onc_certification_g10_test_kit 7.1.0 → 7.2.0

data/lib/onc_certification_g10_test_kit/smart_public_standalone_launch_group_stu2.rb

@@ -1,5 +1,9 @@
+require_relative 'scope_constants'
+
 module ONCCertificationG10TestKit
   class SMARTPublicStandaloneLaunchGroupSTU2 < SMARTAppLaunch::StandaloneLaunchGroupSTU2
+    include ScopeConstants
+
     title 'Public Client Standalone Launch with OpenID Connect'
     short_title 'Public Client Launch'
     input_instructions %(
@@ -38,31 +42,28 @@ module ONCCertificationG10TestKit
 
     config(
       inputs: {
-        client_id: {
-          name: :public_client_id,
-          title: 'Public Launch Client ID'
-        },
-        client_secret: {
-          name: :public_client_secret,
-          title: 'Public Launch Client Secret',
-          default: nil,
-          optional: true,
-          locked: true
-        },
-        requested_scopes: {
-          name: :public_requested_scopes,
-          title: 'Public Launch Scope',
-          default: %(
-            launch/patient openid fhirUser offline_access patient/Medication.rs
-            patient/AllergyIntolerance.rs patient/CarePlan.rs
-            patient/CareTeam.rs patient/Condition.rs patient/Device.rs
-            patient/DiagnosticReport.rs patient/DocumentReference.rs
-            patient/Encounter.rs patient/Goal.rs patient/Immunization.rs
-            patient/Location.rs patient/MedicationRequest.rs
-            patient/Observation.rs patient/Organization.rs patient/Patient.rs
-            patient/Practitioner.rs patient/Procedure.rs patient/Provenance.rs
-            patient/PractitionerRole.rs
-          ).gsub(/\s{2,}/, ' ').strip
+        smart_auth_info: {
+          name: :public_smart_auth_info,
+          title: 'Public Launch Credentials',
+          options: {
+            mode: 'auth',
+            components: [
+              {
+                name: :auth_type,
+                default: 'public',
+                locked: true
+              },
+              {
+                name: :auth_request_method,
+                default: 'GET',
+                locked: true
+              },
+              {
+                name: :requested_scopes,
+                default: STANDALONE_SMART_2_SCOPES
+              }
+            ]
+          }
         },
         url: {
           title: 'Public Launch FHIR Endpoint',
@@ -74,43 +75,19 @@ module ONCCertificationG10TestKit
         state: {
           name: :public_state
         },
-        smart_authorization_url: {
-          title: 'OAuth 2.0 Authorize Endpoint',
-          description: 'OAuth 2.0 Authorize Endpoint provided during the patient standalone launch'
-        },
-        smart_token_url: {
-          title: 'OAuth 2.0 Token Endpoint',
-          description: 'OAuth 2.0 Token Endpoint provided during the patient standalone launch'
-        },
-        smart_credentials: {
-          name: :public_smart_credentials
-        },
-        use_pkce: {
-          default: 'true',
-          locked: true
-        },
-        pkce_code_challenge_method: {
-          locked: true
-        },
-        client_auth_type: {
-          name: :public_client_auth_type,
-          locked: true,
-          default: 'public'
+        patient_id: {
+          name: :public_patient_id
         }
       },
       outputs: {
         code: { name: :public_code },
-        token_retrieval_time: { name: :public_token_retrieval_time },
         state: { name: :public_state },
         id_token: { name: :public_id_token },
-        refresh_token: { name: :public_refresh_token },
-        access_token: { name: :public_access_token },
-        expires_in: { name: :public_expires_in },
         patient_id: { name: :public_patient_id },
         encounter_id: { name: :public_encounter_id },
         received_scopes: { name: :public_received_scopes },
         intent: { name: :public_intent },
-        smart_credentials: { name: :public_smart_credentials }
+        smart_auth_info: { name: :public_smart_auth_info }
       },
       requests: {
         redirect: { name: :public_redirect },
@@ -118,24 +95,7 @@ module ONCCertificationG10TestKit
       }
     )
 
-    input_order :url,
-                :public_client_id,
-                :public_client_secret,
-                :public_requested_scopes,
-                :use_pkce,
-                :pkce_code_challenge_method,
-                :smart_authorization_url,
-                :smart_token_url,
-                :authorization_method,
-                :public_client_auth_type
-
-    test from: :g10_patient_context,
-         config: {
-           inputs: {
-             patient_id: { name: :public_patient_id },
-             smart_credentials: { name: :public_smart_credentials }
-           }
-         }
+    test from: :g10_patient_context
 
     test do
       title 'OAuth token exchange response contains OpenID Connect id_token'
@@ -155,8 +115,9 @@ module ONCCertificationG10TestKit
       end
     end
 
-    children.each do |child|
-      child.inputs.delete(:client_auth_encryption_method)
-    end
+    test from: :well_known_endpoint
+
+    # Move the well-known endpoint test to the beginning
+    children.prepend(children.pop)
   end
 end

data/lib/onc_certification_g10_test_kit/smart_public_standalone_launch_group_stu2_2.rb

@@ -1,5 +1,9 @@
+require_relative 'scope_constants'
+
 module ONCCertificationG10TestKit
   class SMARTPublicStandaloneLaunchGroupTestSTU22 < SMARTAppLaunch::StandaloneLaunchGroupSTU2
+    include ScopeConstants
+
     title 'Public Client Standalone Launch with OpenID Connect'
     short_title 'Public Client Launch'
     input_instructions %(
@@ -38,31 +42,28 @@ module ONCCertificationG10TestKit
 
     config(
       inputs: {
-        client_id: {
-          name: :public_client_id,
-          title: 'Public Launch Client ID'
-        },
-        client_secret: {
-          name: :public_client_secret,
-          title: 'Public Launch Client Secret',
-          default: nil,
-          optional: true,
-          locked: true
-        },
-        requested_scopes: {
-          name: :public_requested_scopes,
-          title: 'Public Launch Scope',
-          default: %(
-            launch/patient openid fhirUser offline_access patient/Medication.rs
-            patient/AllergyIntolerance.rs patient/CarePlan.rs
-            patient/CareTeam.rs patient/Condition.rs patient/Device.rs
-            patient/DiagnosticReport.rs patient/DocumentReference.rs
-            patient/Encounter.rs patient/Goal.rs patient/Immunization.rs
-            patient/Location.rs patient/MedicationRequest.rs
-            patient/Observation.rs patient/Organization.rs patient/Patient.rs
-            patient/Practitioner.rs patient/Procedure.rs patient/Provenance.rs
-            patient/PractitionerRole.rs
-          ).gsub(/\s{2,}/, ' ').strip
+        smart_auth_info: {
+          name: :public_smart_auth_info,
+          title: 'Public Launch Credentials',
+          options: {
+            mode: 'auth',
+            components: [
+              {
+                name: :auth_type,
+                default: 'public',
+                locked: true
+              },
+              {
+                name: :auth_request_method,
+                default: 'GET',
+                locked: true
+              },
+              {
+                name: :requested_scopes,
+                default: STANDALONE_SMART_2_SCOPES
+              }
+            ]
+          }
         },
         url: {
           title: 'Public Launch FHIR Endpoint',
@@ -74,43 +75,19 @@ module ONCCertificationG10TestKit
         state: {
           name: :public_state
         },
-        smart_authorization_url: {
-          title: 'OAuth 2.0 Authorize Endpoint',
-          description: 'OAuth 2.0 Authorize Endpoint provided during the patient standalone launch'
-        },
-        smart_token_url: {
-          title: 'OAuth 2.0 Token Endpoint',
-          description: 'OAuth 2.0 Token Endpoint provided during the patient standalone launch'
-        },
-        smart_credentials: {
-          name: :public_smart_credentials
-        },
-        use_pkce: {
-          default: 'true',
-          locked: true
-        },
-        pkce_code_challenge_method: {
-          locked: true
-        },
-        client_auth_type: {
-          name: :public_client_auth_type,
-          locked: true,
-          default: 'public'
+        patient_id: {
+          name: :public_patient_id
         }
       },
       outputs: {
         code: { name: :public_code },
-        token_retrieval_time: { name: :public_token_retrieval_time },
         state: { name: :public_state },
         id_token: { name: :public_id_token },
-        refresh_token: { name: :public_refresh_token },
-        access_token: { name: :public_access_token },
-        expires_in: { name: :public_expires_in },
         patient_id: { name: :public_patient_id },
         encounter_id: { name: :public_encounter_id },
         received_scopes: { name: :public_received_scopes },
         intent: { name: :public_intent },
-        smart_credentials: { name: :public_smart_credentials }
+        smart_auth_info: { name: :public_smart_auth_info }
       },
       requests: {
         redirect: { name: :public_redirect },
@@ -118,24 +95,7 @@ module ONCCertificationG10TestKit
       }
     )
 
-    input_order :url,
-                :public_client_id,
-                :public_client_secret,
-                :public_requested_scopes,
-                :use_pkce,
-                :pkce_code_challenge_method,
-                :smart_authorization_url,
-                :smart_token_url,
-                :authorization_method,
-                :public_client_auth_type
-
-    test from: :g10_patient_context,
-         config: {
-           inputs: {
-             patient_id: { name: :public_patient_id },
-             smart_credentials: { name: :public_smart_credentials }
-           }
-         }
+    test from: :g10_patient_context
 
     test do
       title 'OAuth token exchange response contains OpenID Connect id_token'
@@ -155,8 +115,9 @@ module ONCCertificationG10TestKit
       end
     end
 
-    children.each do |child|
-      child.inputs.delete(:client_auth_encryption_method)
-    end
+    test from: :well_known_endpoint
+
+    # Move the well-known endpoint test to the beginning
+    children.prepend(children.pop)
   end
 end

data/lib/onc_certification_g10_test_kit/smart_scopes_test.rb

@@ -8,7 +8,8 @@ module ONCCertificationG10TestKit
       smart-app-launch guide. All scopes requested are expected to be granted.
     )
     id :g10_smart_scopes
-    input :requested_scopes, :received_scopes
+    input :smart_auth_info, type: 'auth_info'
+    input :received_scopes
     uses_request :token
 
     VALID_RESOURCE_TYPES = [
@@ -95,6 +96,10 @@ module ONCCertificationG10TestKit
       VALID_RESOURCE_TYPES
     end
 
+    def requested_scopes
+      smart_auth_info.requested_scopes
+    end
+
     def required_scope_type
       config.options[:required_scope_type]
     end

data/lib/onc_certification_g10_test_kit/smart_standalone_patient_app_group.rb

@@ -1,5 +1,6 @@
 require_relative 'base_token_refresh_group'
 require_relative 'patient_context_test'
+require_relative 'scope_constants'
 require_relative 'smart_invalid_token_refresh_test'
 require_relative 'smart_scopes_test'
 require_relative 'unauthorized_access_test'
@@ -9,6 +10,8 @@ require_relative 'incorrectly_permitted_tls_versions_messages_setup_test'
 
 module ONCCertificationG10TestKit
   class SmartStandalonePatientAppGroup < Inferno::TestGroup
+    include ScopeConstants
+
     title 'Standalone Patient App - Full Access'
     short_title 'Standalone Patient App'
 
@@ -56,26 +59,41 @@ module ONCCertificationG10TestKit
 
     config(
       inputs: {
-        client_secret: {
-          optional: false,
-          name: :standalone_client_secret
+        smart_auth_info: {
+          name: :standalone_smart_auth_info,
+          title: 'Standalone Launch Credentials',
+          options: {
+            mode: 'auth',
+            components: [
+              {
+                name: :auth_type,
+                default: 'symmetric',
+                locked: true
+              },
+              {
+                name: :auth_request_method,
+                default: 'GET',
+                locked: true
+              },
+              {
+                name: :use_discovery,
+                locked: true
+              }
+            ]
+          }
         }
       }
     )
 
-    input_order :url,
-                :standalone_client_id,
-                :standalone_client_secret,
-                :standalone_requested_scopes,
-                :use_pkce,
-                :pkce_code_challenge_method,
-                :standalone_authorization_method,
-                :client_auth_type,
-                :client_auth_encryption_method
-
     group from: :smart_discovery do
       required_suite_options(G10Options::SMART_1_REQUIREMENT)
 
+      config(
+        outputs: {
+          smart_auth_info: { name: :standalone_smart_auth_info }
+        }
+      )
+
       test from: 'g10_smart_well_known_capabilities',
            config: {
              options: {
@@ -121,6 +139,12 @@ module ONCCertificationG10TestKit
     group from: :smart_discovery_stu2 do
       required_suite_options(G10Options::SMART_2_REQUIREMENT)
 
+      config(
+        outputs: {
+          smart_auth_info: { name: :standalone_smart_auth_info }
+        }
+      )
+
       test from: 'g10_smart_well_known_capabilities',
            config: {
              options: {
@@ -143,6 +167,13 @@ module ONCCertificationG10TestKit
 
     group from: :smart_discovery_stu2_2 do # rubocop:disable Naming/VariableNumber
       required_suite_options(G10Options::SMART_2_2_REQUIREMENT)
+
+      config(
+        outputs: {
+          smart_auth_info: { name: :standalone_smart_auth_info }
+        }
+      )
+
       test from: 'g10_smart_well_known_capabilities',
            config: {
              options: {
@@ -194,19 +225,16 @@ module ONCCertificationG10TestKit
 
       config(
         inputs: {
-          requested_scopes: {
-            default: %(
-              launch/patient openid fhirUser offline_access
-              patient/Medication.read patient/AllergyIntolerance.read
-              patient/CarePlan.read patient/CareTeam.read patient/Condition.read
-              patient/Device.read patient/DiagnosticReport.read
-              patient/DocumentReference.read patient/Encounter.read
-              patient/Goal.read patient/Immunization.read patient/Location.read
-              patient/MedicationRequest.read patient/Observation.read
-              patient/Organization.read patient/Patient.read
-              patient/Practitioner.read patient/Procedure.read
-              patient/Provenance.read patient/PractitionerRole.read
-            ).gsub(/\s{2,}/, ' ').strip
+          smart_auth_info: {
+            name: :standalone_smart_auth_info,
+            options: {
+              components: [
+                {
+                  name: :requested_scopes,
+                  default: STANDALONE_SMART_1_SCOPES
+                }
+              ]
+            }
           }
         }
       )
@@ -214,7 +242,6 @@ module ONCCertificationG10TestKit
       test from: :g10_smart_scopes do
         config(
           inputs: {
-            requested_scopes: { name: :standalone_requested_scopes },
             received_scopes: { name: :standalone_received_scopes }
           },
           options: {
@@ -236,7 +263,7 @@ module ONCCertificationG10TestKit
            config: {
              inputs: {
                patient_id: { name: :standalone_patient_id },
-               smart_credentials: { name: :standalone_smart_credentials }
+               smart_auth_info: { name: :standalone_smart_auth_info }
              }
            }
 
@@ -257,27 +284,7 @@ module ONCCertificationG10TestKit
       )
     end
 
-    group from: :smart_standalone_launch_stu2,
-          config: {
-            inputs: {
-              use_pkce: {
-                default: 'true',
-                locked: true
-              },
-              pkce_code_challenge_method: {
-                locked: true
-              },
-              authorization_method: {
-                name: :standalone_authorization_method,
-                default: 'get',
-                locked: true
-              },
-              client_auth_type: {
-                locked: true,
-                default: 'confidential_symmetric'
-              }
-            }
-          } do
+    group from: :smart_standalone_launch_stu2 do
       required_suite_options(G10Options::SMART_2_REQUIREMENT)
 
       title 'Standalone Launch With Patient Scope'
@@ -308,19 +315,16 @@ module ONCCertificationG10TestKit
 
       config(
         inputs: {
-          requested_scopes: {
-            default: %(
-              launch/patient openid fhirUser offline_access
-              patient/Medication.rs patient/AllergyIntolerance.rs
-              patient/CarePlan.rs patient/CareTeam.rs patient/Condition.rs
-              patient/Device.rs patient/DiagnosticReport.rs
-              patient/DocumentReference.rs patient/Encounter.rs
-              patient/Goal.rs patient/Immunization.rs patient/Location.rs
-              patient/MedicationRequest.rs patient/Observation.rs
-              patient/Organization.rs patient/Patient.rs
-              patient/Practitioner.rs patient/Procedure.rs
-              patient/Provenance.rs patient/PractitionerRole.rs
-            ).gsub(/\s{2,}/, ' ').strip
+          smart_auth_info: {
+            name: :standalone_smart_auth_info,
+            options: {
+              components: [
+                {
+                  name: :requested_scopes,
+                  default: STANDALONE_SMART_2_SCOPES
+                }
+              ]
+            }
           }
         }
       )
@@ -350,7 +354,7 @@ module ONCCertificationG10TestKit
            config: {
              inputs: {
                patient_id: { name: :standalone_patient_id },
-               smart_credentials: { name: :standalone_smart_credentials }
+               smart_auth_info: { name: :standalone_smart_auth_info }
              }
            }
 
@@ -371,27 +375,7 @@ module ONCCertificationG10TestKit
       )
     end
 
-    group from: :smart_standalone_launch_stu2_2, # rubocop:disable Naming/VariableNumber
-          config: {
-            inputs: {
-              use_pkce: {
-                default: 'true',
-                locked: true
-              },
-              pkce_code_challenge_method: {
-                locked: true
-              },
-              authorization_method: {
-                name: :standalone_authorization_method,
-                default: 'get',
-                locked: true
-              },
-              client_auth_type: {
-                locked: true,
-                default: 'confidential_symmetric'
-              }
-            }
-          } do
+    group from: :smart_standalone_launch_stu2_2 do # rubocop:disable Naming/VariableNumber
       required_suite_options(G10Options::SMART_2_2_REQUIREMENT)
       title 'Standalone Launch With Patient Scope'
       description %(
@@ -421,19 +405,16 @@ module ONCCertificationG10TestKit
 
       config(
         inputs: {
-          requested_scopes: {
-            default: %(
-              launch/patient openid fhirUser offline_access
-              patient/Medication.rs patient/AllergyIntolerance.rs
-              patient/CarePlan.rs patient/CareTeam.rs patient/Condition.rs
-              patient/Device.rs patient/DiagnosticReport.rs
-              patient/DocumentReference.rs patient/Encounter.rs
-              patient/Goal.rs patient/Immunization.rs patient/Location.rs
-              patient/MedicationRequest.rs patient/Observation.rs
-              patient/Organization.rs patient/Patient.rs
-              patient/Practitioner.rs patient/Procedure.rs
-              patient/Provenance.rs patient/PractitionerRole.rs
-            ).gsub(/\s{2,}/, ' ').strip
+          smart_auth_info: {
+            name: :standalone_smart_auth_info,
+            options: {
+              components: [
+                {
+                  name: :requested_scopes,
+                  default: STANDALONE_SMART_2_SCOPES
+                }
+              ]
+            }
           }
         }
       )
@@ -463,7 +444,7 @@ module ONCCertificationG10TestKit
            config: {
              inputs: {
                patient_id: { name: :standalone_patient_id },
-               smart_credentials: { name: :standalone_smart_credentials }
+               smart_auth_info: { name: :standalone_smart_auth_info }
              }
            }
 
@@ -489,9 +470,7 @@ module ONCCertificationG10TestKit
           config: {
             inputs: {
               id_token: { name: :standalone_id_token },
-              client_id: { name: :standalone_client_id },
-              requested_scopes: { name: :standalone_requested_scopes },
-              smart_credentials: { name: :standalone_smart_credentials }
+              smart_auth_info: { name: :standalone_smart_auth_info }
             }
           }
 
@@ -501,9 +480,7 @@ module ONCCertificationG10TestKit
           config: {
             inputs: {
               id_token: { name: :standalone_id_token },
-              client_id: { name: :standalone_client_id },
-              requested_scopes: { name: :standalone_requested_scopes },
-              smart_credentials: { name: :standalone_smart_credentials }
+              smart_auth_info: { name: :standalone_smart_auth_info }
             }
           }
 
@@ -512,9 +489,7 @@ module ONCCertificationG10TestKit
           config: {
             inputs: {
               id_token: { name: :standalone_id_token },
-              client_id: { name: :standalone_client_id },
-              requested_scopes: { name: :standalone_requested_scopes },
-              smart_credentials: { name: :standalone_smart_credentials }
+              smart_auth_info: { name: :standalone_smart_auth_info }
             }
           }
 
@@ -523,9 +498,6 @@ module ONCCertificationG10TestKit
 
       config(
         inputs: {
-          refresh_token: { name: :standalone_refresh_token },
-          client_id: { name: :standalone_client_id },
-          client_secret: { name: :standalone_client_secret },
           received_scopes: { name: :standalone_received_scopes }
         },
         outputs: {
@@ -534,7 +506,7 @@ module ONCCertificationG10TestKit
           access_token: { name: :standalone_access_token },
           token_retrieval_time: { name: :standalone_token_retrieval_time },
           expires_in: { name: :standalone_expires_in },
-          smart_credentials: { name: :standalone_smart_credentials }
+          smart_auth_info: { name: :standalone_smart_auth_info }
         }
       )
 
@@ -542,7 +514,7 @@ module ONCCertificationG10TestKit
         config(
           inputs: {
             patient_id: { name: :standalone_patient_id },
-            smart_credentials: { name: :standalone_smart_credentials }
+            smart_auth_info: { name: :standalone_smart_auth_info }
           },
           options: {
             refresh_test: true
@@ -559,7 +531,7 @@ module ONCCertificationG10TestKit
             inputs: {
               received_scopes: { name: :standalone_received_scopes },
               patient_id: { name: :standalone_patient_id },
-              smart_credentials: { name: :standalone_smart_credentials }
+              smart_auth_info: { name: :standalone_smart_auth_info }
             }
           }
 
@@ -567,12 +539,12 @@ module ONCCertificationG10TestKit
       id :g10_standalone_credentials_export
       title 'Set SMART Credentials to Standalone Launch Credentials'
 
-      input :standalone_smart_credentials, type: :oauth_credentials
+      input :standalone_smart_auth_info, type: :auth_info
       input :standalone_patient_id
-      output :smart_credentials, :patient_id
+      output :smart_auth_info, :patient_id
 
       run do
-        output smart_credentials: standalone_smart_credentials.to_s,
+        output smart_auth_info: standalone_smart_auth_info.to_s,
                patient_id: standalone_patient_id
       end
     end