smart_app_launch_test_kit 0.4.2 → 0.4.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/smart_app_launch/backend_services_authorization_request_success_test.rb +3 -2
- data/lib/smart_app_launch/backend_services_invalid_client_assertion_test.rb +3 -2
- data/lib/smart_app_launch/backend_services_invalid_grant_type_test.rb +3 -2
- data/lib/smart_app_launch/backend_services_invalid_jwt_test.rb +3 -2
- data/lib/smart_app_launch/smart_stu2_suite.rb +5 -5
- data/lib/smart_app_launch/token_refresh_stu2_group.rb +46 -0
- data/lib/smart_app_launch/token_refresh_stu2_test.rb +46 -0
- data/lib/smart_app_launch/token_refresh_test.rb +10 -6
- data/lib/smart_app_launch/version.rb +1 -1
- metadata +5 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cbcdac5d671ebac20ff73778eddb755fb7a3774ef4ac3000260f6d6d6cb4d7f0
|
|
4
|
+
data.tar.gz: 1f34741969397758075cab6802652dd7f8895d137d3f9b819c28ea7662a64d27
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8b6bbae2d20d3039b3c2e701e66a85eb4dad83f4f6e8b7f044eac044f7de4582a03a9bbca2d2e38febcf41cf51216fcd0651c863fe90c890fbac2be284ff2bc2
|
|
7
|
+
data.tar.gz: cbeca0cdb3c88e163e5e41ab7d8015715d8d4fd1192d69865b0936a1ab98fe6328053f7060f1c4e6aa7d2ef78fb0f0b445ebb1751ee9c3e346b622fa3e8631f1
|
|
@@ -13,8 +13,9 @@ module SMARTAppLaunch
|
|
|
13
13
|
input :client_auth_encryption_method,
|
|
14
14
|
:backend_services_requested_scope,
|
|
15
15
|
:backend_services_client_id,
|
|
16
|
-
:smart_token_url
|
|
17
|
-
|
|
16
|
+
:smart_token_url
|
|
17
|
+
input :backend_services_jwks_kid,
|
|
18
|
+
optional: true
|
|
18
19
|
|
|
19
20
|
output :authentication_response
|
|
20
21
|
|
|
@@ -20,8 +20,9 @@ module SMARTAppLaunch
|
|
|
20
20
|
input :client_auth_encryption_method,
|
|
21
21
|
:backend_services_requested_scope,
|
|
22
22
|
:backend_services_client_id,
|
|
23
|
-
:smart_token_url
|
|
24
|
-
|
|
23
|
+
:smart_token_url
|
|
24
|
+
input :backend_services_jwks_kid,
|
|
25
|
+
optional: true
|
|
25
26
|
|
|
26
27
|
http_client :token_endpoint do
|
|
27
28
|
url :smart_token_url
|
|
@@ -20,8 +20,9 @@ module SMARTAppLaunch
|
|
|
20
20
|
input :client_auth_encryption_method,
|
|
21
21
|
:backend_services_requested_scope,
|
|
22
22
|
:backend_services_client_id,
|
|
23
|
-
:smart_token_url
|
|
24
|
-
|
|
23
|
+
:smart_token_url
|
|
24
|
+
input :backend_services_jwks_kid,
|
|
25
|
+
optional: true
|
|
25
26
|
|
|
26
27
|
http_client :token_endpoint do
|
|
27
28
|
url :smart_token_url
|
|
@@ -31,8 +31,9 @@ module SMARTAppLaunch
|
|
|
31
31
|
input :client_auth_encryption_method,
|
|
32
32
|
:backend_services_requested_scope,
|
|
33
33
|
:backend_services_client_id,
|
|
34
|
-
:smart_token_url
|
|
35
|
-
|
|
34
|
+
:smart_token_url
|
|
35
|
+
input :backend_services_jwks_kid,
|
|
36
|
+
optional: true
|
|
36
37
|
|
|
37
38
|
http_client :token_endpoint do
|
|
38
39
|
url :smart_token_url
|
|
@@ -7,7 +7,7 @@ require_relative 'standalone_launch_group_stu2'
|
|
|
7
7
|
require_relative 'ehr_launch_group_stu2'
|
|
8
8
|
require_relative 'openid_connect_group'
|
|
9
9
|
require_relative 'token_introspection_group'
|
|
10
|
-
require_relative '
|
|
10
|
+
require_relative 'token_refresh_stu2_group'
|
|
11
11
|
require_relative 'backend_services_authorization_group'
|
|
12
12
|
|
|
13
13
|
module SMARTAppLaunch
|
|
@@ -103,7 +103,7 @@ module SMARTAppLaunch
|
|
|
103
103
|
}
|
|
104
104
|
}
|
|
105
105
|
|
|
106
|
-
group from: :
|
|
106
|
+
group from: :smart_token_refresh_stu2,
|
|
107
107
|
id: :smart_standalone_refresh_without_scopes,
|
|
108
108
|
title: 'SMART Token Refresh Without Scopes',
|
|
109
109
|
config: {
|
|
@@ -123,7 +123,7 @@ module SMARTAppLaunch
|
|
|
123
123
|
}
|
|
124
124
|
}
|
|
125
125
|
|
|
126
|
-
group from: :
|
|
126
|
+
group from: :smart_token_refresh_stu2,
|
|
127
127
|
id: :smart_standalone_refresh_with_scopes,
|
|
128
128
|
title: 'SMART Token Refresh With Scopes',
|
|
129
129
|
config: {
|
|
@@ -179,7 +179,7 @@ module SMARTAppLaunch
|
|
|
179
179
|
}
|
|
180
180
|
}
|
|
181
181
|
|
|
182
|
-
group from: :
|
|
182
|
+
group from: :smart_token_refresh_stu2,
|
|
183
183
|
id: :smart_ehr_refresh_without_scopes,
|
|
184
184
|
title: 'SMART Token Refresh Without Scopes',
|
|
185
185
|
config: {
|
|
@@ -199,7 +199,7 @@ module SMARTAppLaunch
|
|
|
199
199
|
}
|
|
200
200
|
}
|
|
201
201
|
|
|
202
|
-
group from: :
|
|
202
|
+
group from: :smart_token_refresh_stu2,
|
|
203
203
|
id: :smart_ehr_refresh_with_scopes,
|
|
204
204
|
title: 'SMART Token Refresh With Scopes',
|
|
205
205
|
config: {
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
require_relative 'token_refresh_stu2_test'
|
|
2
|
+
require_relative 'token_refresh_body_test'
|
|
3
|
+
require_relative 'token_response_headers_test'
|
|
4
|
+
|
|
5
|
+
module SMARTAppLaunch
|
|
6
|
+
class TokenRefreshSTU2Group < Inferno::TestGroup
|
|
7
|
+
id :smart_token_refresh_stu2
|
|
8
|
+
title 'SMART Token Refresh'
|
|
9
|
+
short_description 'Demonstrate the ability to exchange a refresh token for an access token.'
|
|
10
|
+
description %(
|
|
11
|
+
# Background
|
|
12
|
+
|
|
13
|
+
The #{title} Sequence tests the ability of the system to successfully
|
|
14
|
+
exchange a refresh token for an access token. Refresh tokens are typically
|
|
15
|
+
longer lived than access tokens and allow client applications to obtain a
|
|
16
|
+
new access token Refresh tokens themselves cannot provide access to
|
|
17
|
+
resources on the server.
|
|
18
|
+
|
|
19
|
+
Token refreshes are accomplished through a `POST` request to the token
|
|
20
|
+
exchange endpoint as described in the [SMART App Launch
|
|
21
|
+
Framework](https://www.hl7.org/fhir/smart-app-launch/1.0.0/index.html#step-5-later-app-uses-a-refresh-token-to-obtain-a-new-access-token).
|
|
22
|
+
|
|
23
|
+
# Test Methodology
|
|
24
|
+
|
|
25
|
+
This test attempts to exchange the refresh token for a new access token
|
|
26
|
+
and verify that the information returned contains the required fields and
|
|
27
|
+
uses the proper headers.
|
|
28
|
+
|
|
29
|
+
For more information see:
|
|
30
|
+
|
|
31
|
+
* [The OAuth 2.0 Authorization
|
|
32
|
+
Framework](https://tools.ietf.org/html/rfc6749)
|
|
33
|
+
* [Using a refresh token to obtain a new access
|
|
34
|
+
token](https://www.hl7.org/fhir/smart-app-launch/1.0.0/index.html#step-5-later-app-uses-a-refresh-token-to-obtain-a-new-access-token)
|
|
35
|
+
)
|
|
36
|
+
|
|
37
|
+
test from: :smart_token_refresh_stu2
|
|
38
|
+
test from: :smart_token_refresh_body
|
|
39
|
+
test from: :smart_token_response_headers,
|
|
40
|
+
config: {
|
|
41
|
+
requests: {
|
|
42
|
+
token: { name: :token_refresh }
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
end
|
|
46
|
+
end
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
require_relative 'token_refresh_test'
|
|
2
|
+
|
|
3
|
+
module SMARTAppLaunch
|
|
4
|
+
class TokenRefreshSTU2Test < TokenRefreshTest
|
|
5
|
+
include TokenPayloadValidation
|
|
6
|
+
|
|
7
|
+
id :smart_token_refresh_stu2
|
|
8
|
+
title 'Server successfully refreshes the access token when optional scope parameter omitted'
|
|
9
|
+
description %(
|
|
10
|
+
Server successfully exchanges refresh token at OAuth token endpoint
|
|
11
|
+
without providing scope in the body of the request.
|
|
12
|
+
|
|
13
|
+
Although not required in the token refresh portion of the SMART App
|
|
14
|
+
Launch Guide, the token refresh response should include the HTTP
|
|
15
|
+
Cache-Control response header field with a value of no-store, as well as
|
|
16
|
+
the Pragma response header field with a value of no-cache to be
|
|
17
|
+
consistent with the requirements of the inital access token exchange.
|
|
18
|
+
)
|
|
19
|
+
input :client_auth_type
|
|
20
|
+
input :client_auth_encryption_method, optional: true
|
|
21
|
+
input :client_secret, optional: true
|
|
22
|
+
|
|
23
|
+
def add_credentials_to_request(oauth2_headers, oauth2_params)
|
|
24
|
+
case client_auth_type
|
|
25
|
+
when 'public'
|
|
26
|
+
oauth2_params['client_id'] = client_id
|
|
27
|
+
when 'confidential_symmetric'
|
|
28
|
+
assert client_secret.present?,
|
|
29
|
+
"A client secret must be provided when using confidential symmetric client authentication."
|
|
30
|
+
|
|
31
|
+
credentials = Base64.strict_encode64("#{client_id}:#{client_secret}")
|
|
32
|
+
oauth2_headers['Authorization'] = "Basic #{credentials}"
|
|
33
|
+
when 'confidential_asymmetric'
|
|
34
|
+
oauth2_params.merge!(
|
|
35
|
+
client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
|
|
36
|
+
client_assertion: ClientAssertionBuilder.build(
|
|
37
|
+
iss: client_id,
|
|
38
|
+
sub: client_id,
|
|
39
|
+
aud: smart_token_url,
|
|
40
|
+
client_auth_encryption_method: client_auth_encryption_method
|
|
41
|
+
)
|
|
42
|
+
)
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
@@ -21,6 +21,15 @@ module SMARTAppLaunch
|
|
|
21
21
|
output :smart_credentials, :token_retrieval_time
|
|
22
22
|
makes_request :token_refresh
|
|
23
23
|
|
|
24
|
+
def add_credentials_to_request(oauth2_headers, oauth2_params)
|
|
25
|
+
if client_secret.present?
|
|
26
|
+
credentials = Base64.strict_encode64("#{client_id}:#{client_secret}")
|
|
27
|
+
oauth2_headers['Authorization'] = "Basic #{credentials}"
|
|
28
|
+
else
|
|
29
|
+
oauth2_params['client_id'] = client_id
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
|
|
24
33
|
run do
|
|
25
34
|
skip_if refresh_token.blank?
|
|
26
35
|
|
|
@@ -32,12 +41,7 @@ module SMARTAppLaunch
|
|
|
32
41
|
|
|
33
42
|
oauth2_params['scope'] = received_scopes if config.options[:include_scopes]
|
|
34
43
|
|
|
35
|
-
|
|
36
|
-
credentials = Base64.strict_encode64("#{client_id}:#{client_secret}")
|
|
37
|
-
oauth2_headers['Authorization'] = "Basic #{credentials}"
|
|
38
|
-
else
|
|
39
|
-
oauth2_params['client_id'] = client_id
|
|
40
|
-
end
|
|
44
|
+
add_credentials_to_request(oauth2_headers, oauth2_params)
|
|
41
45
|
|
|
42
46
|
post(smart_token_url, body: oauth2_params, name: :token_refresh, headers: oauth2_headers)
|
|
43
47
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: smart_app_launch_test_kit
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Stephen MacVicar
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-07-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: inferno_core
|
|
@@ -186,6 +186,8 @@ files:
|
|
|
186
186
|
- lib/smart_app_launch/token_payload_validation.rb
|
|
187
187
|
- lib/smart_app_launch/token_refresh_body_test.rb
|
|
188
188
|
- lib/smart_app_launch/token_refresh_group.rb
|
|
189
|
+
- lib/smart_app_launch/token_refresh_stu2_group.rb
|
|
190
|
+
- lib/smart_app_launch/token_refresh_stu2_test.rb
|
|
189
191
|
- lib/smart_app_launch/token_refresh_test.rb
|
|
190
192
|
- lib/smart_app_launch/token_response_body_test.rb
|
|
191
193
|
- lib/smart_app_launch/token_response_headers_test.rb
|
|
@@ -216,7 +218,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
216
218
|
- !ruby/object:Gem::Version
|
|
217
219
|
version: '0'
|
|
218
220
|
requirements: []
|
|
219
|
-
rubygems_version: 3.
|
|
221
|
+
rubygems_version: 3.5.9
|
|
220
222
|
signing_key:
|
|
221
223
|
specification_version: 4
|
|
222
224
|
summary: Inferno Tests for the SMART Application Launch Framework Implementation Guide
|