onc_certification_g10_test_kit 5.4.2 → 6.0.0

data/lib/onc_certification_g10_test_kit/smart_ehr_practitioner_app_group.rb

@@ -26,19 +26,33 @@ module ONCCertificationG10TestKit
     )
 
     description %(
-      Demonstrate the ability to perform an EHR launch to a SMART on FHIR
+      This scenario verifies the ability of a system to perform a single EHR
+      Launch.  Specifically, this scenario performs an EHR launch to a SMART on FHIR
       confidential client with patient context, refresh token, OpenID Connect
       (OIDC) identity token, and (SMART v2 only) use the POST HTTP method for
-      code exchange. After launch, a simple Patient resource read is performed
-      on the patient in context. The access token is then refreshed, and the
-      Patient resource is read using the new access token to ensure that the
-      refresh was successful. Finally, the authentication information provided
-      by OpenID Connect is decoded and validated.
+      code exchange.
+
+      After launch, a simple Patient resource read is performed on the patient
+      in context. The access token is then refreshed, and the Patient resource
+      is read using the new access token to ensure that the refresh was
+      successful. Finally, the authentication information provided by OpenID
+      Connect is decoded and validated.
+
+      Prior to running this scenario, register Inferno as an EHR-launched confidential
+      client with the following information:
+
+      Prior to running this test, register Inferno as an EHR-launched
+      application using the following information:
+
+      * Launch URI: `#{SMARTAppLaunch::AppLaunchTest.config.options[:launch_uri]}`
+      * Redirect URI: `#{SMARTAppLaunch::AppRedirectTest.config.options[:redirect_uri]}`
 
       For EHRs that use Internet Explorer 11 to display embedded apps,
       please review [instructions on how to complete the EHR Practitioner App
       test](https://github.com/onc-healthit/onc-certification-g10-test-kit/wiki/Completing-EHR-Practitioner-App-test-in-Internet-Explorer/).
 
+      The following implementation specifications are relevant to this scenario:
+
       * [SMART on FHIR
         (STU1)](http://www.hl7.org/fhir/smart-app-launch/1.0.0/)
       * [SMART on FHIR
@@ -100,6 +114,7 @@ module ONCCertificationG10TestKit
                required_capabilities: [
                  'launch-ehr',
                  'client-confidential-symmetric',
+                 'client-confidential-asymmetric',
                  'sso-openid-connect',
                  'context-banner',
                  'context-style',
@@ -107,7 +122,8 @@ module ONCCertificationG10TestKit
                  'permission-offline',
                  'permission-user',
                  'authorize-post',
-                 'permission-v2'
+                 'permission-v2',
+                 'permission-v1'
                ]
              }
            }

data/lib/onc_certification_g10_test_kit/smart_fine_grained_scopes_group.rb

@@ -0,0 +1,188 @@
+module ONCCertificationG10TestKit
+  class SmartFineGrainedScopesGroup < USCoreTestKit::USCoreV610::SmartGranularScopesGroup
+    title 'SMART App Launch with fine-grained scopes'
+    short_title 'SMART Launch with Fine-Grained Scopes'
+
+    input_instructions %(
+      If necessary, register Inferno as a standalone application using the following information:
+
+      * Redirect URI: `#{SMARTAppLaunch::AppRedirectTest.config.options[:redirect_uri]}`
+
+      Inferno may be registered multiple times with different `client_ids`, or this
+      may reuse a single registration of Inferno.`
+
+      This test will perform two launches, with each launch requiring a separate
+      separate set of finer-grained scopes to be granted:
+
+      Group 1:
+      * `Condition.rs?category=http://terminology.hl7.org/CodeSystem/condition-category|encounter-diagnosis`
+      * `Condition.rs?category=http://hl7.org/fhir/us/core/CodeSystem/condition-category|health-concern`
+      * `Observation.rs?category=http://terminology.hl7.org/CodeSystem/observation-category|laboratory`
+      * `Observation.rs?category=http://terminology.hl7.org/CodeSystem/observation-category|social-history`
+
+      Group 2:
+      * `Condition.rs?category=http://terminology.hl7.org/CodeSystem/condition-category|problem-list-item`
+      * `Observation.rs?category=http://terminology.hl7.org/CodeSystem/observation-category|vital-signs`
+      * `Observation.rs?category=http://terminology.hl7.org/CodeSystem/observation-category|survey`
+      * `Observation.rs?category=http://hl7.org/fhir/us/core/CodeSystem/us-core-category|sdoh`
+    )
+
+    description <<~DESCRIPTION
+
+      As finalized in the [HTI-1 Final Rule](https://www.federalregister.gov/d/2023-28857/p-1250), Health IT Modules are
+      required to support SMART App Launch v2.0.0 "Finer-grained resource
+      constraints using search parameters" for the "category" parameter for the
+      Condition resource with Condition sub-resources Encounter Diagnosis, Problem
+      List, and Health Concern, and the Observation resource with Observation
+      sub-resources Clinical Test, Laboratory, Social History, SDOH, Survey, and
+      Vital Signs.
+
+      This is also reflected in the (g)(10) Standardized API for patient and
+      populations [Test
+      Procedure](https://www.healthit.gov/test-method/standardized-api-patient-and-population-services#test_procedure):
+
+      > [AUT-PAT-28] SMART v2 scope syntax for patient-level and user-level scopes to support
+        the “permission-v2” “SMART on FHIR® Capability”, including support for
+        finer-grained resource constraints using search parameters according to
+        section 3.0.2.3 of the implementation specification at § 170.215(c)(2) for
+        the “category” parameter for the following resources: (1) Condition
+        resource with Condition sub-resources Encounter Diagnosis, Problem List,
+        and Health Concern; and (2) Observation resource with Observation
+        sub-resources Clinical Test, Laboratory, Social History, SDOH, Survey, and
+        Vital Signs
+
+      Prior to running this scenario, first run the Single Patient API tests using
+      resource-level scopes, as this scenario uses content saved from that scenario
+      as a baseline for comparison when finer-grained scopes are granted.
+
+      This scenario contains two groups of finer-grained scope tests, each of
+      which includes a SMART Standalone Launch that requests a subset of
+      finer-grained scopes, followed by FHIR API requests to verify that scopes
+      are appropriately granted. The app launches require that the subset of the
+      requested finer-grained scopes are granted by the user. The FHIR API tests then repeat all
+      of the queries from the original Single Patient API tests that were run
+      using resource-level scopes, and verify that only resources matching the
+      current finer-grained scopes are returned. Each group requires a separate
+      set of finer-grained scopes to be granted:
+
+      Group 1:
+      * `Condition.rs?category=http://terminology.hl7.org/CodeSystem/condition-category|encounter-diagnosis`
+      * `Condition.rs?category=http://hl7.org/fhir/us/core/CodeSystem/condition-category|health-concern`
+      * `Observation.rs?category=http://terminology.hl7.org/CodeSystem/observation-category|laboratory`
+      * `Observation.rs?category=http://terminology.hl7.org/CodeSystem/observation-category|social-history`
+
+      Group 2:
+      * `Condition.rs?category=http://terminology.hl7.org/CodeSystem/condition-category|problem-list-item`
+      * `Observation.rs?category=http://terminology.hl7.org/CodeSystem/observation-category|vital-signs`
+      * `Observation.rs?category=http://terminology.hl7.org/CodeSystem/observation-category|survey`
+      * `Observation.rs?category=http://hl7.org/fhir/us/core/CodeSystem/us-core-category|sdoh`
+
+      Note that Inferno will only request the finer grained scopes in each case,
+      but the system under test can display more scopes to the tester during
+      authorization.  In this case, it is expected that the tester will only
+      approve the appropriate scopes in each group as described above.
+
+      For more information, please refer to [finer-grained resource constraints
+      using search
+      parameters](https://hl7.org/fhir/smart-app-launch/STU2/scopes-and-launch-context.html#finer-grained-resource-constraints-using-search-parameters).
+
+    DESCRIPTION
+
+    id :g10_smart_fine_grained_scopes
+
+    input :url
+
+    children.each(&:run_as_group)
+
+    # Replace generic finer-grained scope auth group with which allows standalone or
+    # ehr launch with just the standalone launch group
+    granular_scopes_group1 = children.first
+    granular_scopes_group1.children[0] = granular_scopes_group1.children.first.children.first
+    standalone_launch_group1 = granular_scopes_group1.children[0]
+    standalone_launch_group1.required
+
+    granular_scopes_group2 = children.last
+    granular_scopes_group2.children[0] = granular_scopes_group2.children.first.children.first
+    standalone_launch_group2 = granular_scopes_group2.children[0]
+    standalone_launch_group2.required
+
+    # Move the granular scope API groups to the top level
+    api_group1 = granular_scopes_group1.children.pop
+    api_group1.children.each do |group|
+      group.children.select!(&:required?)
+      granular_scopes_group1.children << group
+    end
+
+    api_group2 = granular_scopes_group2.children.pop
+    api_group2.children.each do |group|
+      group.children.select!(&:required?)
+      granular_scopes_group2.children << group
+    end
+
+    # Remove OIDC and refresh token tests
+    standalone_launch_group1.children.pop(2)
+    standalone_launch_group2.children.pop(2)
+
+    config(
+      inputs: {
+        authorization_method: {
+          name: :granular_scopes_authorization_method,
+          title: 'Granular Scopes Authorization Request Method'
+        },
+        client_auth_type: {
+          name: :granular_scopes_client_auth_type,
+          title: 'Granular Scopes Client Authentication Type'
+        },
+        received_scopes: {
+          name: :standalone_received_scopes
+        }
+      }
+    )
+
+    granular_scopes_group1.config(
+      inputs: {
+        client_id: {
+          name: :granular_scopes1_client_id,
+          title: 'Granular Scopes Group 1 Client ID'
+        },
+        client_secret: {
+          name: :granular_scopes1_client_secret,
+          title: 'Granular Scopes Group 1 Client Secret'
+        },
+        requested_scopes: {
+          title: 'Granular Scopes Group 1 Scopes'
+        }
+      }
+    )
+
+    granular_scopes_group2.config(
+      inputs: {
+        client_id: {
+          name: :granular_scopes2_client_id,
+          title: 'Granular Scopes Group 2 Client ID'
+        },
+        client_secret: {
+          name: :granular_scopes2_client_secret,
+          title: 'Granular Scopes Group 2 Client Secret'
+        },
+        requested_scopes: {
+          title: 'Granular Scopes Group 2 Scopes'
+        }
+      }
+    )
+
+    input_order :url,
+                :granular_scopes1_client_id,
+                :requested_scopes_group1,
+                :granular_scopes_authorization_method,
+                :granular_scopes_client_auth_type,
+                :granular_scopes1_client_secret,
+                :client_auth_encryption_method,
+                :granular_scopes2_client_id,
+                :requested_scopes_group2,
+                :granular_scopes2_client_secret,
+                :use_pkce,
+                :pkce_code_challenge_method,
+                :patient_ids
+  end
+end

data/lib/onc_certification_g10_test_kit/smart_granular_scope_selection_group.rb

@@ -0,0 +1,150 @@
+require_relative 'smart_scopes_test'
+require_relative 'smart_granular_scope_selection_test'
+
+module ONCCertificationG10TestKit
+  class SmartGranularScopeSelectionGroup < Inferno::TestGroup
+    title 'SMART Granular Scope Selection'
+    short_title 'SMART Granular Scope Selection'
+    id :g10_smart_granular_scope_selection
+
+    input_instructions %(
+      If necessary, register Inferno as a standalone application using the following information:
+
+      * Redirect URI: `#{SMARTAppLaunch::AppRedirectTest.config.options[:redirect_uri]}`
+
+      Once the test is running, Inferno will perform a launch.  The tester must grant
+      a sub-resource scope for each Conditoin and Observation, instead of granting
+      access to all Condition and Observation resources:
+
+      * “Condition” sub-resource scopes “Encounter Diagnosis”, “Problem List”,
+          and “Health Concern”
+      * “Observation” sub-resource scopes “Clinical Test”, “Laboratory”,
+          “Social History”, “SDOH”, “Survey”, and “Vital Signs”
+
+      Additionally, please grant access to the Patient scope.
+
+    )
+
+    description <<~DESCRIPTION
+      This scenario verifies that when resource-level scopes are requested for
+      Condition and Observation resources, the user is presented with the option
+      of granting sub-resource scopes instead of the requested resource-level scope if desired.
+
+      This scenario verifies that system behavior is consistent with the
+      following clarification provided in the §170.315(g)(10) Standardized API
+      for patient and population services [Certification Companion
+      Guide](https://www.healthit.gov/test-method/standardized-api-patient-and-population-services#ccg):
+
+      > As part of supporting the SMART App Launch “permission-v2” capability
+        for the purposes of certification, if an app requests authorization for
+        a resource level scope for the “Condition” or “Observation” resources,
+        then for patient authorization purposes a Health IT Module must support
+        presentation of the required sub-resource scopes to the patient for
+        authorization. Specifically, sub-resource scopes must be presented for
+        patient authorization as follows:
+
+      > * “Condition” sub-resource scopes “Encounter Diagnosis”, “Problem List”,
+          and “Health Concern” if a “Condition” resource level scope is
+          requested
+      > * “Observation” sub-resource scopes “Clinical Test”, “Laboratory”,
+          “Social History”, “SDOH”, “Survey”, and “Vital Signs” if an
+          “Observation” resource level scope is requested
+
+      The tests request SMART App Launch v2 resource-level Condition and
+      Observation scopes. In each instance, the user must not grant the
+      resource-level scopes and instead grant any valid sub-resource scope for
+      Condition and Observation listed above. This scenario also requires that a
+      resource-level Patient scope be granted.
+
+      This scenario only verifies that sub-resource scopes are granted as returned by the
+      authorization system during the SMART App Launch process, and does not
+      attempt to access resources to verify accuracy of the granted scopes.
+
+    DESCRIPTION
+
+    run_as_group
+
+    config(
+      inputs: {
+        use_pkce: {
+          default: 'true',
+          locked: true
+        },
+        pkce_code_challenge_method: {
+          locked: true
+        },
+        granular_scope_selection_authorization_method: {
+          name: :granular_scope_selection_authorization_method,
+          default: 'get'
+        },
+        client_auth_type: {
+          name: :granular_scope_selection_client_auth_type,
+          default: 'confidential_asymmetric'
+        }
+      }
+    )
+
+    group from: :smart_discovery_stu2
+
+    group from: :smart_standalone_launch_stu2 do
+      id :g10_granular_scope_selection_v2_scopes
+      title 'Granular Scope Selection with v2 Scopes'
+
+      config(
+        inputs: {
+          client_id: {
+            name: :granular_scope_selection_v2_client_id,
+            title: 'Granular Scope Selection w/v2 Scopes Client ID'
+          },
+          client_secret: {
+            name: :granular_scope_selection_v2_client_secret,
+            title: 'Granular Scope Selection w/v2 Scopes Client Secret',
+            default: nil,
+            optional: true
+          },
+          requested_scopes: {
+            name: :granular_scope_selection_v2_requested_scopes,
+            title: 'Granular Scope Selection v2 Scopes',
+            default: %(
+              launch/patient openid fhirUser offline_access patient/Condition.rs
+              patient/Observation.rs patient/Patient.rs
+            ).gsub(/\s{2,}/, ' ').strip
+          },
+          received_scopes: { name: :granular_scope_selection_v2_received_scopes }
+        },
+        outputs: {
+          requested_scopes: { name: :granular_scope_selection_v2_requested_scopes },
+          received_scopes: { name: :granular_scope_selection_v2_received_scopes }
+        },
+        options: {
+          redirect_message_proc: proc do |auth_url|
+            %(
+              ### #{self.class.parent&.parent&.title}
+
+              [Follow this link to authorize with the SMART server](#{auth_url}).
+
+              Tests will resume once Inferno receives a request at
+              `#{config.options[:redirect_uri]}` with a state of `#{state}`.
+            )
+          end
+        }
+      )
+
+      test from: :g10_smart_scopes do
+        config(
+          options: {
+            scope_version: :v2,
+            required_scope_type: 'patient',
+            required_scopes: ['openid', 'fhirUser', 'launch/patient', 'offline_access']
+          }
+        )
+
+        def patient_compartment_resource_types
+          ['Patient', 'Condition', 'Observation']
+        end
+      end
+
+      test from: :g10_smart_granular_scope_selection
+    end
+  end
+end

data/lib/onc_certification_g10_test_kit/smart_granular_scope_selection_test.rb

@@ -0,0 +1,53 @@
+module ONCCertificationG10TestKit
+  class SMARTGranularScopeSelectionTest < Inferno::Test
+    title 'Granular Scope Selection'
+    description %(
+      This test verifies that granular scopes have been issued for Condition and
+      Observation resources, and that a v2 read scope has been issued for the
+      Patient resource.
+    )
+    id :g10_smart_granular_scope_selection
+    input :requested_scopes, :received_scopes
+
+    def resources_with_granular_scopes
+      ['Condition', 'Observation']
+    end
+
+    def resource_level_scope_regex(resource_type)
+      /#{resource_type}\.(\*|read|c?ru?d?s?)\z/
+    end
+
+    def v2_resource_level_scope_regex(resource_type)
+      /#{resource_type}\.(\*|c?ru?d?s?)\z/
+    end
+
+    def granular_scope_regex(resource_type)
+      /#{resource_type}\.(\*|c?ru?d?s?)\?.+=.+/
+    end
+
+    run do
+      assert requested_scopes.present?
+      requested_scopes = self.requested_scopes.split
+      (resources_with_granular_scopes + ['Patient']).each do |resource_type|
+        assert requested_scopes.any? { |scope| scope.match(resource_level_scope_regex(resource_type)) },
+               "No resource-level scope was requested for #{resource_type}"
+
+        granular_scope = requested_scopes.find { |scope| scope.match(granular_scope_regex(resource_type)) }
+        assert granular_scope.nil?, "Granular scope was requested: #{granular_scope}"
+      end
+
+      assert received_scopes.present?
+      received_scopes = self.received_scopes.split
+
+      resources_with_granular_scopes.each do |resource_type|
+        resource_level_scope = received_scopes.find { |scope| scope.match?(resource_level_scope_regex(resource_type)) }
+        assert resource_level_scope.nil?, "Resource-level scope was granted: #{resource_level_scope}"
+        assert received_scopes.any? { |scope| scope.match?(granular_scope_regex(resource_type)) },
+               "No granular scopes were granted for #{resource_type}"
+      end
+
+      assert received_scopes.any? { |scope| scope.match?(v2_resource_level_scope_regex('Patient')) },
+             'No v2 resource-level scope was granted for Patient'
+    end
+  end
+end

data/lib/onc_certification_g10_test_kit/smart_invalid_pkce_group.rb

@@ -41,21 +41,20 @@ module ONCCertificationG10TestKit
   end
 
   class SMARTInvalidPKCEGroup < Inferno::TestGroup
-    title 'SMART App Launch Error: Invalid PKCE Code Verifier'
-    short_title 'SMART Invalid PKCE Code Verifier'
+    title 'Invalid PKCE Code Verifier'
+    short_title 'Invalid PKCE Code Verifier'
     input_instructions %(
       Register Inferno as a standalone application using the following information:
 
       * Redirect URI: `#{SMARTAppLaunch::AppRedirectTest.config.options[:redirect_uri]}`
     )
     description %(
-      # Background
-
-      The #{title} Group verifies that a SMART Launch Sequence, specifically the
+      This scenario verifies that a SMART Launch Sequence, specifically the
       [Standalone
       Launch](http://hl7.org/fhir/smart-app-launch/STU2/app-launch.html#launch-app-standalone-launch)
-      Sequence, verifies that servers properly support PKCE.  It does this by ensuring the launch fails
-      in the case where the client sends an invalid PKCE `code_verifier`.
+      Sequence, verifies that servers properly support PKCE.  It does this by
+      ensuring the launch fails in the case where the client sends an invalid
+      PKCE `code_verifier`.
 
       This group performs four launches with various forms of an invalid `code_verifier`
       (e.g. incorrect `code_verifier`, blank `code_identifier`) and verifies that these do

data/lib/onc_certification_g10_test_kit/smart_invalid_token_group.rb

@@ -1,25 +1,23 @@
 module ONCCertificationG10TestKit
   class SMARTInvalidTokenGroup < Inferno::TestGroup
-    title 'SMART App Launch Error: Invalid Access Token Request'
-    short_title 'SMART Invalid Token Request'
+    title 'Invalid Access Token Request'
+    short_title 'Invalid Token Request'
     input_instructions %(
       Register Inferno as a standalone application using the following information:
 
       * Redirect URI: `#{SMARTAppLaunch::AppRedirectTest.config.options[:redirect_uri]}`
     )
     description %(
-      # Background
-
-      The Invalid Access Token Request Sequence verifies that a SMART Launch
+      This scenario verifies that a SMART Launch
       Sequence, specifically the [Standalone
-      Launch](http://hl7.org/fhir/smart-app-launch/1.0.0/index.html#standalone-launch-sequence)
-      Sequence, does not work in the case where the client sends an invalid
+      Launch](http://hl7.org/fhir/smart-app-launch/STU2/app-launch.html#launch-app-standalone-launch)
+      Sequence, does not succeed in the case where the client sends an invalid
       Authorization code or client ID during the code exchange step. This must
       not result in a successful launch.
 
-      This test is not included as part of a regular SMART Launch Sequence
-      because some servers may not accept an authorization code after it has
-      been used unsuccessfully in this manner.
+      This test is not included as part of earlier scenarios because some
+      servers may not accept an authorization code after it has been used
+      unsuccessfully in this manner.
     )
     id :g10_smart_invalid_token_request
     run_as_group

data/lib/onc_certification_g10_test_kit/smart_invalid_token_group_stu2.rb

@@ -1,25 +1,23 @@
 module ONCCertificationG10TestKit
   class SMARTInvalidTokenGroupSTU2 < Inferno::TestGroup
-    title 'SMART App Launch Error: Invalid Access Token Request'
-    short_title 'SMART Invalid Token Request'
+    title 'Invalid Access Token Request'
+    short_title 'Invalid Token Request'
     input_instructions %(
       Register Inferno as a standalone application using the following information:
 
       * Redirect URI: `#{SMARTAppLaunch::AppRedirectTest.config.options[:redirect_uri]}`
     )
     description %(
-      # Background
-
-      The Invalid Access Token Request Sequence verifies that a SMART Launch
+      This scenario verifies that a SMART Launch
       Sequence, specifically the [Standalone
       Launch](http://hl7.org/fhir/smart-app-launch/STU2/app-launch.html#launch-app-standalone-launch)
-      Sequence, does not work in the case where the client sends an invalid
+      Sequence, does not succeed in the case where the client sends an invalid
       Authorization code or client ID during the code exchange step. This must
       not result in a successful launch.
 
-      This test is not included as part of a regular SMART Launch Sequence
-      because some servers may not accept an authorization code after it has
-      been used unsuccessfully in this manner.
+      This test is not included as part of earlier scenarios because some
+      servers may not accept an authorization code after it has been used
+      unsuccessfully in this manner.
     )
     id :g10_smart_invalid_token_request_stu2
     run_as_group

data/lib/onc_certification_g10_test_kit/smart_limited_app_group.rb

@@ -9,8 +9,8 @@ module ONCCertificationG10TestKit
     short_title 'Limited Access App'
 
     input_instructions %(
-      The purpose of this test is to demonstrate that app users can restrict
-      access granted to apps to a limited number of resources. Enter which
+      The purpose of this test is to verify that patient app users can restrict
+      access granted to apps to a limited number of resources Enter which
       resources the user will grant access to below, and during the launch
       process only grant access to those resources. Inferno will verify that
       access granted matches these expectations.
@@ -20,7 +20,7 @@ module ONCCertificationG10TestKit
     )
 
     description %(
-      This scenario demonstrates the ability to perform a Patient Standalone
+      This scenario verifies the ability of a system to perform a Patient Standalone
       Launch to a SMART on FHIR confidential client with limited access granted
       to the app based on user input. The tester is expected to grant the
       application access to a subset of desired resource types. The launch is
@@ -28,6 +28,8 @@ module ONCCertificationG10TestKit
       App test, demonstrating that the user has control over what scopes are
       granted to the app as required in the (g)(10) Standardized API criterion.
 
+      The following implementation specifications are relevant to this scenario:
+
       * [SMART on FHIR
         (STU1)](http://www.hl7.org/fhir/smart-app-launch/1.0.0/)
       * [SMART on FHIR

data/lib/onc_certification_g10_test_kit/smart_public_standalone_launch_group.rb

@@ -1,7 +1,7 @@
 module ONCCertificationG10TestKit
   class SMARTPublicStandaloneLaunchGroup < SMARTAppLaunch::StandaloneLaunchGroup
-    title 'SMART Public Client Standalone Launch with OpenID Connect'
-    short_title 'SMART Public Client Launch'
+    title 'Public Client Standalone Launch with OpenID Connect'
+    short_title 'Public Client Launch'
     input_instructions %(
       Register Inferno as a standalone application using the following information:
 
@@ -13,23 +13,21 @@ module ONCCertificationG10TestKit
       (offline_access), and patient context (launch/patient) are required.
     )
     description %(
-      # Background
 
-      The [Standalone
-      Launch](http://hl7.org/fhir/smart-app-launch/1.0.0/index.html#standalone-launch-sequence)
-      Sequence allows an app, like Inferno, to be launched independent of an
-      existing EHR session. It is one of the two launch methods described in
-      the SMART App Launch Framework alongside EHR Launch. The app will
-      request authorization for the provided scope from the authorization
-      endpoint, ultimately receiving an authorization token which can be
-      used to gain access to resources on the FHIR server.
+      This scenario verifies the ability of systems to support public clients
+      as described in the SMART App Launch implementation specification.  Previous
+      scenarios have not required the system under test to demonstrate this
+      specific type of SMART App Launch client.
 
-      # Test Methodology
+      Prior to executing this test, register Inferno as a public standalone
+      application using the following information:
 
-      Inferno will redirect the user to the the authorization endpoint so
-      that they may provide any required credentials and authorize the
-      application. Upon successful authorization, Inferno will exchange the
-      authorization code provided for an access token.
+      * Redirect URI: `#{SMARTAppLaunch::AppRedirectTest.config.options[:redirect_uri]}`
+
+      Inferno will act as a public client redirect the tester to the the
+      authorization endpoint so that they may provide any required credentials
+      and authorize the application. Upon successful authorization, Inferno will
+      exchange the authorization code provided for an access token.
 
       For more information on the #{title}: