smart_app_launch_test_kit 0.5.1 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (45) hide show
  1. checksums.yaml +4 -4
  2. data/config/presets/inferno_reference_server_preset.json +15 -86
  3. data/config/presets/inferno_reference_server_stu2_2_preset.json +20 -69
  4. data/config/presets/inferno_reference_server_stu2_preset.json +20 -69
  5. data/lib/smart_app_launch/app_redirect_test.rb +12 -44
  6. data/lib/smart_app_launch/app_redirect_test_stu2.rb +2 -17
  7. data/lib/smart_app_launch/backend_services_authorization_group.rb +33 -57
  8. data/lib/smart_app_launch/backend_services_authorization_request_builder.rb +22 -9
  9. data/lib/smart_app_launch/backend_services_authorization_request_success_test.rb +26 -21
  10. data/lib/smart_app_launch/backend_services_authorization_response_body_test.rb +19 -5
  11. data/lib/smart_app_launch/backend_services_invalid_client_assertion_test.rb +30 -25
  12. data/lib/smart_app_launch/backend_services_invalid_grant_type_test.rb +30 -24
  13. data/lib/smart_app_launch/backend_services_invalid_jwt_test.rb +31 -26
  14. data/lib/smart_app_launch/client_assertion_builder.rb +27 -12
  15. data/lib/smart_app_launch/cors_openid_fhir_user_claim_test.rb +2 -2
  16. data/lib/smart_app_launch/cors_token_exchange_test.rb +2 -2
  17. data/lib/smart_app_launch/discovery_stu1_group.rb +6 -2
  18. data/lib/smart_app_launch/ehr_launch_group.rb +41 -24
  19. data/lib/smart_app_launch/ehr_launch_group_stu2.rb +26 -10
  20. data/lib/smart_app_launch/ehr_launch_group_stu2_2.rb +0 -16
  21. data/lib/smart_app_launch/openid_fhir_user_claim_test.rb +5 -4
  22. data/lib/smart_app_launch/openid_token_payload_test.rb +6 -8
  23. data/lib/smart_app_launch/smart_stu1_suite.rb +32 -24
  24. data/lib/smart_app_launch/smart_stu2_2_suite.rb +56 -30
  25. data/lib/smart_app_launch/smart_stu2_suite.rb +56 -31
  26. data/lib/smart_app_launch/smart_tls_test.rb +14 -0
  27. data/lib/smart_app_launch/standalone_launch_group.rb +42 -25
  28. data/lib/smart_app_launch/standalone_launch_group_stu2.rb +26 -10
  29. data/lib/smart_app_launch/standalone_launch_group_stu2_2.rb +0 -16
  30. data/lib/smart_app_launch/token_exchange_stu2_2_test.rb +5 -17
  31. data/lib/smart_app_launch/token_exchange_stu2_test.rb +8 -67
  32. data/lib/smart_app_launch/token_exchange_test.rb +18 -38
  33. data/lib/smart_app_launch/token_introspection_access_token_group.rb +12 -4
  34. data/lib/smart_app_launch/token_introspection_access_token_group_stu2_2.rb +9 -1
  35. data/lib/smart_app_launch/token_introspection_group.rb +2 -4
  36. data/lib/smart_app_launch/token_introspection_request_group.rb +2 -4
  37. data/lib/smart_app_launch/token_introspection_response_group.rb +64 -49
  38. data/lib/smart_app_launch/token_refresh_body_test.rb +9 -2
  39. data/lib/smart_app_launch/token_refresh_stu2_test.rb +10 -17
  40. data/lib/smart_app_launch/token_refresh_test.rb +19 -20
  41. data/lib/smart_app_launch/token_response_body_test.rb +14 -4
  42. data/lib/smart_app_launch/token_response_body_test_stu2_2.rb +3 -2
  43. data/lib/smart_app_launch/version.rb +2 -2
  44. data/lib/smart_app_launch/well_known_endpoint_test.rb +11 -1
  45. metadata +5 -4
data/lib/smart_app_launch/openid_fhir_user_claim_test.rb CHANGED
@@ -8,18 +8,19 @@ module SMARTAppLaunch
8
8
  the url for a Patient, Practitioner, RelatedPerson, or Person resource
9
9
  )
10
10
 
11
- input :id_token_payload_json, :requested_scopes, :url
12
- input :smart_credentials, type: :oauth_credentials
11
+ input :id_token_payload_json, :url
12
+ input :smart_auth_info, type: :auth_info
13
+
13
14
  output :id_token_fhir_user
14
15
 
15
16
  fhir_client do
16
17
  url :url
17
- oauth_credentials :smart_credentials
18
+ auth_info :smart_auth_info
18
19
  end
19
20
 
20
21
  run do
21
22
  skip_if id_token_payload_json.blank?
22
- skip_if !requested_scopes&.include?('fhirUser'), '`fhirUser` scope not requested'
23
+ skip_if !smart_auth_info.requested_scopes&.include?('fhirUser'), '`fhirUser` scope not requested'
23
24
 
24
25
  assert_valid_json(id_token_payload_json)
25
26
  payload = JSON.parse(id_token_payload_json)
data/lib/smart_app_launch/openid_token_payload_test.rb CHANGED
@@ -22,16 +22,14 @@ module SMARTAppLaunch
22
22
  REQUIRED_CLAIMS.dup
23
23
  end
24
24
 
25
- input :id_token,
26
- :openid_configuration_json,
27
- :id_token_jwk_json,
28
- :client_id
25
+ input :id_token, :openid_configuration_json, :id_token_jwk_json
26
+ input :smart_auth_info, type: :auth_info, options: { mode: 'auth' }
29
27
 
30
28
  run do
31
29
  skip_if id_token.blank?, 'No ID Token'
32
30
  skip_if openid_configuration_json.blank?, 'No OpenID Configuration found'
33
31
  skip_if id_token_jwk_json.blank?, 'No ID Token jwk found'
34
- skip_if client_id.blank?, 'No Client ID'
32
+ skip_if smart_auth_info.client_id.blank?, 'No Client ID'
35
33
 
36
34
  begin
37
35
  configuration = JSON.parse(openid_configuration_json)
@@ -44,7 +42,7 @@ module SMARTAppLaunch
44
42
  algorithms: ['RS256'],
45
43
  exp_leeway: 60,
46
44
  iss: configuration['issuer'],
47
- aud: client_id,
45
+ aud: smart_auth_info.client_id,
48
46
  verify_not_before: false,
49
47
  verify_iat: false,
50
48
  verify_jti: false,
@@ -57,8 +55,8 @@ module SMARTAppLaunch
57
55
  end
58
56
 
59
57
  sub_value = payload['sub']
60
- assert !sub_value.blank?, "ID token `sub` claim is blank"
61
- assert sub_value.length < 256, "ID token `sub` claim exceeds 255 characters in length"
58
+ assert !sub_value.blank?, 'ID token `sub` claim is blank'
59
+ assert sub_value.length < 256, 'ID token `sub` claim exceeds 255 characters in length'
62
60
 
63
61
  missing_claims = required_claims - payload.keys
64
62
  missing_claims_string = missing_claims.map { |claim| "`#{claim}`" }.join(', ')
data/lib/smart_app_launch/smart_stu1_suite.rb CHANGED
@@ -58,16 +58,22 @@ module SMARTAppLaunch
58
58
 
59
59
  run_as_group
60
60
 
61
- group from: :smart_discovery
61
+ group from: :smart_discovery,
62
+ config: {
63
+ inputs: {
64
+ smart_auth_info: { name: :standalone_smart_auth_info }
65
+ },
66
+ outputs: {
67
+ smart_auth_info: { name: :standalone_smart_auth_info }
68
+ }
69
+ }
62
70
  group from: :smart_standalone_launch
63
71
 
64
72
  group from: :smart_openid_connect,
65
73
  config: {
66
74
  inputs: {
67
75
  id_token: { name: :standalone_id_token },
68
- client_id: { name: :standalone_client_id },
69
- requested_scopes: { name: :standalone_requested_scopes },
70
- access_token: { name: :standalone_access_token },
76
+ smart_auth_info: { name: :standalone_smart_auth_info },
71
77
  smart_credentials: { name: :standalone_smart_credentials }
72
78
  }
73
79
  }
@@ -77,9 +83,7 @@ module SMARTAppLaunch
77
83
  title: 'SMART Token Refresh Without Scopes',
78
84
  config: {
79
85
  inputs: {
80
- refresh_token: { name: :standalone_refresh_token },
81
- client_id: { name: :standalone_client_id },
82
- client_secret: { name: :standalone_client_secret },
86
+ smart_auth_info: { name: :standalone_smart_auth_info },
83
87
  received_scopes: { name: :standalone_received_scopes }
84
88
  },
85
89
  outputs: {
@@ -88,7 +92,8 @@ module SMARTAppLaunch
88
92
  access_token: { name: :standalone_access_token },
89
93
  token_retrieval_time: { name: :standalone_token_retrieval_time },
90
94
  expires_in: { name: :standalone_expires_in },
91
- smart_credentials: { name: :standalone_smart_credentials }
95
+ smart_credentials: { name: :standalone_smart_credentials },
96
+ smart_auth_info: { name: :standalone_smart_auth_info }
92
97
  }
93
98
  }
94
99
 
@@ -98,9 +103,7 @@ module SMARTAppLaunch
98
103
  config: {
99
104
  options: { include_scopes: true },
100
105
  inputs: {
101
- refresh_token: { name: :standalone_refresh_token },
102
- client_id: { name: :standalone_client_id },
103
- client_secret: { name: :standalone_client_secret },
106
+ smart_auth_info: { name: :standalone_smart_auth_info },
104
107
  received_scopes: { name: :standalone_received_scopes }
105
108
  },
106
109
  outputs: {
@@ -109,7 +112,8 @@ module SMARTAppLaunch
109
112
  access_token: { name: :standalone_access_token },
110
113
  token_retrieval_time: { name: :standalone_token_retrieval_time },
111
114
  expires_in: { name: :standalone_expires_in },
112
- smart_credentials: { name: :standalone_smart_credentials }
115
+ smart_credentials: { name: :standalone_smart_credentials },
116
+ smart_auth_info: { name: :standalone_smart_auth_info }
113
117
  }
114
118
  }
115
119
  end
@@ -128,7 +132,15 @@ module SMARTAppLaunch
128
132
 
129
133
  run_as_group
130
134
 
131
- group from: :smart_discovery
135
+ group from: :smart_discovery,
136
+ config: {
137
+ inputs: {
138
+ smart_auth_info: { name: :ehr_smart_auth_info }
139
+ },
140
+ outputs: {
141
+ smart_auth_info: { name: :ehr_smart_auth_info }
142
+ }
143
+ }
132
144
 
133
145
  group from: :smart_ehr_launch
134
146
 
@@ -136,9 +148,7 @@ module SMARTAppLaunch
136
148
  config: {
137
149
  inputs: {
138
150
  id_token: { name: :ehr_id_token },
139
- client_id: { name: :ehr_client_id },
140
- requested_scopes: { name: :ehr_requested_scopes },
141
- access_token: { name: :ehr_access_token },
151
+ smart_auth_info: { name: :ehr_smart_auth_info },
142
152
  smart_credentials: { name: :ehr_smart_credentials }
143
153
  }
144
154
  }
@@ -148,9 +158,7 @@ module SMARTAppLaunch
148
158
  title: 'SMART Token Refresh Without Scopes',
149
159
  config: {
150
160
  inputs: {
151
- refresh_token: { name: :ehr_refresh_token },
152
- client_id: { name: :ehr_client_id },
153
- client_secret: { name: :ehr_client_secret },
161
+ smart_auth_info: { name: :ehr_smart_auth_info },
154
162
  received_scopes: { name: :ehr_received_scopes }
155
163
  },
156
164
  outputs: {
@@ -159,7 +167,8 @@ module SMARTAppLaunch
159
167
  access_token: { name: :ehr_access_token },
160
168
  token_retrieval_time: { name: :ehr_token_retrieval_time },
161
169
  expires_in: { name: :ehr_expires_in },
162
- smart_credentials: { name: :ehr_smart_credentials }
170
+ smart_credentials: { name: :ehr_smart_credentials },
171
+ smart_auth_info: { name: :ehr_smart_auth_info }
163
172
  }
164
173
  }
165
174
 
@@ -169,9 +178,7 @@ module SMARTAppLaunch
169
178
  config: {
170
179
  options: { include_scopes: true },
171
180
  inputs: {
172
- refresh_token: { name: :ehr_refresh_token },
173
- client_id: { name: :ehr_client_id },
174
- client_secret: { name: :ehr_client_secret },
181
+ smart_auth_info: { name: :ehr_smart_auth_info },
175
182
  received_scopes: { name: :ehr_received_scopes }
176
183
  },
177
184
  outputs: {
@@ -180,7 +187,8 @@ module SMARTAppLaunch
180
187
  access_token: { name: :ehr_access_token },
181
188
  token_retrieval_time: { name: :ehr_token_retrieval_time },
182
189
  expires_in: { name: :ehr_expires_in },
183
- smart_credentials: { name: :ehr_smart_credentials }
190
+ smart_credentials: { name: :ehr_smart_credentials },
191
+ smart_auth_info: { name: :ehr_smart_auth_info }
184
192
  }
185
193
  }
186
194
  end
data/lib/smart_app_launch/smart_stu2_2_suite.rb CHANGED
@@ -49,7 +49,7 @@ module SMARTAppLaunch
49
49
  * OAuth Redirect URI: `#{config.options[:redirect_uri]}`
50
50
 
51
51
  If using asymmetric client authentication, register Inferno with the
52
- following JWK Set URL:
52
+ following JWK Set URL or provide a custom JWK Set:
53
53
 
54
54
  * `#{Inferno::Application[:base_url]}/custom/smart_stu2_2/.well-known/jwks.json`
55
55
 
@@ -85,23 +85,29 @@ module SMARTAppLaunch
85
85
  * OAuth Redirect URI: `#{config.options[:redirect_uri]}`
86
86
 
87
87
  If using asymmetric client authentication, register Inferno with the
88
- following JWK Set URL:
88
+ following JWK Set URL or provide a custom JWK Set:
89
89
 
90
90
  * `#{Inferno::Application[:base_url]}/custom/smart_stu2_2/.well-known/jwks.json`
91
91
  INSTRUCTIONS
92
92
 
93
93
  run_as_group
94
94
 
95
- group from: :smart_discovery_stu2_2
95
+ group from: :smart_discovery_stu2_2,
96
+ config: {
97
+ inputs: {
98
+ smart_auth_info: { name: :standalone_smart_auth_info }
99
+ },
100
+ outputs: {
101
+ smart_auth_info: { name: :standalone_smart_auth_info }
102
+ }
103
+ }
96
104
  group from: :smart_standalone_launch_stu2_2
97
105
 
98
106
  group from: :smart_openid_connect_stu2_2,
99
107
  config: {
100
108
  inputs: {
101
109
  id_token: { name: :standalone_id_token },
102
- client_id: { name: :standalone_client_id },
103
- requested_scopes: { name: :standalone_requested_scopes },
104
- access_token: { name: :standalone_access_token },
110
+ smart_auth_info: { name: :standalone_smart_auth_info },
105
111
  smart_credentials: { name: :standalone_smart_credentials }
106
112
  }
107
113
  }
@@ -111,9 +117,7 @@ module SMARTAppLaunch
111
117
  title: 'SMART Token Refresh Without Scopes',
112
118
  config: {
113
119
  inputs: {
114
- refresh_token: { name: :standalone_refresh_token },
115
- client_id: { name: :standalone_client_id },
116
- client_secret: { name: :standalone_client_secret },
120
+ smart_auth_info: { name: :standalone_smart_auth_info },
117
121
  received_scopes: { name: :standalone_received_scopes }
118
122
  },
119
123
  outputs: {
@@ -122,7 +126,8 @@ module SMARTAppLaunch
122
126
  access_token: { name: :standalone_access_token },
123
127
  token_retrieval_time: { name: :standalone_token_retrieval_time },
124
128
  expires_in: { name: :standalone_expires_in },
125
- smart_credentials: { name: :standalone_smart_credentials }
129
+ smart_credentials: { name: :standalone_smart_credentials },
130
+ smart_auth_info: { name: :standalone_smart_auth_info }
126
131
  }
127
132
  }
128
133
 
@@ -132,9 +137,7 @@ module SMARTAppLaunch
132
137
  config: {
133
138
  options: { include_scopes: true },
134
139
  inputs: {
135
- refresh_token: { name: :standalone_refresh_token },
136
- client_id: { name: :standalone_client_id },
137
- client_secret: { name: :standalone_client_secret },
140
+ smart_auth_info: { name: :standalone_smart_auth_info },
138
141
  received_scopes: { name: :standalone_received_scopes }
139
142
  },
140
143
  outputs: {
@@ -143,7 +146,8 @@ module SMARTAppLaunch
143
146
  access_token: { name: :standalone_access_token },
144
147
  token_retrieval_time: { name: :standalone_token_retrieval_time },
145
148
  expires_in: { name: :standalone_expires_in },
146
- smart_credentials: { name: :standalone_smart_credentials }
149
+ smart_credentials: { name: :standalone_smart_credentials },
150
+ smart_auth_info: { name: :standalone_smart_auth_info }
147
151
  }
148
152
  }
149
153
  end
@@ -160,14 +164,22 @@ module SMARTAppLaunch
160
164
  * OAuth Redirect URI: `#{config.options[:redirect_uri]}`
161
165
 
162
166
  If using asymmetric client authentication, register Inferno with the
163
- following JWK Set URL:
167
+ following JWK Set URL or provide a custom JWK Set:
164
168
 
165
169
  * `#{Inferno::Application[:base_url]}/custom/smart_stu2_2/.well-known/jwks.json`
166
170
  INSTRUCTIONS
167
171
 
168
172
  run_as_group
169
173
 
170
- group from: :smart_discovery_stu2_2
174
+ group from: :smart_discovery_stu2_2,
175
+ config: {
176
+ inputs: {
177
+ smart_auth_info: { name: :ehr_smart_auth_info }
178
+ },
179
+ outputs: {
180
+ smart_auth_info: { name: :ehr_smart_auth_info }
181
+ }
182
+ }
171
183
 
172
184
  group from: :smart_ehr_launch_stu2_2
173
185
 
@@ -175,9 +187,7 @@ module SMARTAppLaunch
175
187
  config: {
176
188
  inputs: {
177
189
  id_token: { name: :ehr_id_token },
178
- client_id: { name: :ehr_client_id },
179
- requested_scopes: { name: :ehr_requested_scopes },
180
- access_token: { name: :ehr_access_token },
190
+ smart_auth_info: { name: :ehr_smart_auth_info },
181
191
  smart_credentials: { name: :ehr_smart_credentials }
182
192
  }
183
193
  }
@@ -187,9 +197,7 @@ module SMARTAppLaunch
187
197
  title: 'SMART Token Refresh Without Scopes',
188
198
  config: {
189
199
  inputs: {
190
- refresh_token: { name: :ehr_refresh_token },
191
- client_id: { name: :ehr_client_id },
192
- client_secret: { name: :ehr_client_secret },
200
+ smart_auth_info: { name: :ehr_smart_auth_info },
193
201
  received_scopes: { name: :ehr_received_scopes }
194
202
  },
195
203
  outputs: {
@@ -198,7 +206,8 @@ module SMARTAppLaunch
198
206
  access_token: { name: :ehr_access_token },
199
207
  token_retrieval_time: { name: :ehr_token_retrieval_time },
200
208
  expires_in: { name: :ehr_expires_in },
201
- smart_credentials: { name: :ehr_smart_credentials }
209
+ smart_credentials: { name: :ehr_smart_credentials },
210
+ smart_auth_info: { name: :ehr_smart_auth_info }
202
211
  }
203
212
  }
204
213
 
@@ -208,9 +217,7 @@ module SMARTAppLaunch
208
217
  config: {
209
218
  options: { include_scopes: true },
210
219
  inputs: {
211
- refresh_token: { name: :ehr_refresh_token },
212
- client_id: { name: :ehr_client_id },
213
- client_secret: { name: :ehr_client_secret },
220
+ smart_auth_info: { name: :ehr_smart_auth_info },
214
221
  received_scopes: { name: :ehr_received_scopes }
215
222
  },
216
223
  outputs: {
@@ -219,7 +226,8 @@ module SMARTAppLaunch
219
226
  access_token: { name: :ehr_access_token },
220
227
  token_retrieval_time: { name: :ehr_token_retrieval_time },
221
228
  expires_in: { name: :ehr_expires_in },
222
- smart_credentials: { name: :ehr_smart_credentials }
229
+ smart_credentials: { name: :ehr_smart_credentials },
230
+ smart_auth_info: { name: :ehr_smart_auth_info }
223
231
  }
224
232
  }
225
233
  end
@@ -230,15 +238,33 @@ module SMARTAppLaunch
230
238
 
231
239
  input_instructions <<~INSTRUCTIONS
232
240
  Please register the Inferno client with the authorization services with the
233
- following JWK Set URL:
241
+ following JWK Set URL or provide a custom JWK Set:
234
242
 
235
243
  * `#{Inferno::Application[:base_url]}/custom/smart_stu2_2/.well-known/jwks.json`
236
244
  INSTRUCTIONS
237
245
 
238
246
  run_as_group
239
247
 
240
- group from: :smart_discovery_stu2_2
241
- group from: :backend_services_authorization
248
+ group from: :smart_discovery_stu2_2 do
249
+ config(
250
+ inputs: {
251
+ smart_auth_info: { name: :backend_services_smart_auth_info }
252
+ },
253
+ outputs: {
254
+ smart_auth_info: { name: :backend_services_smart_auth_info }
255
+ }
256
+ )
257
+ end
258
+
259
+ group from: :backend_services_authorization,
260
+ config: {
261
+ inputs: {
262
+ smart_auth_info: { name: :backend_services_smart_auth_info }
263
+ },
264
+ outputs: {
265
+ smart_auth_info: { name: :backend_services_smart_auth_info }
266
+ }
267
+ }
242
268
  end
243
269
 
244
270
  group from: :smart_token_introspection_stu2_2
data/lib/smart_app_launch/smart_stu2_suite.rb CHANGED
@@ -50,7 +50,7 @@ module SMARTAppLaunch
50
50
  * OAuth Redirect URI: `#{config.options[:redirect_uri]}`
51
51
 
52
52
  If using asymmetric client authentication, register Inferno with the
53
- following JWK Set URL:
53
+ following JWK Set URL or provide a custom JWK Set:
54
54
 
55
55
  * `#{Inferno::Application[:base_url]}/custom/smart_stu2/.well-known/jwks.json`
56
56
  DESCRIPTION
@@ -83,23 +83,29 @@ module SMARTAppLaunch
83
83
  * OAuth Redirect URI: `#{config.options[:redirect_uri]}`
84
84
 
85
85
  If using asymmetric client authentication, register Inferno with the
86
- following JWK Set URL:
86
+ following JWK Set URL or provide a custom JWK Set:
87
87
 
88
88
  * `#{Inferno::Application[:base_url]}/custom/smart_stu2/.well-known/jwks.json`
89
89
  INSTRUCTIONS
90
90
 
91
91
  run_as_group
92
92
 
93
- group from: :smart_discovery_stu2
93
+ group from: :smart_discovery_stu2,
94
+ config: {
95
+ inputs: {
96
+ smart_auth_info: { name: :standalone_smart_auth_info }
97
+ },
98
+ outputs: {
99
+ smart_auth_info: { name: :standalone_smart_auth_info }
100
+ }
101
+ }
94
102
  group from: :smart_standalone_launch_stu2
95
103
 
96
104
  group from: :smart_openid_connect,
97
105
  config: {
98
106
  inputs: {
99
107
  id_token: { name: :standalone_id_token },
100
- client_id: { name: :standalone_client_id },
101
- requested_scopes: { name: :standalone_requested_scopes },
102
- access_token: { name: :standalone_access_token },
108
+ smart_auth_info: { name: :standalone_smart_auth_info },
103
109
  smart_credentials: { name: :standalone_smart_credentials }
104
110
  }
105
111
  }
@@ -109,9 +115,7 @@ module SMARTAppLaunch
109
115
  title: 'SMART Token Refresh Without Scopes',
110
116
  config: {
111
117
  inputs: {
112
- refresh_token: { name: :standalone_refresh_token },
113
- client_id: { name: :standalone_client_id },
114
- client_secret: { name: :standalone_client_secret },
118
+ smart_auth_info: { name: :standalone_smart_auth_info },
115
119
  received_scopes: { name: :standalone_received_scopes }
116
120
  },
117
121
  outputs: {
@@ -120,7 +124,8 @@ module SMARTAppLaunch
120
124
  access_token: { name: :standalone_access_token },
121
125
  token_retrieval_time: { name: :standalone_token_retrieval_time },
122
126
  expires_in: { name: :standalone_expires_in },
123
- smart_credentials: { name: :standalone_smart_credentials }
127
+ smart_credentials: { name: :standalone_smart_credentials },
128
+ smart_auth_info: { name: :standalone_smart_auth_info }
124
129
  }
125
130
  }
126
131
 
@@ -130,9 +135,7 @@ module SMARTAppLaunch
130
135
  config: {
131
136
  options: { include_scopes: true },
132
137
  inputs: {
133
- refresh_token: { name: :standalone_refresh_token },
134
- client_id: { name: :standalone_client_id },
135
- client_secret: { name: :standalone_client_secret },
138
+ smart_auth_info: { name: :standalone_smart_auth_info },
136
139
  received_scopes: { name: :standalone_received_scopes }
137
140
  },
138
141
  outputs: {
@@ -141,7 +144,8 @@ module SMARTAppLaunch
141
144
  access_token: { name: :standalone_access_token },
142
145
  token_retrieval_time: { name: :standalone_token_retrieval_time },
143
146
  expires_in: { name: :standalone_expires_in },
144
- smart_credentials: { name: :standalone_smart_credentials }
147
+ smart_credentials: { name: :standalone_smart_credentials },
148
+ smart_auth_info: { name: :standalone_smart_auth_info }
145
149
  }
146
150
  }
147
151
  end
@@ -158,14 +162,22 @@ module SMARTAppLaunch
158
162
  * OAuth Redirect URI: `#{config.options[:redirect_uri]}`
159
163
 
160
164
  If using asymmetric client authentication, register Inferno with the
161
- following JWK Set URL:
165
+ following JWK Set URL or provide a custom JWK Set:
162
166
 
163
167
  * `#{Inferno::Application[:base_url]}/custom/smart_stu2/.well-known/jwks.json`
164
168
  INSTRUCTIONS
165
169
 
166
170
  run_as_group
167
171
 
168
- group from: :smart_discovery_stu2
172
+ group from: :smart_discovery_stu2,
173
+ config: {
174
+ inputs: {
175
+ smart_auth_info: { name: :ehr_smart_auth_info }
176
+ },
177
+ outputs: {
178
+ smart_auth_info: { name: :ehr_smart_auth_info }
179
+ }
180
+ }
169
181
 
170
182
  group from: :smart_ehr_launch_stu2
171
183
 
@@ -173,9 +185,7 @@ module SMARTAppLaunch
173
185
  config: {
174
186
  inputs: {
175
187
  id_token: { name: :ehr_id_token },
176
- client_id: { name: :ehr_client_id },
177
- requested_scopes: { name: :ehr_requested_scopes },
178
- access_token: { name: :ehr_access_token },
188
+ smart_auth_info: { name: :ehr_smart_auth_info },
179
189
  smart_credentials: { name: :ehr_smart_credentials }
180
190
  }
181
191
  }
@@ -185,9 +195,7 @@ module SMARTAppLaunch
185
195
  title: 'SMART Token Refresh Without Scopes',
186
196
  config: {
187
197
  inputs: {
188
- refresh_token: { name: :ehr_refresh_token },
189
- client_id: { name: :ehr_client_id },
190
- client_secret: { name: :ehr_client_secret },
198
+ smart_auth_info: { name: :ehr_smart_auth_info },
191
199
  received_scopes: { name: :ehr_received_scopes }
192
200
  },
193
201
  outputs: {
@@ -196,7 +204,8 @@ module SMARTAppLaunch
196
204
  access_token: { name: :ehr_access_token },
197
205
  token_retrieval_time: { name: :ehr_token_retrieval_time },
198
206
  expires_in: { name: :ehr_expires_in },
199
- smart_credentials: { name: :ehr_smart_credentials }
207
+ smart_credentials: { name: :ehr_smart_credentials },
208
+ smart_auth_info: { name: :ehr_smart_auth_info }
200
209
  }
201
210
  }
202
211
 
@@ -206,9 +215,7 @@ module SMARTAppLaunch
206
215
  config: {
207
216
  options: { include_scopes: true },
208
217
  inputs: {
209
- refresh_token: { name: :ehr_refresh_token },
210
- client_id: { name: :ehr_client_id },
211
- client_secret: { name: :ehr_client_secret },
218
+ smart_auth_info: { name: :ehr_smart_auth_info },
212
219
  received_scopes: { name: :ehr_received_scopes }
213
220
  },
214
221
  outputs: {
@@ -217,7 +224,8 @@ module SMARTAppLaunch
217
224
  access_token: { name: :ehr_access_token },
218
225
  token_retrieval_time: { name: :ehr_token_retrieval_time },
219
226
  expires_in: { name: :ehr_expires_in },
220
- smart_credentials: { name: :ehr_smart_credentials }
227
+ smart_credentials: { name: :ehr_smart_credentials },
228
+ smart_auth_info: { name: :ehr_smart_auth_info }
221
229
  }
222
230
  }
223
231
  end
@@ -228,18 +236,35 @@ module SMARTAppLaunch
228
236
 
229
237
  input_instructions <<~INSTRUCTIONS
230
238
  Please register the Inferno client with the authorization services with the
231
- following JWK Set URL:
239
+ following JWK Set URL or provide a custom JWK Set:
232
240
 
233
241
  * `#{Inferno::Application[:base_url]}/custom/smart_stu2/.well-known/jwks.json`
234
242
  INSTRUCTIONS
235
243
 
236
244
  run_as_group
237
245
 
238
- group from: :smart_discovery_stu2
239
- group from: :backend_services_authorization
246
+ group from: :smart_discovery_stu2 do
247
+ config(
248
+ inputs: {
249
+ smart_auth_info: { name: :backend_services_smart_auth_info }
250
+ },
251
+ outputs: {
252
+ smart_auth_info: { name: :backend_services_smart_auth_info }
253
+ }
254
+ )
255
+ end
256
+
257
+ group from: :backend_services_authorization,
258
+ config: {
259
+ inputs: {
260
+ smart_auth_info: { name: :backend_services_smart_auth_info }
261
+ },
262
+ outputs: {
263
+ smart_auth_info: { name: :backend_services_smart_auth_info }
264
+ }
265
+ }
240
266
  end
241
267
 
242
268
  group from: :smart_token_introspection
243
-
244
269
  end
245
270
  end
data/lib/smart_app_launch/smart_tls_test.rb ADDED
@@ -0,0 +1,14 @@
1
+ require 'tls_test_kit'
2
+
3
+ module SMARTAppLaunch
4
+ class SMARTTLSTest < TLSTestKit::TLSVersionTest
5
+ id :smart_tls
6
+ input :smart_auth_info, type: :auth_info, options: { mode: 'auth' }
7
+
8
+ def url
9
+ return super if config.options[:smart_endpoint_key].blank?
10
+
11
+ smart_auth_info.send(config.options[:smart_endpoint_key])
12
+ end
13
+ end
14
+ end