onc_certification_g10_test_kit 5.4.1 → 6.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/onc_certification_g10_test_kit/base_token_refresh_stu2_group.rb +49 -0
- data/lib/onc_certification_g10_test_kit/multi_patient_api_stu1.rb +13 -8
- data/lib/onc_certification_g10_test_kit/multi_patient_api_stu2.rb +12 -7
- data/lib/onc_certification_g10_test_kit/onc_program_procedure.yml +448 -468
- data/lib/onc_certification_g10_test_kit/patient_context_test.rb +3 -2
- data/lib/onc_certification_g10_test_kit/short_id_map.yml +227 -17
- data/lib/onc_certification_g10_test_kit/single_patient_api_group.rb +6 -1
- data/lib/onc_certification_g10_test_kit/single_patient_us_core_4_api_group.rb +6 -1
- data/lib/onc_certification_g10_test_kit/single_patient_us_core_6_api_group.rb +8 -5
- data/lib/onc_certification_g10_test_kit/smart_app_launch_invalid_aud_group.rb +16 -17
- data/lib/onc_certification_g10_test_kit/smart_asymmetric_launch_group.rb +194 -0
- data/lib/onc_certification_g10_test_kit/smart_ehr_patient_launch_group.rb +2 -4
- data/lib/onc_certification_g10_test_kit/smart_ehr_patient_launch_group_stu2.rb +7 -6
- data/lib/onc_certification_g10_test_kit/smart_ehr_practitioner_app_group.rb +23 -7
- data/lib/onc_certification_g10_test_kit/smart_fine_grained_scopes_group.rb +188 -0
- data/lib/onc_certification_g10_test_kit/smart_granular_scope_selection_group.rb +150 -0
- data/lib/onc_certification_g10_test_kit/smart_granular_scope_selection_test.rb +53 -0
- data/lib/onc_certification_g10_test_kit/smart_invalid_pkce_group.rb +6 -7
- data/lib/onc_certification_g10_test_kit/smart_invalid_token_group.rb +8 -10
- data/lib/onc_certification_g10_test_kit/smart_invalid_token_group_stu2.rb +7 -9
- data/lib/onc_certification_g10_test_kit/smart_limited_app_group.rb +5 -3
- data/lib/onc_certification_g10_test_kit/smart_public_standalone_launch_group.rb +14 -16
- data/lib/onc_certification_g10_test_kit/smart_public_standalone_launch_group_stu2.rb +28 -4
- data/lib/onc_certification_g10_test_kit/smart_scopes_test.rb +34 -25
- data/lib/onc_certification_g10_test_kit/smart_standalone_patient_app_group.rb +20 -9
- data/lib/onc_certification_g10_test_kit/smart_v1_scopes_group.rb +241 -0
- data/lib/onc_certification_g10_test_kit/tasks/generate_matrix.rb +75 -51
- data/lib/onc_certification_g10_test_kit/token_introspection_group.rb +110 -0
- data/lib/onc_certification_g10_test_kit/token_revocation_group.rb +1 -1
- data/lib/onc_certification_g10_test_kit/version.rb +1 -1
- data/lib/onc_certification_g10_test_kit/visual_inspection_and_attestations_group.rb +57 -37
- data/lib/onc_certification_g10_test_kit.rb +86 -19
- metadata +13 -6
@@ -0,0 +1,110 @@
|
|
1
|
+
require 'smart_app_launch/standalone_launch_group'
|
2
|
+
require 'smart_app_launch/discovery_stu1_group'
|
3
|
+
require 'smart_app_launch/token_introspection_group'
|
4
|
+
|
5
|
+
require_relative 'g10_options'
|
6
|
+
|
7
|
+
module ONCCertificationG10TestKit
|
8
|
+
class TokenIntrospectionGroup < SMARTAppLaunch::SMARTTokenIntrospectionGroup
|
9
|
+
id :g10_token_introspection
|
10
|
+
|
11
|
+
description <<~DESCRIPTION
|
12
|
+
|
13
|
+
This scenario verifies the ability of an authorization server to
|
14
|
+
perform token introspection in accordance with the [SMART App Launch STU2
|
15
|
+
Implementation Guide Section on Token
|
16
|
+
Introspection](https://hl7.org/fhir/smart-app-launch/STU2/token-introspection.html).
|
17
|
+
Inferno first acts as a registered SMART App Launch client to request and
|
18
|
+
receive a valid access token, and then as an authorized resource server that
|
19
|
+
queries the authorization server for information about this access token.
|
20
|
+
|
21
|
+
The system under test must perform the following in order to pass this
|
22
|
+
scenario:
|
23
|
+
* Issue a new bearer token to Inferno acting as a registered SMART App
|
24
|
+
Launch client. The tester has flexibility in deciding what type of SMART
|
25
|
+
App Launch client is used (e.g. public or confidential). This is
|
26
|
+
redundant to tests earlier in this test suite, but is performed to ensure
|
27
|
+
an active token can be introspected.
|
28
|
+
* Respond to a token introspection request from Inferno acting as a
|
29
|
+
resource server for both valid and invalid tokens. Systems have flexibility
|
30
|
+
in how access control for this service is implemented. To account for
|
31
|
+
this flexibility, the tester has the ability to add an Authorization
|
32
|
+
Header to the request (provided out-of-band of these tests), as well as
|
33
|
+
additional Introspect parameters, as allowed by the specification.
|
34
|
+
|
35
|
+
DESCRIPTION
|
36
|
+
|
37
|
+
input_instructions <<~INSTRUCTIONS
|
38
|
+
If the introspection endpoint is access controlled, testers must enter their own
|
39
|
+
HTTP Authorization header for the introspection request. See [RFC 7616 The
|
40
|
+
'Basic' HTTP Authentication
|
41
|
+
Scheme](https://datatracker.ietf.org/doc/html/rfc7617) for the most common
|
42
|
+
approach that uses client credentials. Testers may also provide any
|
43
|
+
additional parameters needed for their authorization server to complete
|
44
|
+
the introspection request.
|
45
|
+
|
46
|
+
**Note:** For both the Authorization header and request parameters, user-input
|
47
|
+
values will be sent exactly as entered and therefore the tester must
|
48
|
+
URI-encode any appropriate values.
|
49
|
+
INSTRUCTIONS
|
50
|
+
|
51
|
+
run_as_group
|
52
|
+
|
53
|
+
input :well_known_introspection_url,
|
54
|
+
title: 'Token Introspection Endpoint',
|
55
|
+
description: <<~DESCRIPTION,
|
56
|
+
The complete URL of the token introspection endpoint. This will be
|
57
|
+
populated automatically if included in the server's discovery
|
58
|
+
endpoint.
|
59
|
+
DESCRIPTION
|
60
|
+
optional: true
|
61
|
+
|
62
|
+
input_order :url,
|
63
|
+
:well_known_introspection_url,
|
64
|
+
:custom_authorization_header,
|
65
|
+
:optional_introspection_request_params,
|
66
|
+
:standalone_client_id,
|
67
|
+
:standalone_client_secret,
|
68
|
+
:authorization_method,
|
69
|
+
:use_pkce,
|
70
|
+
:pkce_code_challenge_method,
|
71
|
+
:standalone_requested_scopes,
|
72
|
+
:token_introspection_auth_type,
|
73
|
+
:client_auth_encryption_method
|
74
|
+
|
75
|
+
config(
|
76
|
+
inputs: {
|
77
|
+
client_auth_type: {
|
78
|
+
name: :token_introspection_auth_type
|
79
|
+
}
|
80
|
+
}
|
81
|
+
)
|
82
|
+
|
83
|
+
groups.first.description <<~DESCRIPTION
|
84
|
+
These tests are perform discovery and a standalone launch in order to
|
85
|
+
receive a new, active access token that will be provided for token
|
86
|
+
introspection.
|
87
|
+
DESCRIPTION
|
88
|
+
|
89
|
+
groups[1].description <<~DESCRIPTION
|
90
|
+
This group of tests executes the token introspection requests and ensures
|
91
|
+
the correct HTTP response is returned but does not validate the contents
|
92
|
+
of the token introspection response.
|
93
|
+
DESCRIPTION
|
94
|
+
|
95
|
+
# The token introspection tests are SMART v2 only, so they use v2 discovery
|
96
|
+
# and launch groups. g10 needs them for SMART v1 and v2, so this sets the
|
97
|
+
# original discovery and launch groups to only appear when using SMART v2,
|
98
|
+
# and adds the v1 groups when using v1.
|
99
|
+
|
100
|
+
groups.first.groups.each do |group|
|
101
|
+
group.required_suite_options(G10Options::SMART_2_REQUIREMENT)
|
102
|
+
end
|
103
|
+
|
104
|
+
groups.first.group from: :smart_discovery,
|
105
|
+
required_suite_options: G10Options::SMART_1_REQUIREMENT
|
106
|
+
|
107
|
+
groups.first.group from: :smart_standalone_launch,
|
108
|
+
required_suite_options: G10Options::SMART_1_REQUIREMENT
|
109
|
+
end
|
110
|
+
end
|
@@ -2,7 +2,7 @@ module ONCCertificationG10TestKit
|
|
2
2
|
class TokenRevocationGroup < Inferno::TestGroup
|
3
3
|
title 'Token Revocation'
|
4
4
|
description %(
|
5
|
-
|
5
|
+
This scenario verifies the ability of the system to revoke access granted to
|
6
6
|
an application at the direction of a patient. Access to the application
|
7
7
|
must be revoked within one hour of the patient's request.
|
8
8
|
)
|
@@ -189,43 +189,6 @@ module ONCCertificationG10TestKit
|
|
189
189
|
end
|
190
190
|
end
|
191
191
|
|
192
|
-
test do
|
193
|
-
title 'Health IT developer demonstrated the ability of the Health IT Module / ' \
|
194
|
-
'authorization server to validate token it has issued.'
|
195
|
-
description %(
|
196
|
-
Health IT developer demonstrated the ability of the Health IT Module /
|
197
|
-
authorization server to validate token it has issued
|
198
|
-
)
|
199
|
-
id 'Test06'
|
200
|
-
input :token_validation_support,
|
201
|
-
title: 'Health IT developer demonstrated the ability of the Health IT Module / authorization server to validate token it has issued.', # rubocop:disable Layout/LineLength
|
202
|
-
type: 'radio',
|
203
|
-
default: 'false',
|
204
|
-
options: {
|
205
|
-
list_options: [
|
206
|
-
{
|
207
|
-
label: 'Yes',
|
208
|
-
value: 'true'
|
209
|
-
},
|
210
|
-
{
|
211
|
-
label: 'No',
|
212
|
-
value: 'false'
|
213
|
-
}
|
214
|
-
]
|
215
|
-
}
|
216
|
-
input :token_validation_notes,
|
217
|
-
title: 'Notes, if applicable:',
|
218
|
-
type: 'textarea',
|
219
|
-
optional: true
|
220
|
-
|
221
|
-
run do
|
222
|
-
assert token_validation_support == 'true',
|
223
|
-
'Health IT Module did not demonstrate the ability of the Health IT Module / ' \
|
224
|
-
'authorization server to validate token it has issued'
|
225
|
-
pass token_validation_notes if token_validation_notes.present?
|
226
|
-
end
|
227
|
-
end
|
228
|
-
|
229
192
|
test do
|
230
193
|
title 'Tester verifies that all information is accurate and without omission.'
|
231
194
|
description %(
|
@@ -646,5 +609,62 @@ module ONCCertificationG10TestKit
|
|
646
609
|
pass bulk_v2_since_attestation_notes if bulk_v2_since_attestation_notes.present?
|
647
610
|
end
|
648
611
|
end
|
612
|
+
|
613
|
+
test do
|
614
|
+
required_suite_options G10Options::SMART_2_REQUIREMENT.merge(G10Options::US_CORE_6_REQUIREMENT)
|
615
|
+
title 'Health IT developer attested that the Health IT Module supports ' \
|
616
|
+
'granting a sub resource scope for Clinical Test Observations.'
|
617
|
+
|
618
|
+
description <<~DESCRIPTION
|
619
|
+
As finalized in the HTI-1 Final Rule (89 FR 1294), Health IT Modules are
|
620
|
+
required to support SMART App Launch v2.0.0 "Finer-grained resource
|
621
|
+
constraints using search parameters" for the “category” parameter for
|
622
|
+
the Condition resource with Condition sub-resources Encounter Diagnosis,
|
623
|
+
Problem List, and Health Concern, and the Observation resource with
|
624
|
+
Observation sub-resources Clinical Test, Laboratory, Social History,
|
625
|
+
SDOH, Survey, and Vital Signs. We defer to the implementation guides
|
626
|
+
referenced at § 170.215(b)(1) and § 170.215(c) for specific
|
627
|
+
implementation guidance for this requirement. In the context of the US
|
628
|
+
Core 6.1.0 implementation guide, the Observation sub-resources of
|
629
|
+
Clinical Test and SDOH may have scopes supported as follows:
|
630
|
+
|
631
|
+
* support for scopes for the Observation sub-resource Clinical Test
|
632
|
+
using the "procedure" code from the US Core Clinical Result
|
633
|
+
Observation Category value set.
|
634
|
+
|
635
|
+
* support for scopes for the Observation sub-resource SDOH using the
|
636
|
+
"sdoh" code from the US Core Category code system .
|
637
|
+
DESCRIPTION
|
638
|
+
id :g10_clinical_test_scope_attestation
|
639
|
+
input :clinical_test_scope_attestation,
|
640
|
+
title: 'Health IT developer attested that the Health IT Module supports ' \
|
641
|
+
'granting a sub resource scope for Clinical Test Observations.',
|
642
|
+
type: 'radio',
|
643
|
+
default: 'false',
|
644
|
+
options: {
|
645
|
+
list_options: [
|
646
|
+
{
|
647
|
+
label: 'Yes',
|
648
|
+
value: 'true'
|
649
|
+
},
|
650
|
+
{
|
651
|
+
label: 'No',
|
652
|
+
value: 'false'
|
653
|
+
}
|
654
|
+
]
|
655
|
+
}
|
656
|
+
input :clinical_test_scope_attestation_notes,
|
657
|
+
title: 'Notes, if applicable:',
|
658
|
+
type: 'textarea',
|
659
|
+
optional: true
|
660
|
+
|
661
|
+
run do
|
662
|
+
assert clinical_test_scope_attestation == 'true',
|
663
|
+
'Health IT developer did not attest that the Health IT Module supports ' \
|
664
|
+
'granting a sub resource scope for Clinical Test Observations.'
|
665
|
+
|
666
|
+
pass clinical_test_scope_attestation_notes if clinical_test_scope_attestation_notes.present?
|
667
|
+
end
|
668
|
+
end
|
649
669
|
end
|
650
670
|
end
|
@@ -7,26 +7,32 @@ require_relative 'onc_certification_g10_test_kit/version'
|
|
7
7
|
|
8
8
|
require_relative 'onc_certification_g10_test_kit/feature'
|
9
9
|
require_relative 'onc_certification_g10_test_kit/g10_options'
|
10
|
+
require_relative 'onc_certification_g10_test_kit/multi_patient_api_stu1'
|
11
|
+
require_relative 'onc_certification_g10_test_kit/multi_patient_api_stu2'
|
10
12
|
require_relative 'onc_certification_g10_test_kit/single_patient_api_group'
|
11
13
|
require_relative 'onc_certification_g10_test_kit/single_patient_us_core_4_api_group'
|
12
14
|
require_relative 'onc_certification_g10_test_kit/single_patient_us_core_5_api_group'
|
13
15
|
require_relative 'onc_certification_g10_test_kit/single_patient_us_core_6_api_group'
|
14
16
|
require_relative 'onc_certification_g10_test_kit/smart_app_launch_invalid_aud_group'
|
17
|
+
require_relative 'onc_certification_g10_test_kit/smart_asymmetric_launch_group'
|
18
|
+
require_relative 'onc_certification_g10_test_kit/smart_granular_scope_selection_group'
|
15
19
|
require_relative 'onc_certification_g10_test_kit/smart_invalid_token_group'
|
16
20
|
require_relative 'onc_certification_g10_test_kit/smart_invalid_token_group_stu2'
|
17
21
|
require_relative 'onc_certification_g10_test_kit/smart_invalid_pkce_group'
|
18
22
|
require_relative 'onc_certification_g10_test_kit/smart_limited_app_group'
|
19
23
|
require_relative 'onc_certification_g10_test_kit/smart_standalone_patient_app_group'
|
20
|
-
require_relative 'onc_certification_g10_test_kit/smart_ehr_practitioner_app_group'
|
21
24
|
require_relative 'onc_certification_g10_test_kit/smart_public_standalone_launch_group'
|
22
25
|
require_relative 'onc_certification_g10_test_kit/smart_public_standalone_launch_group_stu2'
|
23
26
|
require_relative 'onc_certification_g10_test_kit/smart_ehr_patient_launch_group'
|
24
27
|
require_relative 'onc_certification_g10_test_kit/smart_ehr_patient_launch_group_stu2'
|
25
|
-
require_relative 'onc_certification_g10_test_kit/
|
26
|
-
require_relative 'onc_certification_g10_test_kit/
|
28
|
+
require_relative 'onc_certification_g10_test_kit/smart_ehr_practitioner_app_group'
|
29
|
+
require_relative 'onc_certification_g10_test_kit/smart_fine_grained_scopes_group'
|
30
|
+
require_relative 'onc_certification_g10_test_kit/smart_v1_scopes_group'
|
27
31
|
require_relative 'onc_certification_g10_test_kit/terminology_binding_validator'
|
32
|
+
require_relative 'onc_certification_g10_test_kit/token_introspection_group'
|
28
33
|
require_relative 'onc_certification_g10_test_kit/token_revocation_group'
|
29
34
|
require_relative 'onc_certification_g10_test_kit/visual_inspection_and_attestations_group'
|
35
|
+
|
30
36
|
require_relative 'inferno/terminology'
|
31
37
|
require_relative 'onc_certification_g10_test_kit/short_id_manager'
|
32
38
|
|
@@ -70,7 +76,8 @@ module ONCCertificationG10TestKit
|
|
70
76
|
/\A\S+: \S+: The Coding provided \(\S*\) was not found in the value set/,
|
71
77
|
/\A\S+: \S+: A definition for CodeSystem '.*' could not be found, so the code cannot be validated/,
|
72
78
|
/\A\S+: \S+: URL value '.*' does not resolve/,
|
73
|
-
/\A\S+: \S+: .*\[No server available\]
|
79
|
+
/\A\S+: \S+: .*\[No server available\]/, # Catch-all for certain errors when TX server is disabled
|
80
|
+
%r{\A\S+: \S+: .*\[Error from http://tx.fhir.org/r4:} # Catch-all for TX server errors that slip through
|
74
81
|
].freeze
|
75
82
|
|
76
83
|
def self.setup_validator(us_core_version_requirement) # rubocop:disable Metrics/CyclomaticComplexity
|
@@ -250,13 +257,37 @@ module ONCCertificationG10TestKit
|
|
250
257
|
)
|
251
258
|
|
252
259
|
description %(
|
253
|
-
The ONC Certification (g)(10) Standardized API Test
|
254
|
-
Health Level 7 (HL7®) Fast Healthcare Interoperability Resources
|
255
|
-
services seeking to meet the requirements of the Standardized API
|
256
|
-
Patient and Population Services criterion § 170.315(g)(10) in the ONC
|
257
|
-
|
258
|
-
|
259
|
-
|
260
|
+
The ONC Certification (g)(10) Standardized API Test Suite is a testing
|
261
|
+
tool for Health Level 7 (HL7®) Fast Healthcare Interoperability Resources
|
262
|
+
(FHIR®) services seeking to meet the requirements of the Standardized API
|
263
|
+
for Patient and Population Services criterion § 170.315(g)(10) in the ONC
|
264
|
+
Certification Program.
|
265
|
+
|
266
|
+
This test suite is organized into testing scenarios that in sum cover all
|
267
|
+
requirements within the § 170.315(g)(10) certification criterion. The
|
268
|
+
scenarios are intended to be run in order during certification, but can
|
269
|
+
be run out of order to support testing during development or certification
|
270
|
+
preparation. Some scenarios depend on data collected during previous
|
271
|
+
scenarios to function. In these cases, the scenario description describes
|
272
|
+
these dependencies.
|
273
|
+
|
274
|
+
The best way to learn about how to use these tests is the
|
275
|
+
[(g)(10) Standardized API Test Kit walkthrough](https://github.com/onc-healthit/onc-certification-g10-test-kit/wiki/Walkthrough),
|
276
|
+
which demonstrates the tests running against a simulated system.
|
277
|
+
|
278
|
+
The first three scenarios require the system under test to demonstrate
|
279
|
+
basic SMART App Launch functionality. The fourth uses a valid token
|
280
|
+
provided during earlier tests to verify support for the Single Patient API
|
281
|
+
as described in the criterion. The fifth verifies support for the Multi
|
282
|
+
Patient API, including Backend Services for authorization. Not all
|
283
|
+
authorization-related requirements are verified in the first three
|
284
|
+
scenarios, and the 'Additional Authorization Tests' verify these
|
285
|
+
additional requirements. The last scenario contains a list of
|
286
|
+
'attestations' and 'visual inspections' for requirements that could not
|
287
|
+
be verified through automated testing.
|
288
|
+
|
289
|
+
To get started with the first group of scenarios, please first register the
|
290
|
+
Inferno client as a SMART App with the following information:
|
260
291
|
|
261
292
|
* SMART Launch URI: `#{SMARTAppLaunch::AppLaunchTest.config.options[:launch_uri]}`
|
262
293
|
* OAuth Redirect URI: `#{SMARTAppLaunch::AppRedirectTest.config.options[:redirect_uri]}`
|
@@ -266,7 +297,7 @@ module ONCCertificationG10TestKit
|
|
266
297
|
|
267
298
|
* `#{Inferno::Application[:base_url]}/custom/g10_certification/.well-known/jwks.json`
|
268
299
|
|
269
|
-
Systems must pass all tests
|
300
|
+
Systems must pass all tests to qualify for ONC certification.
|
270
301
|
)
|
271
302
|
|
272
303
|
suite_summary %(
|
@@ -314,14 +345,22 @@ module ONCCertificationG10TestKit
|
|
314
345
|
required_suite_options: G10Options::BULK_DATA_2_REQUIREMENT
|
315
346
|
|
316
347
|
group do
|
317
|
-
title 'Additional Tests'
|
348
|
+
title 'Additional Authorization Tests'
|
318
349
|
id 'Group06'
|
319
350
|
description %(
|
320
|
-
|
321
|
-
|
322
|
-
|
323
|
-
|
324
|
-
|
351
|
+
The (g)(10) Standardized Test Suite attempts to minimize effort required
|
352
|
+
by testers by creating scenarios that validate as many requirements as
|
353
|
+
possible with just a handful of SMART App Launches. However, not all
|
354
|
+
SMART App Launch and (g)(10) Standardized API criterion requirements
|
355
|
+
that need to be verified fit within the first few test scenarios in this
|
356
|
+
suite.
|
357
|
+
|
358
|
+
The scenarios contained in this section verify remaining testing
|
359
|
+
requirements for the (g)(10) Standardized API criterion relevant to
|
360
|
+
the SMART App Launch implementation specification. Each of these scenarios
|
361
|
+
need to be run independently. Please read the instructions for each in
|
362
|
+
the 'About' section, as they may require special setup on the part of
|
363
|
+
the tester.
|
325
364
|
)
|
326
365
|
|
327
366
|
default_redirect_message_proc = lambda do |auth_url|
|
@@ -335,6 +374,14 @@ module ONCCertificationG10TestKit
|
|
335
374
|
)
|
336
375
|
end
|
337
376
|
|
377
|
+
config(
|
378
|
+
inputs: {
|
379
|
+
client_auth_encryption_method: {
|
380
|
+
locked: false
|
381
|
+
}
|
382
|
+
}
|
383
|
+
)
|
384
|
+
|
338
385
|
group from: :g10_public_standalone_launch,
|
339
386
|
required_suite_options: G10Options::SMART_1_REQUIREMENT,
|
340
387
|
config: { options: { redirect_message_proc: default_redirect_message_proc } }
|
@@ -362,8 +409,28 @@ module ONCCertificationG10TestKit
|
|
362
409
|
group from: :g10_ehr_patient_launch_stu2,
|
363
410
|
required_suite_options: G10Options::SMART_2_REQUIREMENT
|
364
411
|
|
365
|
-
group from: :
|
412
|
+
group from: :g10_token_introspection
|
413
|
+
|
414
|
+
group from: :g10_asymmetric_launch,
|
415
|
+
required_suite_options: G10Options::SMART_2_REQUIREMENT
|
416
|
+
|
417
|
+
group from: :g10_smart_v1_scopes,
|
418
|
+
required_suite_options: G10Options::SMART_2_REQUIREMENT,
|
419
|
+
config: {
|
420
|
+
inputs: {
|
421
|
+
client_auth_encryption_method: { locked: true }
|
422
|
+
}
|
423
|
+
}
|
424
|
+
|
425
|
+
group from: :g10_smart_fine_grained_scopes,
|
426
|
+
required_suite_options: G10Options::SMART_2_REQUIREMENT.merge(G10Options::US_CORE_6_REQUIREMENT),
|
427
|
+
exclude_optional: true
|
428
|
+
|
429
|
+
group from: :g10_smart_granular_scope_selection,
|
430
|
+
required_suite_options: G10Options::SMART_2_REQUIREMENT.merge(G10Options::US_CORE_6_REQUIREMENT)
|
366
431
|
end
|
432
|
+
|
433
|
+
group from: :g10_visual_inspection_and_attestations
|
367
434
|
end
|
368
435
|
end
|
369
436
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: onc_certification_g10_test_kit
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 6.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Stephen MacVicar
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-08-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bloomer
|
@@ -114,14 +114,14 @@ dependencies:
|
|
114
114
|
requirements:
|
115
115
|
- - '='
|
116
116
|
- !ruby/object:Gem::Version
|
117
|
-
version: 0.4.
|
117
|
+
version: 0.4.3
|
118
118
|
type: :runtime
|
119
119
|
prerelease: false
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
121
121
|
requirements:
|
122
122
|
- - '='
|
123
123
|
- !ruby/object:Gem::Version
|
124
|
-
version: 0.4.
|
124
|
+
version: 0.4.3
|
125
125
|
- !ruby/object:Gem::Dependency
|
126
126
|
name: tls_test_kit
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
@@ -142,14 +142,14 @@ dependencies:
|
|
142
142
|
requirements:
|
143
143
|
- - '='
|
144
144
|
- !ruby/object:Gem::Version
|
145
|
-
version: 0.
|
145
|
+
version: 0.8.0
|
146
146
|
type: :runtime
|
147
147
|
prerelease: false
|
148
148
|
version_requirements: !ruby/object:Gem::Requirement
|
149
149
|
requirements:
|
150
150
|
- - '='
|
151
151
|
- !ruby/object:Gem::Version
|
152
|
-
version: 0.
|
152
|
+
version: 0.8.0
|
153
153
|
- !ruby/object:Gem::Dependency
|
154
154
|
name: database_cleaner-sequel
|
155
155
|
requirement: !ruby/object:Gem::Requirement
|
@@ -249,6 +249,7 @@ files:
|
|
249
249
|
- lib/onc_certification_g10_test_kit.rb
|
250
250
|
- lib/onc_certification_g10_test_kit/authorization_request_builder.rb
|
251
251
|
- lib/onc_certification_g10_test_kit/base_token_refresh_group.rb
|
252
|
+
- lib/onc_certification_g10_test_kit/base_token_refresh_stu2_group.rb
|
252
253
|
- lib/onc_certification_g10_test_kit/bulk_data_authorization.rb
|
253
254
|
- lib/onc_certification_g10_test_kit/bulk_data_group_export_cancel_stu1.rb
|
254
255
|
- lib/onc_certification_g10_test_kit/bulk_data_group_export_cancel_stu2.rb
|
@@ -291,9 +292,13 @@ files:
|
|
291
292
|
- lib/onc_certification_g10_test_kit/single_patient_us_core_5_api_group.rb
|
292
293
|
- lib/onc_certification_g10_test_kit/single_patient_us_core_6_api_group.rb
|
293
294
|
- lib/onc_certification_g10_test_kit/smart_app_launch_invalid_aud_group.rb
|
295
|
+
- lib/onc_certification_g10_test_kit/smart_asymmetric_launch_group.rb
|
294
296
|
- lib/onc_certification_g10_test_kit/smart_ehr_patient_launch_group.rb
|
295
297
|
- lib/onc_certification_g10_test_kit/smart_ehr_patient_launch_group_stu2.rb
|
296
298
|
- lib/onc_certification_g10_test_kit/smart_ehr_practitioner_app_group.rb
|
299
|
+
- lib/onc_certification_g10_test_kit/smart_fine_grained_scopes_group.rb
|
300
|
+
- lib/onc_certification_g10_test_kit/smart_granular_scope_selection_group.rb
|
301
|
+
- lib/onc_certification_g10_test_kit/smart_granular_scope_selection_test.rb
|
297
302
|
- lib/onc_certification_g10_test_kit/smart_invalid_pkce_group.rb
|
298
303
|
- lib/onc_certification_g10_test_kit/smart_invalid_token_group.rb
|
299
304
|
- lib/onc_certification_g10_test_kit/smart_invalid_token_group_stu2.rb
|
@@ -303,9 +308,11 @@ files:
|
|
303
308
|
- lib/onc_certification_g10_test_kit/smart_public_standalone_launch_group_stu2.rb
|
304
309
|
- lib/onc_certification_g10_test_kit/smart_scopes_test.rb
|
305
310
|
- lib/onc_certification_g10_test_kit/smart_standalone_patient_app_group.rb
|
311
|
+
- lib/onc_certification_g10_test_kit/smart_v1_scopes_group.rb
|
306
312
|
- lib/onc_certification_g10_test_kit/tasks/generate_matrix.rb
|
307
313
|
- lib/onc_certification_g10_test_kit/tasks/test_procedure.rb
|
308
314
|
- lib/onc_certification_g10_test_kit/terminology_binding_validator.rb
|
315
|
+
- lib/onc_certification_g10_test_kit/token_introspection_group.rb
|
309
316
|
- lib/onc_certification_g10_test_kit/token_revocation_group.rb
|
310
317
|
- lib/onc_certification_g10_test_kit/unauthorized_access_test.rb
|
311
318
|
- lib/onc_certification_g10_test_kit/unrestricted_resource_type_access_group.rb
|