onc_certification_g10_test_kit 7.1.0 → 7.2.0

data/lib/onc_certification_g10_test_kit/smart_fine_grained_scopes_us_core_7_group.rb

@@ -92,6 +92,22 @@ module ONCCertificationG10TestKit
 
     input :url
 
+    config(
+      inputs: {
+        smart_auth_info: {
+          options: {
+            components: [
+              Inferno::DSL::AuthInfo.default_auth_type_component_without_backend_services,
+              {
+                name: :jwks,
+                locked: true
+              }
+            ]
+          }
+        }
+      }
+    )
+
     children.each(&:run_as_group)
 
     # Replace generic finer-grained scope auth group with which allows standalone or
@@ -125,64 +141,10 @@ module ONCCertificationG10TestKit
 
     config(
       inputs: {
-        authorization_method: {
-          name: :granular_scopes_authorization_method,
-          title: 'Granular Scopes Authorization Request Method'
-        },
-        client_auth_type: {
-          name: :granular_scopes_client_auth_type,
-          title: 'Granular Scopes Client Authentication Type'
-        },
         received_scopes: {
           name: :standalone_received_scopes
         }
       }
     )
-
-    granular_scopes_group1.config(
-      inputs: {
-        client_id: {
-          name: :granular_scopes1_client_id,
-          title: 'Granular Scopes Group 1 Client ID'
-        },
-        client_secret: {
-          name: :granular_scopes1_client_secret,
-          title: 'Granular Scopes Group 1 Client Secret'
-        },
-        requested_scopes: {
-          title: 'Granular Scopes Group 1 Scopes'
-        }
-      }
-    )
-
-    granular_scopes_group2.config(
-      inputs: {
-        client_id: {
-          name: :granular_scopes2_client_id,
-          title: 'Granular Scopes Group 2 Client ID'
-        },
-        client_secret: {
-          name: :granular_scopes2_client_secret,
-          title: 'Granular Scopes Group 2 Client Secret'
-        },
-        requested_scopes: {
-          title: 'Granular Scopes Group 2 Scopes'
-        }
-      }
-    )
-
-    input_order :url,
-                :granular_scopes1_client_id,
-                :requested_scopes_group1,
-                :granular_scopes_authorization_method,
-                :granular_scopes_client_auth_type,
-                :granular_scopes1_client_secret,
-                :client_auth_encryption_method,
-                :granular_scopes2_client_id,
-                :requested_scopes_group2,
-                :granular_scopes2_client_secret,
-                :use_pkce,
-                :pkce_code_challenge_method,
-                :patient_ids
   end
 end

data/lib/onc_certification_g10_test_kit/smart_fine_grained_scopes_us_core_7_group_stu2_2.rb

@@ -92,6 +92,22 @@ module ONCCertificationG10TestKit
 
     input :url
 
+    config(
+      inputs: {
+        smart_auth_info: {
+          options: {
+            components: [
+              Inferno::DSL::AuthInfo.default_auth_type_component_without_backend_services,
+              {
+                name: :jwks,
+                locked: true
+              }
+            ]
+          }
+        }
+      }
+    )
+
     children.each(&:run_as_group)
 
     # Replace generic finer-grained scope auth group with which allows standalone or
@@ -125,64 +141,10 @@ module ONCCertificationG10TestKit
 
     config(
       inputs: {
-        authorization_method: {
-          name: :granular_scopes_authorization_method,
-          title: 'Granular Scopes Authorization Request Method'
-        },
-        client_auth_type: {
-          name: :granular_scopes_client_auth_type,
-          title: 'Granular Scopes Client Authentication Type'
-        },
         received_scopes: {
           name: :standalone_received_scopes
         }
       }
     )
-
-    granular_scopes_group1.config(
-      inputs: {
-        client_id: {
-          name: :granular_scopes1_client_id,
-          title: 'Granular Scopes Group 1 Client ID'
-        },
-        client_secret: {
-          name: :granular_scopes1_client_secret,
-          title: 'Granular Scopes Group 1 Client Secret'
-        },
-        requested_scopes: {
-          title: 'Granular Scopes Group 1 Scopes'
-        }
-      }
-    )
-
-    granular_scopes_group2.config(
-      inputs: {
-        client_id: {
-          name: :granular_scopes2_client_id,
-          title: 'Granular Scopes Group 2 Client ID'
-        },
-        client_secret: {
-          name: :granular_scopes2_client_secret,
-          title: 'Granular Scopes Group 2 Client Secret'
-        },
-        requested_scopes: {
-          title: 'Granular Scopes Group 2 Scopes'
-        }
-      }
-    )
-
-    input_order :url,
-                :granular_scopes1_client_id,
-                :requested_scopes_group1,
-                :granular_scopes_authorization_method,
-                :granular_scopes_client_auth_type,
-                :granular_scopes1_client_secret,
-                :client_auth_encryption_method,
-                :granular_scopes2_client_id,
-                :requested_scopes_group2,
-                :granular_scopes2_client_secret,
-                :use_pkce,
-                :pkce_code_challenge_method,
-                :patient_ids
   end
 end

data/lib/onc_certification_g10_test_kit/smart_granular_scope_selection_group.rb

@@ -66,21 +66,36 @@ module ONCCertificationG10TestKit
 
     config(
       inputs: {
-        use_pkce: {
-          default: 'true',
-          locked: true
-        },
-        pkce_code_challenge_method: {
-          locked: true
-        },
-        granular_scope_selection_authorization_method: {
-          name: :granular_scope_selection_authorization_method,
-          default: 'get'
-        },
-        client_auth_type: {
-          name: :granular_scope_selection_client_auth_type,
-          default: 'confidential_asymmetric'
+        received_scopes: { name: :granular_scope_selection_v2_received_scopes },
+        smart_auth_info: {
+          name: :granular_scopes_selection_smart_auth_info,
+          title: 'Granular Scope Selection Credentials',
+          options: {
+            mode: 'auth',
+            components: [
+              Inferno::DSL::AuthInfo.default_auth_type_component_without_backend_services,
+              {
+                name: :use_discovery,
+                locked: true
+              },
+              {
+                name: :requested_scopes,
+                default: %(
+                  launch/patient openid fhirUser offline_access patient/Condition.rs
+                  patient/Observation.rs patient/Patient.rs
+                ).gsub(/\s{2,}/, ' ').strip
+              },
+              {
+                name: :jwks,
+                locked: true
+              }
+            ]
+          }
         }
+      },
+      outputs: {
+        smart_auth_info: { name: :granular_scopes_selection_smart_auth_info },
+        received_scopes: { name: :granular_scope_selection_v2_received_scopes }
       }
     )
 
@@ -95,31 +110,6 @@ module ONCCertificationG10TestKit
       title 'Granular Scope Selection with v2 Scopes'
 
       config(
-        inputs: {
-          client_id: {
-            name: :granular_scope_selection_v2_client_id,
-            title: 'Granular Scope Selection w/v2 Scopes Client ID'
-          },
-          client_secret: {
-            name: :granular_scope_selection_v2_client_secret,
-            title: 'Granular Scope Selection w/v2 Scopes Client Secret',
-            default: nil,
-            optional: true
-          },
-          requested_scopes: {
-            name: :granular_scope_selection_v2_requested_scopes,
-            title: 'Granular Scope Selection v2 Scopes',
-            default: %(
-              launch/patient openid fhirUser offline_access patient/Condition.rs
-              patient/Observation.rs patient/Patient.rs
-            ).gsub(/\s{2,}/, ' ').strip
-          },
-          received_scopes: { name: :granular_scope_selection_v2_received_scopes }
-        },
-        outputs: {
-          requested_scopes: { name: :granular_scope_selection_v2_requested_scopes },
-          received_scopes: { name: :granular_scope_selection_v2_received_scopes }
-        },
         options: {
           redirect_message_proc: proc do |auth_url|
             %(
@@ -157,31 +147,6 @@ module ONCCertificationG10TestKit
       title 'Granular Scope Selection with v2 Scopes'
 
       config(
-        inputs: {
-          client_id: {
-            name: :granular_scope_selection_v2_client_id,
-            title: 'Granular Scope Selection w/v2 Scopes Client ID'
-          },
-          client_secret: {
-            name: :granular_scope_selection_v2_client_secret,
-            title: 'Granular Scope Selection w/v2 Scopes Client Secret',
-            default: nil,
-            optional: true
-          },
-          requested_scopes: {
-            name: :granular_scope_selection_v2_requested_scopes,
-            title: 'Granular Scope Selection v2 Scopes',
-            default: %(
-              launch/patient openid fhirUser offline_access patient/Condition.rs
-              patient/Observation.rs patient/Patient.rs
-            ).gsub(/\s{2,}/, ' ').strip
-          },
-          received_scopes: { name: :granular_scope_selection_v2_received_scopes }
-        },
-        outputs: {
-          requested_scopes: { name: :granular_scope_selection_v2_requested_scopes },
-          received_scopes: { name: :granular_scope_selection_v2_received_scopes }
-        },
         options: {
           redirect_message_proc: proc do |auth_url|
             %(

data/lib/onc_certification_g10_test_kit/smart_granular_scope_selection_test.rb

@@ -7,7 +7,8 @@ module ONCCertificationG10TestKit
       Patient resource.
     )
     id :g10_smart_granular_scope_selection
-    input :requested_scopes, :received_scopes
+    input :received_scopes
+    input :smart_auth_info, type: :auth_info
 
     def resources_with_granular_scopes
       ['Condition', 'Observation']
@@ -26,8 +27,8 @@ module ONCCertificationG10TestKit
     end
 
     run do
-      assert requested_scopes.present?
-      requested_scopes = self.requested_scopes.split
+      assert smart_auth_info.requested_scopes.present?
+      requested_scopes = smart_auth_info.requested_scopes.split
       (resources_with_granular_scopes + ['Patient']).each do |resource_type|
         assert requested_scopes.any? { |scope| scope.match(resource_level_scope_regex(resource_type)) },
                "No resource-level scope was requested for #{resource_type}"

data/lib/onc_certification_g10_test_kit/smart_invalid_pkce_group.rb

@@ -1,3 +1,5 @@
+require_relative 'scope_constants'
+
 module ONCCertificationG10TestKit
   class InvalidSMARTTokenRequestTest < Inferno::Test
     title 'OAuth token exchange fails when supplied invalid code_verifier'
@@ -8,7 +10,8 @@ module ONCCertificationG10TestKit
     uses_request :redirect
     id :invalid_pkce_request
 
-    input :code, :use_pkce, :pkce_code_verifier, :client_id, :client_secret, :smart_token_url
+    input :code, :pkce_code_verifier
+    input :smart_auth_info, type: :auth_info
 
     def modify_oauth_params(oauth_params)
       oauth_params
@@ -25,22 +28,24 @@ module ONCCertificationG10TestKit
 
       oauth2_headers = { 'Content-Type' => 'application/x-www-form-urlencoded' }
 
-      if client_secret.present?
-        client_credentials = "#{client_id}:#{client_secret}"
+      if smart_auth_info.symmetric_auth?
+        client_credentials = "#{smart_auth_info.client_id}:#{smart_auth_info.client_secret}"
         oauth2_headers['Authorization'] = "Basic #{Base64.strict_encode64(client_credentials)}"
       else
-        oauth2_params[:client_id] = client_id
+        oauth2_params[:client_id] = smart_auth_info.client_id
       end
 
       modify_oauth_params(oauth2_params)
 
-      post(smart_token_url, body: oauth2_params, name: :token, headers: oauth2_headers)
+      post(smart_auth_info.token_url, body: oauth2_params, name: :token, headers: oauth2_headers)
 
       assert_response_status([400, 401])
     end
   end
 
   class SMARTInvalidPKCEGroup < Inferno::TestGroup
+    include ScopeConstants
+
     title 'Invalid PKCE Code Verifier'
     short_title 'Invalid PKCE Code Verifier'
     input_instructions %(
@@ -70,80 +75,41 @@ module ONCCertificationG10TestKit
     id :g10_smart_invalid_pkce_code_verifier_group
     run_as_group
 
-    input :use_pkce,
-          title: 'Proof Key for Code Exchange (PKCE)',
-          type: 'radio',
-          default: 'true',
-          locked: true,
+    input :smart_auth_info, type: :auth_info
+
+    config(
+      inputs: {
+        smart_auth_info: {
+          name: :standalone_smart_auth_info,
+          title: 'Standalone Launch Credentials',
           options: {
-            list_options: [
+            mode: 'auth',
+            components: [
               {
-                label: 'Enabled',
-                value: 'true'
+                name: :requested_scopes,
+                default: STANDALONE_SMART_1_SCOPES
               },
               {
-                label: 'Disabled',
-                value: 'false'
-              }
-            ]
-          }
-    input :pkce_code_challenge_method,
-          optional: true,
-          title: 'PKCE Code Challenge Method',
-          type: 'radio',
-          default: 'S256',
-          locked: true,
-          options: {
-            list_options: [
+                name: :auth_type,
+                default: 'symmetric',
+                locked: true
+              },
+              {
+                name: :use_discovery,
+                locked: true
+              },
               {
-                label: 'S256',
-                value: 'S256'
+                name: :pkce_support,
+                default: 'enabled',
+                locked: true
               },
               {
-                label: 'Plain',
-                value: 'plain'
+                name: :pkce_code_challenge_method,
+                default: 'S256',
+                locked: true
               }
             ]
           }
-
-    input_order :url,
-                :standalone_client_id,
-                :standalone_client_secret,
-                :standalone_requested_scopes,
-                :use_pkce,
-                :pkce_code_challenge_method,
-                :smart_authorization_url,
-                :smart_token_url
-
-    config(
-      inputs: {
-        client_id: {
-          name: :standalone_client_id,
-          title: 'Standalone Client ID',
-          description: 'Client ID provided during registration of Inferno as a standalone application'
-        },
-        client_secret: {
-          name: :standalone_client_secret,
-          title: 'Standalone Client Secret',
-          description: 'Client Secret provided during registration of Inferno as a standalone application'
-        },
-        requested_scopes: {
-          name: :standalone_requested_scopes,
-          title: 'Standalone Scope',
-          description: 'OAuth 2.0 scope provided by system to enable all required functionality',
-          type: 'textarea',
-          default: %(
-            launch/patient openid fhirUser offline_access
-            patient/Medication.read patient/AllergyIntolerance.read
-            patient/CarePlan.read patient/CareTeam.read patient/Condition.read
-            patient/Device.read patient/DiagnosticReport.read
-            patient/DocumentReference.read patient/Encounter.read
-            patient/Goal.read patient/Immunization.read patient/Location.read
-            patient/MedicationRequest.read patient/Observation.read
-            patient/Organization.read patient/Patient.read
-            patient/Practitioner.read patient/Procedure.read
-            patient/Provenance.read patient/PractitionerRole.read
-          ).gsub(/\s{2,}/, ' ').strip
         },
         url: {
           title: 'Standalone FHIR Endpoint',
@@ -155,31 +121,19 @@ module ONCCertificationG10TestKit
         state: {
           name: :invalid_token_state
         },
-        smart_authorization_url: {
-          title: 'OAuth 2.0 Authorize Endpoint',
-          description: 'OAuth 2.0 Authorize Endpoint provided during the patient standalone launch'
-        },
-        smart_token_url: {
-          title: 'OAuth 2.0 Token Endpoint',
-          description: 'OAuth 2.0 Token Endpoint provided during the patient standalone launch'
-        },
         pkce_code_challenge: {
           name: :invalid_token_pkce_code_challenge
         },
         pkce_code_verifier: {
           name: :invalid_token_pkce_code_verifier
-        },
-        client_auth_type: {
-          locked: true,
-          default: 'confidential_symmetric'
         }
       },
       outputs: {
         code: { name: :invalid_token_code },
         state: { name: :invalid_token_state },
-        expires_in: { name: :invalid_token_expires_in },
         pkce_code_challenge: { name: :invalid_token_pkce_code_challenge },
-        pkce_code_verifier: { name: :invalid_token_pkce_code_verifier }
+        pkce_code_verifier: { name: :invalid_token_pkce_code_verifier },
+        smart_auth_info: { name: :standalone_smart_auth_info }
       },
       requests: {
         redirect: { name: :invalid_token_redirect },
@@ -187,6 +141,8 @@ module ONCCertificationG10TestKit
       }
     )
 
+    test from: :well_known_endpoint
+
     test from: :smart_app_redirect_stu2,
          id: :smart_no_code_verifier_redirect,
          config: {