL_SYMMETRIC
+            }
+      test from: :smart_client_registration_alp_verification,
+            required_suite_options: {
+              client_type: PDexClientOptions::SMART_APP_LAUNCH_PUBLIC
+            }
+      test from: :pdex_client_reg_config_smart_display,
+            id: :pdex_client_reg_config_smart_alca_display,
+            required_suite_options: {
+              client_type: PDexClientOptions::SMART_APP_LAUNCH_CONFIDENTIAL_ASYMMETRIC
+            }
+      test from: :pdex_client_reg_config_smart_display,
+            id: :pdex_client_reg_config_smart_alcs_display,
+            required_suite_options: {
+              client_type: PDexClientOptions::SMART_APP_LAUNCH_CONFIDENTIAL_SYMMETRIC
+            }
+      test from: :pdex_client_reg_config_smart_display,
+            id: :pdex_client_reg_config_smart_alp_display,
+            required_suite_options: {
+              client_type: PDexClientOptions::SMART_APP_LAUNCH_PUBLIC
+            }
+
+      # udap registration tests
+      test from: :udap_client_registration_interaction,
+          id: :pdex_client_reg_udap_interaction,
+          config: { options: { endpoint_suite_id: :pdex_payer_client } },
+          required_suite_options: {
+            client_type: PDexClientOptions::UDAP_AUTHORIZATION_CODE
+          }
+      test from: :udap_client_registration_ac_verification,
+          id: :pdex_client_reg_udap_verification,
+          config: { options: { endpoint_suite_id: :pdex_payer_client } },
+          required_suite_options: {
+            client_type: PDexClientOptions::UDAP_AUTHORIZATION_CODE
+          }
+      test from: :pdex_client_reg_config_udap_display,
+            required_suite_options: {
+              client_type: PDexClientOptions::UDAP_AUTHORIZATION_CODE
+            }
+    end
+  end
+end

data/lib/davinci_pdex_test_kit/pdex_payer_client/client_validation_test.rb

@@ -62,7 +62,9 @@ module DaVinciPDexTestKit
 
       # @return [Array<Inferno::Entities::Request>]
       def previous_clinical_data_requests
-        [] + load_tagged_requests(RESOURCE_REQUEST_TAG) + load_tagged_requests(EVERYTHING_TAG) # TODO add export request
+        [] + load_tagged_requests(RESOURCE_API_TAG) +
+             load_tagged_requests(RESOURCE_ID_TAG) +
+             load_tagged_requests(EVERYTHING_TAG) # TODO add export request
       end
   
       def everything_request
@@ -86,7 +88,13 @@ module DaVinciPDexTestKit
       end
   
       def export_resources
-        @export_resources ||= (load_tagged_requests(BINARY_TAG).map { |binary_read| binary_read.response_body.split("\n") }.flatten).map { |resource_in_binary| FHIR.from_contents(resource_in_binary) }
+        @export_resources ||=
+          (
+            load_tagged_requests(BINARY_TAG)
+            .select { |binary_read| binary_read.status == 200 }
+            .map { |binary_read| binary_read.response_body.split("\n") }
+            .flatten
+          ).map { |resource_in_binary| FHIR.from_contents(resource_in_binary) }
       end
 
       # def patient_id_from_match_request