smart_app_launch_test_kit 0.4.6 → 0.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: af89139a6750969a3efa3731229c4ff2a8754738f75024b10aa986cb69325dbb
-  data.tar.gz: 8b412a1bb5601e932bc149f0de5e5dc59aaf5a7dc5be962a98a575a378fb297e
+  metadata.gz: f80a6156d7f541a28a876f54e29a1d7457b84c06feb6aea21d54a499e734ef91
+  data.tar.gz: 9f0990127c9bd562c1328e82a53d0c431c08fb3fbb1fbd24735049a40303eaba
 SHA512:
-  metadata.gz: c67c07a022b652ab979b1d5f1d857d2ffb44b63030e00f11f0d1ed5b0cede5a1371abef7263ea8e6c517acb617c33e3698bf74686fdec407eac5d37a48ceedc6
-  data.tar.gz: cef63d441dfd3f5b1cc2d0c902bab6632006f447b494ba39ebbb2a4c8b87d82cf457c60f0108a22f752c5ac525a94b69d962622b234901805aaf72a8f750e53f
+  metadata.gz: 819be8732a3feed22713a508e3f316101c5cfab62055b68666c94991359c79bc41159086c721b62886c3e38db51305e085ef4ef0dcaed7a9ab615600542a417c
+  data.tar.gz: c811a8aaaea089ca2ebaddb559a3ab2fa3ab2a73e2afbcc485e2375654735a6a68ba20fcbc95e0483ba65c83fed367d449289ee79020522887d418e1e9a0a0fb

data/config/presets/inferno_reference_server_preset.json

@@ -0,0 +1,103 @@
+{
+  "title": "Inferno Reference Server",
+  "id": "smart_stu1_reference_server",
+  "test_suite_id": "smart",
+  "inputs": [
+    {
+      "name": "url",
+      "type": "text",
+      "value": "https://inferno.healthit.gov/reference-server/r4"
+    },
+    {
+      "name": "standalone_client_id",
+      "type": "text",
+      "value": "SAMPLE_PUBLIC_CLIENT_ID"
+    },
+    {
+      "name": "standalone_requested_scopes",
+      "type": "text",
+      "value": "launch/patient openid fhirUser offline_access patient/*.read"
+    },
+    {
+      "name": "use_pkce",
+      "type": "radio",
+      "title": "Proof Key for Code Exchange (PKCE)",
+      "options": {
+        "list_options": [
+          {
+            "label": "Enabled",
+            "value": "true"
+          },
+          {
+            "label": "Disabled",
+            "value": "false"
+          }
+        ]
+      },
+      "value": "false"
+    },
+    {
+      "name": "pkce_code_challenge_method",
+      "type": "radio",
+      "optional": true,
+      "title": "PKCE Code Challenge Method",
+      "options": {
+        "list_options": [
+          {
+            "label": "S256",
+            "value": "S256"
+          },
+          {
+            "label": "plain",
+            "value": "plain"
+          }
+        ]
+      },
+      "value": "S256"
+    },
+    {
+      "name": "client_auth_type",
+      "value": "public",
+      "_title": "Client Authentication Method",
+      "_type": "radio",
+      "_options": {
+        "list_options": [
+          {
+            "label": "Public",
+            "value": "public"
+          },
+          {
+            "label": "Confidential Symmetric",
+            "value": "confidential_symmetric"
+          },
+          {
+            "label": "Confidential Asymmetric",
+            "value": "confidential_asymmetric"
+          }
+        ]
+      }
+    },
+    {
+      "name": "standalone_client_secret",
+      "type": "text",
+      "optional": true,
+      "value": null
+    },
+    {
+      "name": "ehr_client_id",
+      "type": "text",
+      "value": "SAMPLE_PUBLIC_CLIENT_ID"
+    },
+    {
+      "name": "ehr_requested_scopes",
+      "type": "text",
+      "value": "launch openid fhirUser offline_access user/*.read"
+    },
+    {
+      "name": "ehr_client_secret",
+      "type": "text",
+      "optional": true,
+      "value": null
+    }
+  ]
+}

data/config/presets/inferno_reference_server_stu2_2_preset.json

@@ -0,0 +1,89 @@
+{
+  "title": "Inferno Reference Server",
+  "id": "smart_stu2_2_reference_server",
+  "test_suite_id": "smart_stu2_2",
+  "inputs": [
+    {
+      "name": "url",
+      "type": "text",
+      "value": "https://inferno.healthit.gov/reference-server/r4"
+    },
+    {
+      "name": "standalone_client_id",
+      "type": "text",
+      "value": "SAMPLE_PUBLIC_CLIENT_ID"
+    },
+    {
+      "name": "standalone_requested_scopes",
+      "type": "text",
+      "value": "launch/patient openid fhirUser offline_access patient/*.read"
+    },
+    {
+      "name": "standalone_client_secret",
+      "type": "text",
+      "optional": true,
+      "value": null
+    },
+    {
+      "name": "ehr_client_id",
+      "type": "text",
+      "value": "SAMPLE_PUBLIC_CLIENT_ID"
+    },
+    {
+      "name": "ehr_requested_scopes",
+      "type": "text",
+      "value": "launch openid fhirUser offline_access user/*.read"
+    },
+    {
+      "name": "ehr_client_secret",
+      "type": "text",
+      "optional": true,
+      "value": null
+    },
+    {
+      "name": "client_auth_encryption_method",
+      "value": "ES384",
+      "_title": "Encryption Method (Confidential Asymmetric Client Auth Only)",
+      "_type": "radio",
+      "_options": {
+        "list_options": [
+          {
+            "label": "ES384",
+            "value": "ES384"
+          },
+          {
+            "label": "RS384",
+            "value": "RS384"
+          }
+        ]
+      }
+    },
+    {
+      "name": "client_auth_type",
+      "value": "public",
+      "_title": "Client Authentication Method",
+      "_type": "radio",
+      "_options": {
+        "list_options": [
+          {
+            "label": "Public",
+            "value": "public"
+          },
+          {
+            "label": "Confidential Symmetric",
+            "value": "confidential_symmetric"
+          },
+          {
+            "label": "Confidential Asymmetric",
+            "value": "confidential_asymmetric"
+          }
+        ]
+      }
+    },
+    {
+      "name": "backend_services_client_id",
+      "type": "text",
+      "value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InJlZ2lzdHJhdGlvbi10b2tlbiJ9.eyJqd2tzX3VybCI6Imh0dHA6Ly8xMC4xNS4yNTIuNzMvaW5mZXJuby8ud2VsbC1rbm93bi9qd2tzLmpzb24iLCJhY2Nlc3NUb2tlbnNFeHBpcmVJbiI6MTUsImlhdCI6MTU5NzQxMzE5NX0.q4v4Msc74kN506KTZ0q_minyapJw0gwlT6M_uiL73S4"
+    }
+  ]
+}

data/config/presets/inferno_reference_server_stu2_preset.json

@@ -0,0 +1,89 @@
+{
+  "title": "Inferno Reference Server",
+  "id": "smart_stu2_reference_server",
+  "test_suite_id": "smart_stu2",
+  "inputs": [
+    {
+      "name": "url",
+      "type": "text",
+      "value": "https://inferno.healthit.gov/reference-server/r4"
+    },
+    {
+      "name": "standalone_client_id",
+      "type": "text",
+      "value": "SAMPLE_PUBLIC_CLIENT_ID"
+    },
+    {
+      "name": "standalone_requested_scopes",
+      "type": "text",
+      "value": "launch/patient openid fhirUser offline_access patient/*.read"
+    },
+    {
+      "name": "standalone_client_secret",
+      "type": "text",
+      "optional": true,
+      "value": null
+    },
+    {
+      "name": "ehr_client_id",
+      "type": "text",
+      "value": "SAMPLE_PUBLIC_CLIENT_ID"
+    },
+    {
+      "name": "ehr_requested_scopes",
+      "type": "text",
+      "value": "launch openid fhirUser offline_access user/*.read"
+    },
+    {
+      "name": "ehr_client_secret",
+      "type": "text",
+      "optional": true,
+      "value": null
+    },
+    {
+      "name": "client_auth_encryption_method",
+      "value": "ES384",
+      "_title": "Encryption Method (Confidential Asymmetric Client Auth Only)",
+      "_type": "radio",
+      "_options": {
+        "list_options": [
+          {
+            "label": "ES384",
+            "value": "ES384"
+          },
+          {
+            "label": "RS384",
+            "value": "RS384"
+          }
+        ]
+      }
+    },
+    {
+      "name": "client_auth_type",
+      "value": "public",
+      "_title": "Client Authentication Method",
+      "_type": "radio",
+      "_options": {
+        "list_options": [
+          {
+            "label": "Public",
+            "value": "public"
+          },
+          {
+            "label": "Confidential Symmetric",
+            "value": "confidential_symmetric"
+          },
+          {
+            "label": "Confidential Asymmetric",
+            "value": "confidential_asymmetric"
+          }
+        ]
+      }
+    },
+    {
+      "name": "backend_services_client_id",
+      "type": "text",
+      "value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InJlZ2lzdHJhdGlvbi10b2tlbiJ9.eyJqd2tzX3VybCI6Imh0dHA6Ly8xMC4xNS4yNTIuNzMvaW5mZXJuby8ud2VsbC1rbm93bi9qd2tzLmpzb24iLCJhY2Nlc3NUb2tlbnNFeHBpcmVJbiI6MTUsImlhdCI6MTU5NzQxMzE5NX0.q4v4Msc74kN506KTZ0q_minyapJw0gwlT6M_uiL73S4"
+    }
+  ]
+}

data/config/presets/smart_access_brands.json.erb

@@ -0,0 +1,13 @@
+{
+  "title": "Inferno Example SMART Access Brands Bundle",
+  "id": "smart_access_brands_bundle_example_inferno",
+  "test_suite_id": "smart_access_brands",
+  "inputs": [
+    {
+      "name": "smart_access_brands_publication_url",
+      "value": "<%= Inferno::Application['base_url'] %>/custom/smart_access_brands/examples/smart_access_brands_example.json",
+      "title": "SMART Access Brands Bundle URL",
+      "type": "text"
+    }
+  ]
+}

data/config/presets/smart_access_brands_example_1.json

@@ -0,0 +1,37 @@
+{
+  "title": "Labs with Locations Nationwide IG Example SMART Access Brands Bundle",
+  "id": "smart_access_brands_bundle_example_1",
+  "test_suite_id": "smart_access_brands",
+  "inputs": [
+    {
+      "name": "user_access_brands_publication_url",
+      "value": "https://hl7.org/fhir/smart-app-launch/STU2.2/Bundle-example1.json",
+      "title": "User Access Brands Publication URL",
+      "type": "text"
+    },
+    {
+      "name": "endpoint_availability_success_rate",
+      "default": "all",
+      "description": "Select an option to choose how many Endpoints have to be available and send back a valid capability       statement for the Endpoint validation test to pass.",
+      "options": {
+        "list_options": [
+          {
+            "label": "All",
+            "value": "all"
+          },
+          {
+            "label": "At Least 1",
+            "value": "at_least_1"
+          },
+          {
+            "label": "None",
+            "value": "none"
+          }
+        ]
+      },
+      "title": "Endpoint Availability Success Rate",
+      "type": "radio",
+      "value": "none"
+    }
+  ]
+}

data/config/presets/smart_access_brands_example_2.json

@@ -0,0 +1,37 @@
+{
+  "title": "Regional Health System IG Example SMART Access Brands Bundle",
+  "id": "smart_access_brands_bundle_example_2",
+  "test_suite_id": "smart_access_brands",
+  "inputs": [
+    {
+      "name": "user_access_brands_publication_url",
+      "value": "https://hl7.org/fhir/smart-app-launch/STU2.2/Bundle-example2.json",
+      "title": "User Access Brands Publication URL",
+      "type": "text"
+    },
+    {
+      "name": "endpoint_availability_success_rate",
+      "default": "all",
+      "description": "Select an option to choose how many Endpoints have to be available and send back a valid capability       statement for the Endpoint validation test to pass.",
+      "options": {
+        "list_options": [
+          {
+            "label": "All",
+            "value": "all"
+          },
+          {
+            "label": "At Least 1",
+            "value": "at_least_1"
+          },
+          {
+            "label": "None",
+            "value": "none"
+          }
+        ]
+      },
+      "title": "Endpoint Availability Success Rate",
+      "type": "radio",
+      "value": "none"
+    }
+  ]
+}

data/config/presets/smart_access_brands_example_3.json

@@ -0,0 +1,37 @@
+{
+  "title": "Different EHRs IG Example SMART Access Brands Bundle",
+  "id": "smart_access_brands_bundle_example_3",
+  "test_suite_id": "smart_access_brands",
+  "inputs": [
+    {
+      "name": "user_access_brands_publication_url",
+      "value": "https://hl7.org/fhir/smart-app-launch/STU2.2/Bundle-example3.json",
+      "title": "User Access Brands Publication URL",
+      "type": "text"
+    },
+    {
+      "name": "endpoint_availability_success_rate",
+      "default": "all",
+      "description": "Select an option to choose how many Endpoints have to be available and send back a valid capability       statement for the Endpoint validation test to pass.",
+      "options": {
+        "list_options": [
+          {
+            "label": "All",
+            "value": "all"
+          },
+          {
+            "label": "At Least 1",
+            "value": "at_least_1"
+          },
+          {
+            "label": "None",
+            "value": "none"
+          }
+        ]
+      },
+      "title": "Endpoint Availability Success Rate",
+      "type": "radio",
+      "value": "none"
+    }
+  ]
+}

data/config/presets/smart_access_brands_example_4.json

@@ -0,0 +1,37 @@
+{
+  "title": "Co-equal Brands IG Example SMART Access Brands Bundle",
+  "id": "smart_access_brands_bundle_example_4",
+  "test_suite_id": "smart_access_brands",
+  "inputs": [
+    {
+      "name": "user_access_brands_publication_url",
+      "value": "https://hl7.org/fhir/smart-app-launch/STU2.2/Bundle-example4.json",
+      "title": "User Access Brands Publication URL",
+      "type": "text"
+    },
+    {
+      "name": "endpoint_availability_success_rate",
+      "default": "all",
+      "description": "Select an option to choose how many Endpoints have to be available and send back a valid capability       statement for the Endpoint validation test to pass.",
+      "options": {
+        "list_options": [
+          {
+            "label": "All",
+            "value": "all"
+          },
+          {
+            "label": "At Least 1",
+            "value": "at_least_1"
+          },
+          {
+            "label": "None",
+            "value": "none"
+          }
+        ]
+      },
+      "title": "Endpoint Availability Success Rate",
+      "type": "radio",
+      "value": "none"
+    }
+  ]
+}

data/lib/smart_app_launch/app_launch_test.rb

@@ -10,7 +10,13 @@ module SMARTAppLaunch
     input :url
     receives_request :launch
 
-    config options: { launch_uri: "#{Inferno::Application['base_url']}/custom/smart/launch" }
+    def default_launch_uri
+      "#{Inferno::Application['base_url']}/custom/smart/launch"
+    end
+
+    def launch_uri
+      config.options[:launch_uri].presence || default_launch_uri
+    end
 
     def wait_message
       return instance_exec(&config.options[:launch_message_proc]) if config.options[:launch_message_proc].present?
@@ -21,7 +27,7 @@ module SMARTAppLaunch
         Waiting for Inferno to be launched from the EHR.
 
         Tests will resume once Inferno receives a launch request at
-        `#{config.options[:launch_uri]}` with an `iss` of `#{url}`.
+        `#{launch_uri}` with an `iss` of `#{url}`.
       )
     end
 

data/lib/smart_app_launch/app_redirect_test.rb

@@ -47,7 +47,13 @@ module SMARTAppLaunch
     output :state, :pkce_code_challenge, :pkce_code_verifier
     receives_request :redirect
 
-    config options: { redirect_uri: "#{Inferno::Application['base_url']}/custom/smart/redirect" }
+    def default_redirect_uri
+      "#{Inferno::Application['base_url']}/custom/smart/redirect"
+    end
+
+    def redirect_uri
+      config.options[:redirect_uri].presence || default_redirect_uri
+    end
 
     def self.calculate_s256_challenge(verifier)
       Base64.urlsafe_encode64(Digest::SHA256.digest(verifier), padding: false)
@@ -68,7 +74,7 @@ module SMARTAppLaunch
         [Follow this link to authorize with the SMART server](#{auth_url}).
 
         Tests will resume once Inferno receives a request at
-        `#{config.options[:redirect_uri]}` with a state of `#{state}`.
+        `#{redirect_uri}` with a state of `#{state}`.
       )
     end
 
@@ -94,7 +100,7 @@ module SMARTAppLaunch
       oauth2_params = {
         'response_type' => 'code',
         'client_id' => client_id,
-        'redirect_uri' => config.options[:redirect_uri],
+        'redirect_uri' => redirect_uri,
         'scope' => requested_scopes,
         'state' => state,
         'aud' => aud

data/lib/smart_app_launch/app_redirect_test_stu2.rb

@@ -32,12 +32,20 @@ module SMARTAppLaunch
             ]
           }
 
+    def default_post_authorization_uri
+      "#{Inferno::Application['base_url']}/custom/smart_stu2/post_auth"
+    end
+
+    def post_authorization_uri
+      config.options[:post_authorization_uri].presence || default_post_authorization_uri
+    end
+
     def authorization_url_builder(url, params)
       return super if authorization_method == 'get'
 
       post_params = params.merge(auth_url: url)
 
-      post_url = URI(config.options[:post_authorization_uri])
+      post_url = URI(post_authorization_uri)
       post_url.query = URI.encode_www_form(post_params)
       post_url.to_s
     end

data/lib/smart_app_launch/metadata.rb

@@ -0,0 +1,75 @@
+require_relative 'version'
+
+module SMARTAppLaunch
+  class Metadata < Inferno::TestKit
+    id :smart_app_launch_test_kit
+    title 'SMART App Launch Test Kit'
+    description <<~DESCRIPTION
+      The SMART App Launch Test Kit primarily validates the conformance of an
+      authorization server implementation to a specified version of the [SMART
+      Application Launch Framework Implementation
+      Guide](http://hl7.org/fhir/smart-app-launch/index.html).  This Test Kit also
+      provides Brand Bundle Publisher testing for the User-access Brands and Endpoints
+      specification.  This Test Kit supports following versions of the SMART App
+      Launch IG: [STU1](https://hl7.org/fhir/smart-app-launch/1.0.0/),
+      [STU2](http://hl7.org/fhir/smart-app-launch/STU2/), and
+      [STU2.2](http://hl7.org/fhir/smart-app-launch/STU2.2/).
+      <!-- break -->
+
+      This Test Kit is [open
+      source](https://github.com/inferno-framework/smart-app-launch-test-kit#license)
+      and freely available for use or adoption by the health IT community including
+      EHR vendors, health app developers, and testing labs. It is built using the
+      [Inferno Framework](https://inferno-framework.github.io/inferno-core/). The
+      Inferno Framework is designed for reuse and aims to make it easier to build test
+      kits for any FHIR-based data exchange.
+
+      To run tests for a SMART App Launch authorization server, select one of the
+      "SMART App Launch" suites.  To run tests for a Brand Bundle Publisher, select
+      the "SMART User-access Brands and Endpoints" suite.
+
+      ## Status
+
+      The SMART App Launch Test Kit primarily verifies that systems correctly
+      implement the SMART App Launch IG for providing authorization and/or
+      authentication services to client applications accessing HL7 FHIR APIs.
+
+      The test kit currently tests the following requirements:
+      - Standalone Launch
+      - EHR Launch
+
+      It also tests the ability of a Brand Bundle Publisher to publish a valid brand
+      bundle as described in the User-access Brands and Endpoints specification.
+
+      See the test descriptions within the test kit for detail on the specific
+      validations performed as part of testing these requirements.
+
+      ## Repository
+
+      The SMART App Launch Test Kit GitHub repository can be [found
+      here](https://github.com/inferno-framework/smart-app-launch-test-kit).
+
+      ## Providing Feedback and Reporting Issues
+
+      We welcome feedback on the tests, including but not limited to the following
+      areas:
+
+      - Validation logic, such as potential bugs, lax checks, and unexpected failures.
+      - Requirements coverage, such as requirements that have been missed, tests that
+        necessitate features that the IG does not require, or other issues with the
+        interpretation of the IG's requirements.
+      - User experience, such as confusing or missing information in the test UI.
+
+      Please report any issues with this set of tests in the [issues
+      section](https://github.com/inferno-framework/smart-app-launch-test-kit/issues)
+      of the repository.
+    DESCRIPTION
+    suite_ids [:smart, :smart_stu2, :smart_stu2_2, :smart_access_brands]
+    tags ['SMART App Launch', 'Endpoint Publication']
+    last_updated LAST_UPDATED
+    version VERSION
+    maturity 'Medium'
+    authors ['Stephen MacVicar']
+    repo 'https://github.com/inferno-framework/smart-app-launch-test-kit'
+  end
+end

data/lib/smart_app_launch/smart_access_brands_examples/smart_access_brands_example.json.erb

@@ -0,0 +1,198 @@
+{
+  "resourceType" : "Bundle",
+  "id" : "example3",
+  "type" : "collection",
+  "timestamp" : "2023-09-05T20:23:42.723178-07:00",
+  "entry" : [
+    {
+      "fullUrl" : "https://examplehospital.fhirserver.org/Organization/examplehospital",
+      "resource" : {
+        "resourceType" : "Organization",
+        "id" : "examplehospital",
+        "extension" : [
+          {
+            "extension" : [
+              {
+                "url" : "brandLogo",
+                "valueUrl" : "https://fhirserver.org/examplehospital-ehr1/themes/custom/logo.svg"
+              }
+            ],
+            "url" : "http://hl7.org/fhir/StructureDefinition/organization-brand"
+          },
+          {
+            "extension" : [
+              {
+                "url" : "portalName",
+                "valueString" : "ExampleHospital Patient Gateway"
+              },
+              {
+                "url" : "portalUrl",
+                "valueUrl" : "https://patientgateway.examplehospital.ehr1.fhirserver.org"
+              },
+              {
+                "url" : "portalDescription",
+                "valueMarkdown" : "Patient Gateway is an online tool to help adult patients connect with health care providers, manage appointments, and refill prescriptions.\n"
+              },
+              {
+                "url" : "portalEndpoint",
+                "valueReference" : {
+                  "reference" : "https://ehr1.fhirserver.com/Endpoint/examplehospital-ehr1",
+                  "display" : "FHIR R4 Endpoint for EHR1"
+                }
+              }
+            ],
+            "url" : "http://hl7.org/fhir/StructureDefinition/organization-portal"
+          },
+          {
+            "extension" : [
+              {
+                "url" : "portalName",
+                "valueString" : "ExampleHospital Pediatric Portal"
+              },
+              {
+                "url" : "portalUrl",
+                "valueUrl" : "https://pediatrics.examplehospital.ehr2.fhirserver.org"
+              },
+              {
+                "url" : "portalDescription",
+                "valueMarkdown" : "Pediatric Portal is the entrypoint for pediatric patients."
+              },
+              {
+                "url" : "portalEndpoint",
+                "valueReference" : {
+                  "reference" : "https://ehr2.fhirserver.com/Endpoint/examplehospital-ehr2",
+                  "display" : "FHIR R4 Endpoint for EHR2"
+                }
+              }
+            ],
+            "url" : "http://hl7.org/fhir/StructureDefinition/organization-portal"
+          }
+        ],
+        "identifier" : [
+          {
+            "system" : "urn:ietf:rfc:3986",
+            "value" : "https://examplehospital.fhirserver.org"
+          }
+        ],
+        "active" : true,
+        "type" : [
+          {
+            "coding" : [
+              {
+                "system" : "http://terminology.hl7.org/CodeSystem/organization-type",
+                "code" : "prov",
+                "display" : "Healthcare Provider"
+              }
+            ]
+          }
+        ],
+        "name" : "ExampleHospital",
+        "alias" : [
+          "GoodHealth Healthcare"
+        ],
+        "telecom" : [
+          {
+            "system" : "url",
+            "value" : "https://examplehospital.fhirserver.org/contact"
+          }
+        ],
+        "address" : [
+          {
+            "city" : "Boston",
+            "state" : "MA"
+          },
+          {
+            "city" : "Newton",
+            "state" : "MA"
+          },
+          {
+            "city" : "Waltham",
+            "state" : "MA"
+          }
+        ],
+        "endpoint" : [
+          {
+            "reference" : "https://ehr1.fhirserver.com/Endpoint/examplehospital-ehr1",
+            "display" : "FHIR R4 Endpoint for EHR1"
+          },
+          {
+            "reference" : "https://ehr2.fhirserver.com/Endpoint/examplehospital-ehr2",
+            "display" : "FHIR R4 Endpoint for EHR2"
+          }
+        ]
+      }
+    },
+    {
+      "fullUrl" : "https://ehr1.fhirserver.com/Endpoint/examplehospital-ehr1",
+      "resource" : {
+        "resourceType" : "Endpoint",
+        "id" : "examplehospital-ehr1",
+        "extension" : [
+          {
+            "url" : "http://hl7.org/fhir/StructureDefinition/endpoint-fhir-version",
+            "valueCode" : "4.0.1"
+          }
+        ],
+        "status" : "active",
+        "connectionType" : {
+          "system" : "http://terminology.hl7.org/CodeSystem/endpoint-connection-type",
+          "code" : "hl7-fhir-rest"
+        },
+        "name" : "FHIR R4 Endpoint for ExampleHospital's EHR1 Patient Gateway",
+        "contact" : [
+          {
+            "system" : "url",
+            "value" : "https://open.ehr1.fhirserver.com"
+          }
+        ],
+        "payloadType" : [
+          {
+            "coding" : [
+              {
+                "system" : "http://terminology.hl7.org/CodeSystem/endpoint-payload-type",
+                "code" : "none"
+              }
+            ]
+          }
+        ],
+        "address" : "<%= Inferno::Application['base_url']  %>/custom/smart_access_brands/examples/r4_capability_statement"
+      }
+    },
+    {
+      "fullUrl" : "https://ehr2.fhirserver.com/Endpoint/examplehospital-ehr2",
+      "resource" : {
+        "resourceType" : "Endpoint",
+        "id" : "examplehospital-ehr2",
+        "extension" : [
+          {
+            "url" : "http://hl7.org/fhir/StructureDefinition/endpoint-fhir-version",
+            "valueCode" : "4.0.1"
+          }
+        ],
+        "status" : "active",
+        "connectionType" : {
+          "system" : "http://terminology.hl7.org/CodeSystem/endpoint-connection-type",
+          "code" : "hl7-fhir-rest"
+        },
+        "name" : "FHIR R4 Endpoint for ExampleHospital's EHR2 Pediatric Portal",
+        "contact" : [
+          {
+            "system" : "url",
+            "value" : "https://open.ehr2.fhirserver.com"
+          }
+        ],
+        "payloadType" : [
+          {
+            "coding" : [
+              {
+                "system" : "http://terminology.hl7.org/CodeSystem/endpoint-payload-type",
+                "code" : "none"
+              }
+            ]
+          }
+        ],
+        "address" : "<%= Inferno::Application['base_url']  %>/custom/smart_access_brands/examples/r4_capability_statement"
+      }
+    }
+  ]
+}

data/lib/smart_app_launch/smart_access_brands_suite.rb

@@ -5,7 +5,6 @@ module SMARTAppLaunch
     id 'smart_access_brands'
     title 'SMART User-access Brands and Endpoints STU2.2'
     short_title 'SMART User-access Brands'
-    version VERSION
 
     description <<~DESCRIPTION
       The SMART User-access Brands Test Suite verifies that Brand Bundle Publishers publish valid User-access
@@ -34,6 +33,10 @@ module SMARTAppLaunch
       Bundle as an input and leaving the User Access Brand Publication URL input blank.
     INSTRUCTIONS
 
+    source_code_url('https://github.com/inferno-framework/smart-app-launch-test-kit')
+    download_url('https://github.com/inferno-framework/smart-app-launch-test-kit/releases')
+    report_issue_url('https://github.com/inferno-framework/smart-app-launch-test-kit/issues')
+
     VALIDATION_MESSAGE_FILTERS = [
       /\A\S+: \S+: URL value '.*' does not resolve/,
       %r{\A\S+: \S+: Bundled or contained reference not found within the bundle/resource} # Validator issue with Brand profile: https://chat.fhir.org/#narrow/stream/291844-FHIR-Validator/topic/SMART.20v2.2E2.20User.20Access.20Brands.3A.20Brand.20validation.20error.3F/near/466321024

data/lib/smart_app_launch/smart_stu1_suite.rb

@@ -1,7 +1,6 @@
 require 'tls_test_kit'
 
 require_relative 'jwks'
-require_relative 'version'
 require_relative 'discovery_stu1_group'
 require_relative 'standalone_launch_group'
 require_relative 'ehr_launch_group'
@@ -12,7 +11,6 @@ module SMARTAppLaunch
   class SMARTSTU1Suite < Inferno::TestSuite
     id 'smart'
     title 'SMART App Launch STU1'
-    version VERSION
 
     resume_test_route :get, '/launch' do |request|
       request.query_parameters['iss']
@@ -34,15 +32,18 @@ module SMARTAppLaunch
     }
 
     description <<~DESCRIPTION
-      The SMART App Launch Test Suite verifies that systems correctly implement 
-      the [SMART App Launch IG](http://hl7.org/fhir/smart-app-launch/1.0.0/) 
-      for providing authorization and/or authentication services to client 
-      applications accessing HL7® FHIR® APIs. To get started, please first register 
+      The SMART App Launch Test Suite verifies that systems correctly implement
+      the [SMART App Launch IG](http://hl7.org/fhir/smart-app-launch/1.0.0/)
+      for providing authorization and/or authentication services to client
+      applications accessing HL7® FHIR® APIs. To get started, please first register
       the Inferno client as a SMART App with the following information:
 
       * SMART Launch URI: `#{config.options[:launch_uri]}`
       * OAuth Redirect URI: `#{config.options[:redirect_uri]}`
     DESCRIPTION
+    source_code_url('https://github.com/inferno-framework/smart-app-launch-test-kit')
+    download_url('https://github.com/inferno-framework/smart-app-launch-test-kit/releases')
+    report_issue_url('https://github.com/inferno-framework/smart-app-launch-test-kit/issues')
 
     group do
       title 'Standalone Launch'

data/lib/smart_app_launch/smart_stu2_2_suite.rb

@@ -1,7 +1,6 @@
 require 'tls_test_kit'
 
 require_relative 'jwks'
-require_relative 'version'
 require_relative 'discovery_stu2_2_group'
 require_relative 'standalone_launch_group_stu2_2'
 require_relative 'ehr_launch_group_stu2_2'
@@ -13,7 +12,6 @@ module SMARTAppLaunch
   class SMARTSTU22Suite < Inferno::TestSuite
     id 'smart_stu2_2'
     title 'SMART App Launch STU2.2'
-    version VERSION
 
     resume_test_route :get, '/launch' do |request|
       request.query_parameters['iss']
@@ -72,6 +70,9 @@ module SMARTAppLaunch
       If the token introspection endpoint of the system under test is NOT available at .well-known/smart-configuration,
       please run the test groups individually and group 3 Token Introspection will include the introspection endpoint as a manual input.
     )
+    source_code_url('https://github.com/inferno-framework/smart-app-launch-test-kit')
+    download_url('https://github.com/inferno-framework/smart-app-launch-test-kit/releases')
+    report_issue_url('https://github.com/inferno-framework/smart-app-launch-test-kit/issues')
 
     group do
       title 'Standalone Launch'

data/lib/smart_app_launch/smart_stu2_suite.rb

@@ -1,7 +1,6 @@
 require 'tls_test_kit'
 
 require_relative 'jwks'
-require_relative 'version'
 require_relative 'discovery_stu2_group'
 require_relative 'standalone_launch_group_stu2'
 require_relative 'ehr_launch_group_stu2'
@@ -14,7 +13,6 @@ module SMARTAppLaunch
   class SMARTSTU2Suite < Inferno::TestSuite
     id 'smart_stu2'
     title 'SMART App Launch STU2'
-    version VERSION
 
     resume_test_route :get, '/launch' do |request|
       request.query_parameters['iss']
@@ -42,10 +40,10 @@ module SMARTAppLaunch
     }
 
     description <<~DESCRIPTION
-      The SMART App Launch Test Suite verifies that systems correctly implement 
-      the [SMART App Launch IG](http://hl7.org/fhir/smart-app-launch/STU2/) 
-      for providing authorization and/or authentication services to client 
-      applications accessing HL7® FHIR® APIs. To get started, please first register 
+      The SMART App Launch Test Suite verifies that systems correctly implement
+      the [SMART App Launch IG](http://hl7.org/fhir/smart-app-launch/STU2/)
+      for providing authorization and/or authentication services to client
+      applications accessing HL7® FHIR® APIs. To get started, please first register
       the Inferno client as a SMART App with the following information:
 
       * SMART Launch URI: `#{config.options[:launch_uri]}`
@@ -59,17 +57,20 @@ module SMARTAppLaunch
 
     input_instructions %(
       When running tests at this level, the token introspection endpoint is not available as a manual input.
-      Instead, group 3 Token Introspection will assume the token introspection endpoint 
+      Instead, group 3 Token Introspection will assume the token introspection endpoint
       will be output from group 1 Standalone Launch tests, specifically the SMART On FHIR Discovery tests that query
       the .well-known/smart-configuration endpoint. However, including the token introspection
       endpoint as part of the well-known ouput is NOT required and is not formally checked in the SMART On FHIR Discovery
       tests.  RFC-7662 on Token Introspection says that "The means by which the protected resource discovers the location of the introspection
       endpoint are outside the scope of this specification" and the Token Introspection IG does not add any further
-      requirements to this.  
+      requirements to this.
 
-      If the token introspection endpoint of the system under test is NOT available at .well-known/smart-configuration, 
-      please run the test groups individually and group 3 Token Introspection will include the introspection endpoint as a manual input.  
+      If the token introspection endpoint of the system under test is NOT available at .well-known/smart-configuration,
+      please run the test groups individually and group 3 Token Introspection will include the introspection endpoint as a manual input.
     )
+    source_code_url('https://github.com/inferno-framework/smart-app-launch-test-kit')
+    download_url('https://github.com/inferno-framework/smart-app-launch-test-kit/releases')
+    report_issue_url('https://github.com/inferno-framework/smart-app-launch-test-kit/issues')
 
     group do
       title 'Standalone Launch'

data/lib/smart_app_launch/token_exchange_test.rb

@@ -36,7 +36,13 @@ module SMARTAppLaunch
     uses_request :redirect
     makes_request :token
 
-    config options: { redirect_uri: "#{Inferno::Application['base_url']}/custom/smart/redirect" }
+    def default_redirect_uri
+      "#{Inferno::Application['base_url']}/custom/smart/redirect"
+    end
+
+    def redirect_uri
+      config.options[:redirect_uri].presence || default_redirect_uri
+    end
 
     def add_credentials_to_request(oauth2_params, oauth2_headers)
       if client_secret.present?
@@ -52,7 +58,7 @@ module SMARTAppLaunch
 
       oauth2_params = {
         code:,
-        redirect_uri: config.options[:redirect_uri],
+        redirect_uri:,
         grant_type: 'authorization_code'
       }
       oauth2_headers = { 'Content-Type' => 'application/x-www-form-urlencoded' }

data/lib/smart_app_launch/version.rb

@@ -1,3 +1,4 @@
 module SMARTAppLaunch
-  VERSION = '0.4.6'.freeze
+  VERSION = '0.5.1'.freeze
+  LAST_UPDATED = '2025-03-07'.freeze
 end

data/lib/smart_app_launch_test_kit.rb

@@ -1,5 +1,6 @@
 require 'tls_test_kit'
 
+require_relative 'smart_app_launch/metadata'
 require_relative 'smart_app_launch/smart_stu1_suite'
 require_relative 'smart_app_launch/smart_stu2_suite'
 require_relative 'smart_app_launch/smart_stu2_2_suite'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: smart_app_launch_test_kit
 version: !ruby/object:Gem::Version
-  version: 0.4.6
+  version: 0.5.1
 platform: ruby
 authors:
 - Stephen MacVicar
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-10-31 00:00:00.000000000 Z
+date: 2025-03-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: inferno_core
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.4.2
+        version: 0.6.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.4.2
+        version: 0.6.2
 - !ruby/object:Gem::Dependency
   name: json-jwt
   requirement: !ruby/object:Gem::Requirement
@@ -58,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.2.0
+        version: 0.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.2.0
+        version: 0.3.0
 - !ruby/object:Gem::Dependency
   name: database_cleaner-sequel
   requirement: !ruby/object:Gem::Requirement
@@ -145,6 +145,14 @@ extensions: []
 extra_rdoc_files: []
 files:
 - LICENSE
+- config/presets/inferno_reference_server_preset.json
+- config/presets/inferno_reference_server_stu2_2_preset.json
+- config/presets/inferno_reference_server_stu2_preset.json
+- config/presets/smart_access_brands.json.erb
+- config/presets/smart_access_brands_example_1.json
+- config/presets/smart_access_brands_example_2.json
+- config/presets/smart_access_brands_example_3.json
+- config/presets/smart_access_brands_example_4.json
 - lib/smart_app_launch/app_launch_test.rb
 - lib/smart_app_launch/app_redirect_test.rb
 - lib/smart_app_launch/app_redirect_test_stu2.rb
@@ -169,6 +177,7 @@ files:
 - lib/smart_app_launch/ehr_launch_group_stu2_2.rb
 - lib/smart_app_launch/jwks.rb
 - lib/smart_app_launch/launch_received_test.rb
+- lib/smart_app_launch/metadata.rb
 - lib/smart_app_launch/openid_connect_group.rb
 - lib/smart_app_launch/openid_connect_group_stu2_2.rb
 - lib/smart_app_launch/openid_decode_id_token_test.rb
@@ -180,6 +189,7 @@ files:
 - lib/smart_app_launch/openid_token_payload_test.rb
 - lib/smart_app_launch/post_auth.html
 - lib/smart_app_launch/smart_access_brands_examples/r4_capability_statement.json
+- lib/smart_app_launch/smart_access_brands_examples/smart_access_brands_example.json.erb
 - lib/smart_app_launch/smart_access_brands_group.rb
 - lib/smart_app_launch/smart_access_brands_retrieval_group.rb
 - lib/smart_app_launch/smart_access_brands_retrieve_bundle_test.rb
@@ -224,6 +234,7 @@ homepage: https://github.com/inferno-framework/smart-app-launch-test-kit
 licenses:
 - Apache-2.0
 metadata:
+  inferno_test_kit: 'true'
   homepage_uri: https://github.com/inferno-framework/smart-app-launch-test-kit
   source_code_uri: https://github.com/inferno-framework/smart-app-launch-test-kit
 post_install_message:
@@ -234,14 +245,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 3.1.2
+      version: 3.3.6
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.7
+rubygems_version: 3.5.22
 signing_key:
 specification_version: 4
 summary: Inferno Tests for the SMART Application Launch Framework Implementation Guide