smart_app_launch_test_kit 0.4.1 → 0.4.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f66c9b0314200d03d78422dc6412fe30cd0a091cd34d2a4701b9daa9a85d45f6
-  data.tar.gz: 7a34428293bfe281ebeebf83e8ee37597ebdfef2bf158cb8a3893598eca09876
+  metadata.gz: cbcdac5d671ebac20ff73778eddb755fb7a3774ef4ac3000260f6d6d6cb4d7f0
+  data.tar.gz: 1f34741969397758075cab6802652dd7f8895d137d3f9b819c28ea7662a64d27
 SHA512:
-  metadata.gz: d5f432c1b4b43a2c84be8613acb0b31dec557b80b1b76996773c76486db5197265a3dc1f0b9a9015eaa35c17c65d5b6b7eb506d940676e0cdae3b798b1cf8799
-  data.tar.gz: b63b86f90dbfc0ea88b7cc65e2075333b07a2cee7d42f88f21d209f4a51274545532706ed0278efad3cd4a0316be4ae32e948632f4ba66247d5451c68eff9559
+  metadata.gz: 8b6bbae2d20d3039b3c2e701e66a85eb4dad83f4f6e8b7f044eac044f7de4582a03a9bbca2d2e38febcf41cf51216fcd0651c863fe90c890fbac2be284ff2bc2
+  data.tar.gz: cbeca0cdb3c88e163e5e41ab7d8015715d8d4fd1192d69865b0936a1ab98fe6328053f7060f1c4e6aa7d2ef78fb0f0b445ebb1751ee9c3e346b622fa3e8631f1

data/lib/smart_app_launch/backend_services_authorization_request_success_test.rb

@@ -13,8 +13,9 @@ module SMARTAppLaunch
     input :client_auth_encryption_method, 
           :backend_services_requested_scope, 
           :backend_services_client_id, 
-          :smart_token_url, 
-          :backend_services_jwks_kid
+          :smart_token_url
+    input :backend_services_jwks_kid,
+          optional: true
 
     output :authentication_response
 

data/lib/smart_app_launch/backend_services_invalid_client_assertion_test.rb

@@ -20,8 +20,9 @@ module SMARTAppLaunch
     input :client_auth_encryption_method, 
           :backend_services_requested_scope, 
           :backend_services_client_id, 
-          :smart_token_url, 
-          :backend_services_jwks_kid
+          :smart_token_url
+    input :backend_services_jwks_kid, 
+          optional: true
 
     http_client :token_endpoint do
       url :smart_token_url

data/lib/smart_app_launch/backend_services_invalid_grant_type_test.rb

@@ -20,8 +20,9 @@ module SMARTAppLaunch
     input :client_auth_encryption_method, 
           :backend_services_requested_scope, 
           :backend_services_client_id, 
-          :smart_token_url, 
-          :backend_services_jwks_kid
+          :smart_token_url
+    input :backend_services_jwks_kid,
+          optional: true
 
     http_client :token_endpoint do
       url :smart_token_url

data/lib/smart_app_launch/backend_services_invalid_jwt_test.rb

@@ -31,8 +31,9 @@ module SMARTAppLaunch
     input :client_auth_encryption_method, 
           :backend_services_requested_scope, 
           :backend_services_client_id, 
-          :smart_token_url, 
-          :backend_services_jwks_kid
+          :smart_token_url
+    input :backend_services_jwks_kid,
+          optional: true
 
     http_client :token_endpoint do
       url :smart_token_url

data/lib/smart_app_launch/discovery_stu1_group.rb

@@ -116,18 +116,31 @@ module SMARTAppLaunch
         in the table below to app developers. The server SHALL use both a FHIR
         CapabilityStatement and A Well-Known Uris JSON file.
       )
+
       input :well_known_authorization_url,
-            :well_known_introspection_url,
-            :well_known_management_url,
-            :well_known_registration_url,
-            :well_known_revocation_url,
-            :well_known_token_url,
-            :capability_authorization_url,
-            :capability_introspection_url,
-            :capability_management_url,
-            :capability_registration_url,
-            :capability_revocation_url,
-            :capability_token_url
+            optional: true
+      input :well_known_introspection_url,
+            optional: true
+      input :well_known_management_url,
+            optional: true
+      input :well_known_registration_url,
+            optional: true
+      input :well_known_revocation_url,
+            optional: true
+      input :well_known_token_url,
+            optional: true
+      input :capability_authorization_url,
+            optional: true
+      input :capability_introspection_url,
+            optional: true
+      input :capability_management_url,
+            optional: true
+      input :capability_registration_url,
+            optional: true
+      input :capability_revocation_url,
+            optional: true
+      input :capability_token_url,
+            optional: true
       output :smart_authorization_url,
              :smart_introspection_url,
              :smart_management_url,

data/lib/smart_app_launch/smart_stu2_suite.rb

@@ -7,7 +7,7 @@ require_relative 'standalone_launch_group_stu2'
 require_relative 'ehr_launch_group_stu2'
 require_relative 'openid_connect_group'
 require_relative 'token_introspection_group'
-require_relative 'token_refresh_group'
+require_relative 'token_refresh_stu2_group'
 require_relative 'backend_services_authorization_group'
 
 module SMARTAppLaunch
@@ -103,7 +103,7 @@ module SMARTAppLaunch
               }
             }
 
-      group from: :smart_token_refresh,
+      group from: :smart_token_refresh_stu2,
             id: :smart_standalone_refresh_without_scopes,
             title: 'SMART Token Refresh Without Scopes',
             config: {
@@ -123,7 +123,7 @@ module SMARTAppLaunch
               }
             }
 
-      group from: :smart_token_refresh,
+      group from: :smart_token_refresh_stu2,
             id: :smart_standalone_refresh_with_scopes,
             title: 'SMART Token Refresh With Scopes',
             config: {
@@ -179,7 +179,7 @@ module SMARTAppLaunch
               }
             }
 
-      group from: :smart_token_refresh,
+      group from: :smart_token_refresh_stu2,
             id: :smart_ehr_refresh_without_scopes,
             title: 'SMART Token Refresh Without Scopes',
             config: {
@@ -199,7 +199,7 @@ module SMARTAppLaunch
               }
             }
 
-      group from: :smart_token_refresh,
+      group from: :smart_token_refresh_stu2,
             id: :smart_ehr_refresh_with_scopes,
             title: 'SMART Token Refresh With Scopes',
             config: {

data/lib/smart_app_launch/token_refresh_stu2_group.rb

@@ -0,0 +1,46 @@
+require_relative 'token_refresh_stu2_test'
+require_relative 'token_refresh_body_test'
+require_relative 'token_response_headers_test'
+
+module SMARTAppLaunch
+  class TokenRefreshSTU2Group < Inferno::TestGroup
+    id :smart_token_refresh_stu2
+    title 'SMART Token Refresh'
+    short_description 'Demonstrate the ability to exchange a refresh token for an access token.'
+    description %(
+      # Background
+
+      The #{title} Sequence tests the ability of the system to successfully
+      exchange a refresh token for an access token. Refresh tokens are typically
+      longer lived than access tokens and allow client applications to obtain a
+      new access token Refresh tokens themselves cannot provide access to
+      resources on the server.
+
+      Token refreshes are accomplished through a `POST` request to the token
+      exchange endpoint as described in the [SMART App Launch
+      Framework](https://www.hl7.org/fhir/smart-app-launch/1.0.0/index.html#step-5-later-app-uses-a-refresh-token-to-obtain-a-new-access-token).
+
+      # Test Methodology
+
+      This test attempts to exchange the refresh token for a new access token
+      and verify that the information returned contains the required fields and
+      uses the proper headers.
+
+      For more information see:
+
+      * [The OAuth 2.0 Authorization
+        Framework](https://tools.ietf.org/html/rfc6749)
+      * [Using a refresh token to obtain a new access
+        token](https://www.hl7.org/fhir/smart-app-launch/1.0.0/index.html#step-5-later-app-uses-a-refresh-token-to-obtain-a-new-access-token)
+    )
+
+    test from: :smart_token_refresh_stu2
+    test from: :smart_token_refresh_body
+    test from: :smart_token_response_headers,
+         config: {
+           requests: {
+             token: { name: :token_refresh }
+           }
+         }
+  end
+end

data/lib/smart_app_launch/token_refresh_stu2_test.rb

@@ -0,0 +1,46 @@
+require_relative 'token_refresh_test'
+
+module SMARTAppLaunch
+  class TokenRefreshSTU2Test < TokenRefreshTest
+    include TokenPayloadValidation
+
+    id :smart_token_refresh_stu2
+    title 'Server successfully refreshes the access token when optional scope parameter omitted'
+    description %(
+      Server successfully exchanges refresh token at OAuth token endpoint
+      without providing scope in the body of the request.
+
+      Although not required in the token refresh portion of the SMART App
+      Launch Guide, the token refresh response should include the HTTP
+      Cache-Control response header field with a value of no-store, as well as
+      the Pragma response header field with a value of no-cache to be
+      consistent with the requirements of the inital access token exchange.
+    )
+    input :client_auth_type
+    input :client_auth_encryption_method, optional: true
+    input :client_secret, optional: true
+
+    def add_credentials_to_request(oauth2_headers, oauth2_params)
+      case client_auth_type
+      when 'public'
+        oauth2_params['client_id'] = client_id
+      when 'confidential_symmetric'
+        assert client_secret.present?,
+               "A client secret must be provided when using confidential symmetric client authentication."
+
+        credentials = Base64.strict_encode64("#{client_id}:#{client_secret}")
+        oauth2_headers['Authorization'] = "Basic #{credentials}"
+      when 'confidential_asymmetric'
+        oauth2_params.merge!(
+          client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
+          client_assertion: ClientAssertionBuilder.build(
+            iss: client_id,
+            sub: client_id,
+            aud: smart_token_url,
+            client_auth_encryption_method: client_auth_encryption_method
+          )
+        )
+      end
+    end
+  end
+end

data/lib/smart_app_launch/token_refresh_test.rb

@@ -21,6 +21,15 @@ module SMARTAppLaunch
     output :smart_credentials, :token_retrieval_time
     makes_request :token_refresh
 
+    def add_credentials_to_request(oauth2_headers, oauth2_params)
+      if client_secret.present?
+        credentials = Base64.strict_encode64("#{client_id}:#{client_secret}")
+        oauth2_headers['Authorization'] = "Basic #{credentials}"
+      else
+        oauth2_params['client_id'] = client_id
+      end
+    end
+
     run do
       skip_if refresh_token.blank?
 
@@ -32,12 +41,7 @@ module SMARTAppLaunch
 
       oauth2_params['scope'] = received_scopes if config.options[:include_scopes]
 
-      if client_secret.present?
-        credentials = Base64.strict_encode64("#{client_id}:#{client_secret}")
-        oauth2_headers['Authorization'] = "Basic #{credentials}"
-      else
-        oauth2_params['client_id'] = client_id
-      end
+      add_credentials_to_request(oauth2_headers, oauth2_params)
 
       post(smart_token_url, body: oauth2_params, name: :token_refresh, headers: oauth2_headers)
 

data/lib/smart_app_launch/version.rb

@@ -1,3 +1,3 @@
 module SMARTAppLaunch
-  VERSION = '0.4.1'.freeze
+  VERSION = '0.4.3'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: smart_app_launch_test_kit
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.4.3
 platform: ruby
 authors:
 - Stephen MacVicar
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-01-31 00:00:00.000000000 Z
+date: 2024-07-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: inferno_core
@@ -186,6 +186,8 @@ files:
 - lib/smart_app_launch/token_payload_validation.rb
 - lib/smart_app_launch/token_refresh_body_test.rb
 - lib/smart_app_launch/token_refresh_group.rb
+- lib/smart_app_launch/token_refresh_stu2_group.rb
+- lib/smart_app_launch/token_refresh_stu2_test.rb
 - lib/smart_app_launch/token_refresh_test.rb
 - lib/smart_app_launch/token_response_body_test.rb
 - lib/smart_app_launch/token_response_headers_test.rb
@@ -195,12 +197,12 @@ files:
 - lib/smart_app_launch/well_known_capabilities_stu2_test.rb
 - lib/smart_app_launch/well_known_endpoint_test.rb
 - lib/smart_app_launch_test_kit.rb
-homepage: https://github.com/inferno_framework/smart-app-launch-test-kit
+homepage: https://github.com/inferno-framework/smart-app-launch-test-kit
 licenses:
 - Apache-2.0
 metadata:
-  homepage_uri: https://github.com/inferno_framework/smart-app-launch-test-kit
-  source_code_uri: https://github.com/inferno_framework/smart-app-launch-test-kit
+  homepage_uri: https://github.com/inferno-framework/smart-app-launch-test-kit
+  source_code_uri: https://github.com/inferno-framework/smart-app-launch-test-kit
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -216,7 +218,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.7
+rubygems_version: 3.5.9
 signing_key:
 specification_version: 4
 summary: Inferno Tests for the SMART Application Launch Framework Implementation Guide