smart_app_launch_test_kit 0.5.1 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/config/presets/inferno_reference_server_preset.json +15 -86
- data/config/presets/inferno_reference_server_stu2_2_preset.json +20 -69
- data/config/presets/inferno_reference_server_stu2_preset.json +20 -69
- data/lib/smart_app_launch/app_redirect_test.rb +12 -44
- data/lib/smart_app_launch/app_redirect_test_stu2.rb +2 -17
- data/lib/smart_app_launch/backend_services_authorization_group.rb +33 -57
- data/lib/smart_app_launch/backend_services_authorization_request_builder.rb +22 -9
- data/lib/smart_app_launch/backend_services_authorization_request_success_test.rb +26 -21
- data/lib/smart_app_launch/backend_services_authorization_response_body_test.rb +19 -5
- data/lib/smart_app_launch/backend_services_invalid_client_assertion_test.rb +30 -25
- data/lib/smart_app_launch/backend_services_invalid_grant_type_test.rb +30 -24
- data/lib/smart_app_launch/backend_services_invalid_jwt_test.rb +31 -26
- data/lib/smart_app_launch/client_assertion_builder.rb +27 -12
- data/lib/smart_app_launch/cors_openid_fhir_user_claim_test.rb +2 -2
- data/lib/smart_app_launch/cors_token_exchange_test.rb +2 -2
- data/lib/smart_app_launch/discovery_stu1_group.rb +6 -2
- data/lib/smart_app_launch/ehr_launch_group.rb +41 -24
- data/lib/smart_app_launch/ehr_launch_group_stu2.rb +26 -10
- data/lib/smart_app_launch/ehr_launch_group_stu2_2.rb +0 -16
- data/lib/smart_app_launch/openid_fhir_user_claim_test.rb +5 -4
- data/lib/smart_app_launch/openid_token_payload_test.rb +6 -8
- data/lib/smart_app_launch/smart_stu1_suite.rb +32 -24
- data/lib/smart_app_launch/smart_stu2_2_suite.rb +56 -30
- data/lib/smart_app_launch/smart_stu2_suite.rb +56 -31
- data/lib/smart_app_launch/smart_tls_test.rb +14 -0
- data/lib/smart_app_launch/standalone_launch_group.rb +42 -25
- data/lib/smart_app_launch/standalone_launch_group_stu2.rb +26 -10
- data/lib/smart_app_launch/standalone_launch_group_stu2_2.rb +0 -16
- data/lib/smart_app_launch/token_exchange_stu2_2_test.rb +5 -17
- data/lib/smart_app_launch/token_exchange_stu2_test.rb +8 -67
- data/lib/smart_app_launch/token_exchange_test.rb +18 -38
- data/lib/smart_app_launch/token_introspection_access_token_group.rb +12 -4
- data/lib/smart_app_launch/token_introspection_access_token_group_stu2_2.rb +9 -1
- data/lib/smart_app_launch/token_introspection_group.rb +2 -4
- data/lib/smart_app_launch/token_introspection_request_group.rb +2 -4
- data/lib/smart_app_launch/token_introspection_response_group.rb +64 -49
- data/lib/smart_app_launch/token_refresh_body_test.rb +9 -2
- data/lib/smart_app_launch/token_refresh_stu2_test.rb +10 -17
- data/lib/smart_app_launch/token_refresh_test.rb +19 -20
- data/lib/smart_app_launch/token_response_body_test.rb +14 -4
- data/lib/smart_app_launch/token_response_body_test_stu2_2.rb +3 -2
- data/lib/smart_app_launch/version.rb +2 -2
- data/lib/smart_app_launch/well_known_endpoint_test.rb +11 -1
- metadata +5 -4
@@ -8,18 +8,19 @@ module SMARTAppLaunch
|
|
8
8
|
the url for a Patient, Practitioner, RelatedPerson, or Person resource
|
9
9
|
)
|
10
10
|
|
11
|
-
input :id_token_payload_json, :
|
12
|
-
input :
|
11
|
+
input :id_token_payload_json, :url
|
12
|
+
input :smart_auth_info, type: :auth_info
|
13
|
+
|
13
14
|
output :id_token_fhir_user
|
14
15
|
|
15
16
|
fhir_client do
|
16
17
|
url :url
|
17
|
-
|
18
|
+
auth_info :smart_auth_info
|
18
19
|
end
|
19
20
|
|
20
21
|
run do
|
21
22
|
skip_if id_token_payload_json.blank?
|
22
|
-
skip_if !requested_scopes&.include?('fhirUser'), '`fhirUser` scope not requested'
|
23
|
+
skip_if !smart_auth_info.requested_scopes&.include?('fhirUser'), '`fhirUser` scope not requested'
|
23
24
|
|
24
25
|
assert_valid_json(id_token_payload_json)
|
25
26
|
payload = JSON.parse(id_token_payload_json)
|
@@ -22,16 +22,14 @@ module SMARTAppLaunch
|
|
22
22
|
REQUIRED_CLAIMS.dup
|
23
23
|
end
|
24
24
|
|
25
|
-
input :id_token,
|
26
|
-
|
27
|
-
:id_token_jwk_json,
|
28
|
-
:client_id
|
25
|
+
input :id_token, :openid_configuration_json, :id_token_jwk_json
|
26
|
+
input :smart_auth_info, type: :auth_info, options: { mode: 'auth' }
|
29
27
|
|
30
28
|
run do
|
31
29
|
skip_if id_token.blank?, 'No ID Token'
|
32
30
|
skip_if openid_configuration_json.blank?, 'No OpenID Configuration found'
|
33
31
|
skip_if id_token_jwk_json.blank?, 'No ID Token jwk found'
|
34
|
-
skip_if client_id.blank?, 'No Client ID'
|
32
|
+
skip_if smart_auth_info.client_id.blank?, 'No Client ID'
|
35
33
|
|
36
34
|
begin
|
37
35
|
configuration = JSON.parse(openid_configuration_json)
|
@@ -44,7 +42,7 @@ module SMARTAppLaunch
|
|
44
42
|
algorithms: ['RS256'],
|
45
43
|
exp_leeway: 60,
|
46
44
|
iss: configuration['issuer'],
|
47
|
-
aud: client_id,
|
45
|
+
aud: smart_auth_info.client_id,
|
48
46
|
verify_not_before: false,
|
49
47
|
verify_iat: false,
|
50
48
|
verify_jti: false,
|
@@ -57,8 +55,8 @@ module SMARTAppLaunch
|
|
57
55
|
end
|
58
56
|
|
59
57
|
sub_value = payload['sub']
|
60
|
-
assert !sub_value.blank?,
|
61
|
-
assert sub_value.length < 256,
|
58
|
+
assert !sub_value.blank?, 'ID token `sub` claim is blank'
|
59
|
+
assert sub_value.length < 256, 'ID token `sub` claim exceeds 255 characters in length'
|
62
60
|
|
63
61
|
missing_claims = required_claims - payload.keys
|
64
62
|
missing_claims_string = missing_claims.map { |claim| "`#{claim}`" }.join(', ')
|
@@ -58,16 +58,22 @@ module SMARTAppLaunch
|
|
58
58
|
|
59
59
|
run_as_group
|
60
60
|
|
61
|
-
group from: :smart_discovery
|
61
|
+
group from: :smart_discovery,
|
62
|
+
config: {
|
63
|
+
inputs: {
|
64
|
+
smart_auth_info: { name: :standalone_smart_auth_info }
|
65
|
+
},
|
66
|
+
outputs: {
|
67
|
+
smart_auth_info: { name: :standalone_smart_auth_info }
|
68
|
+
}
|
69
|
+
}
|
62
70
|
group from: :smart_standalone_launch
|
63
71
|
|
64
72
|
group from: :smart_openid_connect,
|
65
73
|
config: {
|
66
74
|
inputs: {
|
67
75
|
id_token: { name: :standalone_id_token },
|
68
|
-
|
69
|
-
requested_scopes: { name: :standalone_requested_scopes },
|
70
|
-
access_token: { name: :standalone_access_token },
|
76
|
+
smart_auth_info: { name: :standalone_smart_auth_info },
|
71
77
|
smart_credentials: { name: :standalone_smart_credentials }
|
72
78
|
}
|
73
79
|
}
|
@@ -77,9 +83,7 @@ module SMARTAppLaunch
|
|
77
83
|
title: 'SMART Token Refresh Without Scopes',
|
78
84
|
config: {
|
79
85
|
inputs: {
|
80
|
-
|
81
|
-
client_id: { name: :standalone_client_id },
|
82
|
-
client_secret: { name: :standalone_client_secret },
|
86
|
+
smart_auth_info: { name: :standalone_smart_auth_info },
|
83
87
|
received_scopes: { name: :standalone_received_scopes }
|
84
88
|
},
|
85
89
|
outputs: {
|
@@ -88,7 +92,8 @@ module SMARTAppLaunch
|
|
88
92
|
access_token: { name: :standalone_access_token },
|
89
93
|
token_retrieval_time: { name: :standalone_token_retrieval_time },
|
90
94
|
expires_in: { name: :standalone_expires_in },
|
91
|
-
smart_credentials: { name: :standalone_smart_credentials }
|
95
|
+
smart_credentials: { name: :standalone_smart_credentials },
|
96
|
+
smart_auth_info: { name: :standalone_smart_auth_info }
|
92
97
|
}
|
93
98
|
}
|
94
99
|
|
@@ -98,9 +103,7 @@ module SMARTAppLaunch
|
|
98
103
|
config: {
|
99
104
|
options: { include_scopes: true },
|
100
105
|
inputs: {
|
101
|
-
|
102
|
-
client_id: { name: :standalone_client_id },
|
103
|
-
client_secret: { name: :standalone_client_secret },
|
106
|
+
smart_auth_info: { name: :standalone_smart_auth_info },
|
104
107
|
received_scopes: { name: :standalone_received_scopes }
|
105
108
|
},
|
106
109
|
outputs: {
|
@@ -109,7 +112,8 @@ module SMARTAppLaunch
|
|
109
112
|
access_token: { name: :standalone_access_token },
|
110
113
|
token_retrieval_time: { name: :standalone_token_retrieval_time },
|
111
114
|
expires_in: { name: :standalone_expires_in },
|
112
|
-
smart_credentials: { name: :standalone_smart_credentials }
|
115
|
+
smart_credentials: { name: :standalone_smart_credentials },
|
116
|
+
smart_auth_info: { name: :standalone_smart_auth_info }
|
113
117
|
}
|
114
118
|
}
|
115
119
|
end
|
@@ -128,7 +132,15 @@ module SMARTAppLaunch
|
|
128
132
|
|
129
133
|
run_as_group
|
130
134
|
|
131
|
-
group from: :smart_discovery
|
135
|
+
group from: :smart_discovery,
|
136
|
+
config: {
|
137
|
+
inputs: {
|
138
|
+
smart_auth_info: { name: :ehr_smart_auth_info }
|
139
|
+
},
|
140
|
+
outputs: {
|
141
|
+
smart_auth_info: { name: :ehr_smart_auth_info }
|
142
|
+
}
|
143
|
+
}
|
132
144
|
|
133
145
|
group from: :smart_ehr_launch
|
134
146
|
|
@@ -136,9 +148,7 @@ module SMARTAppLaunch
|
|
136
148
|
config: {
|
137
149
|
inputs: {
|
138
150
|
id_token: { name: :ehr_id_token },
|
139
|
-
|
140
|
-
requested_scopes: { name: :ehr_requested_scopes },
|
141
|
-
access_token: { name: :ehr_access_token },
|
151
|
+
smart_auth_info: { name: :ehr_smart_auth_info },
|
142
152
|
smart_credentials: { name: :ehr_smart_credentials }
|
143
153
|
}
|
144
154
|
}
|
@@ -148,9 +158,7 @@ module SMARTAppLaunch
|
|
148
158
|
title: 'SMART Token Refresh Without Scopes',
|
149
159
|
config: {
|
150
160
|
inputs: {
|
151
|
-
|
152
|
-
client_id: { name: :ehr_client_id },
|
153
|
-
client_secret: { name: :ehr_client_secret },
|
161
|
+
smart_auth_info: { name: :ehr_smart_auth_info },
|
154
162
|
received_scopes: { name: :ehr_received_scopes }
|
155
163
|
},
|
156
164
|
outputs: {
|
@@ -159,7 +167,8 @@ module SMARTAppLaunch
|
|
159
167
|
access_token: { name: :ehr_access_token },
|
160
168
|
token_retrieval_time: { name: :ehr_token_retrieval_time },
|
161
169
|
expires_in: { name: :ehr_expires_in },
|
162
|
-
smart_credentials: { name: :ehr_smart_credentials }
|
170
|
+
smart_credentials: { name: :ehr_smart_credentials },
|
171
|
+
smart_auth_info: { name: :ehr_smart_auth_info }
|
163
172
|
}
|
164
173
|
}
|
165
174
|
|
@@ -169,9 +178,7 @@ module SMARTAppLaunch
|
|
169
178
|
config: {
|
170
179
|
options: { include_scopes: true },
|
171
180
|
inputs: {
|
172
|
-
|
173
|
-
client_id: { name: :ehr_client_id },
|
174
|
-
client_secret: { name: :ehr_client_secret },
|
181
|
+
smart_auth_info: { name: :ehr_smart_auth_info },
|
175
182
|
received_scopes: { name: :ehr_received_scopes }
|
176
183
|
},
|
177
184
|
outputs: {
|
@@ -180,7 +187,8 @@ module SMARTAppLaunch
|
|
180
187
|
access_token: { name: :ehr_access_token },
|
181
188
|
token_retrieval_time: { name: :ehr_token_retrieval_time },
|
182
189
|
expires_in: { name: :ehr_expires_in },
|
183
|
-
smart_credentials: { name: :ehr_smart_credentials }
|
190
|
+
smart_credentials: { name: :ehr_smart_credentials },
|
191
|
+
smart_auth_info: { name: :ehr_smart_auth_info }
|
184
192
|
}
|
185
193
|
}
|
186
194
|
end
|
@@ -49,7 +49,7 @@ module SMARTAppLaunch
|
|
49
49
|
* OAuth Redirect URI: `#{config.options[:redirect_uri]}`
|
50
50
|
|
51
51
|
If using asymmetric client authentication, register Inferno with the
|
52
|
-
following JWK Set URL:
|
52
|
+
following JWK Set URL or provide a custom JWK Set:
|
53
53
|
|
54
54
|
* `#{Inferno::Application[:base_url]}/custom/smart_stu2_2/.well-known/jwks.json`
|
55
55
|
|
@@ -85,23 +85,29 @@ module SMARTAppLaunch
|
|
85
85
|
* OAuth Redirect URI: `#{config.options[:redirect_uri]}`
|
86
86
|
|
87
87
|
If using asymmetric client authentication, register Inferno with the
|
88
|
-
following JWK Set URL:
|
88
|
+
following JWK Set URL or provide a custom JWK Set:
|
89
89
|
|
90
90
|
* `#{Inferno::Application[:base_url]}/custom/smart_stu2_2/.well-known/jwks.json`
|
91
91
|
INSTRUCTIONS
|
92
92
|
|
93
93
|
run_as_group
|
94
94
|
|
95
|
-
group from: :smart_discovery_stu2_2
|
95
|
+
group from: :smart_discovery_stu2_2,
|
96
|
+
config: {
|
97
|
+
inputs: {
|
98
|
+
smart_auth_info: { name: :standalone_smart_auth_info }
|
99
|
+
},
|
100
|
+
outputs: {
|
101
|
+
smart_auth_info: { name: :standalone_smart_auth_info }
|
102
|
+
}
|
103
|
+
}
|
96
104
|
group from: :smart_standalone_launch_stu2_2
|
97
105
|
|
98
106
|
group from: :smart_openid_connect_stu2_2,
|
99
107
|
config: {
|
100
108
|
inputs: {
|
101
109
|
id_token: { name: :standalone_id_token },
|
102
|
-
|
103
|
-
requested_scopes: { name: :standalone_requested_scopes },
|
104
|
-
access_token: { name: :standalone_access_token },
|
110
|
+
smart_auth_info: { name: :standalone_smart_auth_info },
|
105
111
|
smart_credentials: { name: :standalone_smart_credentials }
|
106
112
|
}
|
107
113
|
}
|
@@ -111,9 +117,7 @@ module SMARTAppLaunch
|
|
111
117
|
title: 'SMART Token Refresh Without Scopes',
|
112
118
|
config: {
|
113
119
|
inputs: {
|
114
|
-
|
115
|
-
client_id: { name: :standalone_client_id },
|
116
|
-
client_secret: { name: :standalone_client_secret },
|
120
|
+
smart_auth_info: { name: :standalone_smart_auth_info },
|
117
121
|
received_scopes: { name: :standalone_received_scopes }
|
118
122
|
},
|
119
123
|
outputs: {
|
@@ -122,7 +126,8 @@ module SMARTAppLaunch
|
|
122
126
|
access_token: { name: :standalone_access_token },
|
123
127
|
token_retrieval_time: { name: :standalone_token_retrieval_time },
|
124
128
|
expires_in: { name: :standalone_expires_in },
|
125
|
-
smart_credentials: { name: :standalone_smart_credentials }
|
129
|
+
smart_credentials: { name: :standalone_smart_credentials },
|
130
|
+
smart_auth_info: { name: :standalone_smart_auth_info }
|
126
131
|
}
|
127
132
|
}
|
128
133
|
|
@@ -132,9 +137,7 @@ module SMARTAppLaunch
|
|
132
137
|
config: {
|
133
138
|
options: { include_scopes: true },
|
134
139
|
inputs: {
|
135
|
-
|
136
|
-
client_id: { name: :standalone_client_id },
|
137
|
-
client_secret: { name: :standalone_client_secret },
|
140
|
+
smart_auth_info: { name: :standalone_smart_auth_info },
|
138
141
|
received_scopes: { name: :standalone_received_scopes }
|
139
142
|
},
|
140
143
|
outputs: {
|
@@ -143,7 +146,8 @@ module SMARTAppLaunch
|
|
143
146
|
access_token: { name: :standalone_access_token },
|
144
147
|
token_retrieval_time: { name: :standalone_token_retrieval_time },
|
145
148
|
expires_in: { name: :standalone_expires_in },
|
146
|
-
smart_credentials: { name: :standalone_smart_credentials }
|
149
|
+
smart_credentials: { name: :standalone_smart_credentials },
|
150
|
+
smart_auth_info: { name: :standalone_smart_auth_info }
|
147
151
|
}
|
148
152
|
}
|
149
153
|
end
|
@@ -160,14 +164,22 @@ module SMARTAppLaunch
|
|
160
164
|
* OAuth Redirect URI: `#{config.options[:redirect_uri]}`
|
161
165
|
|
162
166
|
If using asymmetric client authentication, register Inferno with the
|
163
|
-
following JWK Set URL:
|
167
|
+
following JWK Set URL or provide a custom JWK Set:
|
164
168
|
|
165
169
|
* `#{Inferno::Application[:base_url]}/custom/smart_stu2_2/.well-known/jwks.json`
|
166
170
|
INSTRUCTIONS
|
167
171
|
|
168
172
|
run_as_group
|
169
173
|
|
170
|
-
group from: :smart_discovery_stu2_2
|
174
|
+
group from: :smart_discovery_stu2_2,
|
175
|
+
config: {
|
176
|
+
inputs: {
|
177
|
+
smart_auth_info: { name: :ehr_smart_auth_info }
|
178
|
+
},
|
179
|
+
outputs: {
|
180
|
+
smart_auth_info: { name: :ehr_smart_auth_info }
|
181
|
+
}
|
182
|
+
}
|
171
183
|
|
172
184
|
group from: :smart_ehr_launch_stu2_2
|
173
185
|
|
@@ -175,9 +187,7 @@ module SMARTAppLaunch
|
|
175
187
|
config: {
|
176
188
|
inputs: {
|
177
189
|
id_token: { name: :ehr_id_token },
|
178
|
-
|
179
|
-
requested_scopes: { name: :ehr_requested_scopes },
|
180
|
-
access_token: { name: :ehr_access_token },
|
190
|
+
smart_auth_info: { name: :ehr_smart_auth_info },
|
181
191
|
smart_credentials: { name: :ehr_smart_credentials }
|
182
192
|
}
|
183
193
|
}
|
@@ -187,9 +197,7 @@ module SMARTAppLaunch
|
|
187
197
|
title: 'SMART Token Refresh Without Scopes',
|
188
198
|
config: {
|
189
199
|
inputs: {
|
190
|
-
|
191
|
-
client_id: { name: :ehr_client_id },
|
192
|
-
client_secret: { name: :ehr_client_secret },
|
200
|
+
smart_auth_info: { name: :ehr_smart_auth_info },
|
193
201
|
received_scopes: { name: :ehr_received_scopes }
|
194
202
|
},
|
195
203
|
outputs: {
|
@@ -198,7 +206,8 @@ module SMARTAppLaunch
|
|
198
206
|
access_token: { name: :ehr_access_token },
|
199
207
|
token_retrieval_time: { name: :ehr_token_retrieval_time },
|
200
208
|
expires_in: { name: :ehr_expires_in },
|
201
|
-
smart_credentials: { name: :ehr_smart_credentials }
|
209
|
+
smart_credentials: { name: :ehr_smart_credentials },
|
210
|
+
smart_auth_info: { name: :ehr_smart_auth_info }
|
202
211
|
}
|
203
212
|
}
|
204
213
|
|
@@ -208,9 +217,7 @@ module SMARTAppLaunch
|
|
208
217
|
config: {
|
209
218
|
options: { include_scopes: true },
|
210
219
|
inputs: {
|
211
|
-
|
212
|
-
client_id: { name: :ehr_client_id },
|
213
|
-
client_secret: { name: :ehr_client_secret },
|
220
|
+
smart_auth_info: { name: :ehr_smart_auth_info },
|
214
221
|
received_scopes: { name: :ehr_received_scopes }
|
215
222
|
},
|
216
223
|
outputs: {
|
@@ -219,7 +226,8 @@ module SMARTAppLaunch
|
|
219
226
|
access_token: { name: :ehr_access_token },
|
220
227
|
token_retrieval_time: { name: :ehr_token_retrieval_time },
|
221
228
|
expires_in: { name: :ehr_expires_in },
|
222
|
-
smart_credentials: { name: :ehr_smart_credentials }
|
229
|
+
smart_credentials: { name: :ehr_smart_credentials },
|
230
|
+
smart_auth_info: { name: :ehr_smart_auth_info }
|
223
231
|
}
|
224
232
|
}
|
225
233
|
end
|
@@ -230,15 +238,33 @@ module SMARTAppLaunch
|
|
230
238
|
|
231
239
|
input_instructions <<~INSTRUCTIONS
|
232
240
|
Please register the Inferno client with the authorization services with the
|
233
|
-
following JWK Set URL:
|
241
|
+
following JWK Set URL or provide a custom JWK Set:
|
234
242
|
|
235
243
|
* `#{Inferno::Application[:base_url]}/custom/smart_stu2_2/.well-known/jwks.json`
|
236
244
|
INSTRUCTIONS
|
237
245
|
|
238
246
|
run_as_group
|
239
247
|
|
240
|
-
group from: :smart_discovery_stu2_2
|
241
|
-
|
248
|
+
group from: :smart_discovery_stu2_2 do
|
249
|
+
config(
|
250
|
+
inputs: {
|
251
|
+
smart_auth_info: { name: :backend_services_smart_auth_info }
|
252
|
+
},
|
253
|
+
outputs: {
|
254
|
+
smart_auth_info: { name: :backend_services_smart_auth_info }
|
255
|
+
}
|
256
|
+
)
|
257
|
+
end
|
258
|
+
|
259
|
+
group from: :backend_services_authorization,
|
260
|
+
config: {
|
261
|
+
inputs: {
|
262
|
+
smart_auth_info: { name: :backend_services_smart_auth_info }
|
263
|
+
},
|
264
|
+
outputs: {
|
265
|
+
smart_auth_info: { name: :backend_services_smart_auth_info }
|
266
|
+
}
|
267
|
+
}
|
242
268
|
end
|
243
269
|
|
244
270
|
group from: :smart_token_introspection_stu2_2
|
@@ -50,7 +50,7 @@ module SMARTAppLaunch
|
|
50
50
|
* OAuth Redirect URI: `#{config.options[:redirect_uri]}`
|
51
51
|
|
52
52
|
If using asymmetric client authentication, register Inferno with the
|
53
|
-
following JWK Set URL:
|
53
|
+
following JWK Set URL or provide a custom JWK Set:
|
54
54
|
|
55
55
|
* `#{Inferno::Application[:base_url]}/custom/smart_stu2/.well-known/jwks.json`
|
56
56
|
DESCRIPTION
|
@@ -83,23 +83,29 @@ module SMARTAppLaunch
|
|
83
83
|
* OAuth Redirect URI: `#{config.options[:redirect_uri]}`
|
84
84
|
|
85
85
|
If using asymmetric client authentication, register Inferno with the
|
86
|
-
following JWK Set URL:
|
86
|
+
following JWK Set URL or provide a custom JWK Set:
|
87
87
|
|
88
88
|
* `#{Inferno::Application[:base_url]}/custom/smart_stu2/.well-known/jwks.json`
|
89
89
|
INSTRUCTIONS
|
90
90
|
|
91
91
|
run_as_group
|
92
92
|
|
93
|
-
group from: :smart_discovery_stu2
|
93
|
+
group from: :smart_discovery_stu2,
|
94
|
+
config: {
|
95
|
+
inputs: {
|
96
|
+
smart_auth_info: { name: :standalone_smart_auth_info }
|
97
|
+
},
|
98
|
+
outputs: {
|
99
|
+
smart_auth_info: { name: :standalone_smart_auth_info }
|
100
|
+
}
|
101
|
+
}
|
94
102
|
group from: :smart_standalone_launch_stu2
|
95
103
|
|
96
104
|
group from: :smart_openid_connect,
|
97
105
|
config: {
|
98
106
|
inputs: {
|
99
107
|
id_token: { name: :standalone_id_token },
|
100
|
-
|
101
|
-
requested_scopes: { name: :standalone_requested_scopes },
|
102
|
-
access_token: { name: :standalone_access_token },
|
108
|
+
smart_auth_info: { name: :standalone_smart_auth_info },
|
103
109
|
smart_credentials: { name: :standalone_smart_credentials }
|
104
110
|
}
|
105
111
|
}
|
@@ -109,9 +115,7 @@ module SMARTAppLaunch
|
|
109
115
|
title: 'SMART Token Refresh Without Scopes',
|
110
116
|
config: {
|
111
117
|
inputs: {
|
112
|
-
|
113
|
-
client_id: { name: :standalone_client_id },
|
114
|
-
client_secret: { name: :standalone_client_secret },
|
118
|
+
smart_auth_info: { name: :standalone_smart_auth_info },
|
115
119
|
received_scopes: { name: :standalone_received_scopes }
|
116
120
|
},
|
117
121
|
outputs: {
|
@@ -120,7 +124,8 @@ module SMARTAppLaunch
|
|
120
124
|
access_token: { name: :standalone_access_token },
|
121
125
|
token_retrieval_time: { name: :standalone_token_retrieval_time },
|
122
126
|
expires_in: { name: :standalone_expires_in },
|
123
|
-
smart_credentials: { name: :standalone_smart_credentials }
|
127
|
+
smart_credentials: { name: :standalone_smart_credentials },
|
128
|
+
smart_auth_info: { name: :standalone_smart_auth_info }
|
124
129
|
}
|
125
130
|
}
|
126
131
|
|
@@ -130,9 +135,7 @@ module SMARTAppLaunch
|
|
130
135
|
config: {
|
131
136
|
options: { include_scopes: true },
|
132
137
|
inputs: {
|
133
|
-
|
134
|
-
client_id: { name: :standalone_client_id },
|
135
|
-
client_secret: { name: :standalone_client_secret },
|
138
|
+
smart_auth_info: { name: :standalone_smart_auth_info },
|
136
139
|
received_scopes: { name: :standalone_received_scopes }
|
137
140
|
},
|
138
141
|
outputs: {
|
@@ -141,7 +144,8 @@ module SMARTAppLaunch
|
|
141
144
|
access_token: { name: :standalone_access_token },
|
142
145
|
token_retrieval_time: { name: :standalone_token_retrieval_time },
|
143
146
|
expires_in: { name: :standalone_expires_in },
|
144
|
-
smart_credentials: { name: :standalone_smart_credentials }
|
147
|
+
smart_credentials: { name: :standalone_smart_credentials },
|
148
|
+
smart_auth_info: { name: :standalone_smart_auth_info }
|
145
149
|
}
|
146
150
|
}
|
147
151
|
end
|
@@ -158,14 +162,22 @@ module SMARTAppLaunch
|
|
158
162
|
* OAuth Redirect URI: `#{config.options[:redirect_uri]}`
|
159
163
|
|
160
164
|
If using asymmetric client authentication, register Inferno with the
|
161
|
-
following JWK Set URL:
|
165
|
+
following JWK Set URL or provide a custom JWK Set:
|
162
166
|
|
163
167
|
* `#{Inferno::Application[:base_url]}/custom/smart_stu2/.well-known/jwks.json`
|
164
168
|
INSTRUCTIONS
|
165
169
|
|
166
170
|
run_as_group
|
167
171
|
|
168
|
-
group from: :smart_discovery_stu2
|
172
|
+
group from: :smart_discovery_stu2,
|
173
|
+
config: {
|
174
|
+
inputs: {
|
175
|
+
smart_auth_info: { name: :ehr_smart_auth_info }
|
176
|
+
},
|
177
|
+
outputs: {
|
178
|
+
smart_auth_info: { name: :ehr_smart_auth_info }
|
179
|
+
}
|
180
|
+
}
|
169
181
|
|
170
182
|
group from: :smart_ehr_launch_stu2
|
171
183
|
|
@@ -173,9 +185,7 @@ module SMARTAppLaunch
|
|
173
185
|
config: {
|
174
186
|
inputs: {
|
175
187
|
id_token: { name: :ehr_id_token },
|
176
|
-
|
177
|
-
requested_scopes: { name: :ehr_requested_scopes },
|
178
|
-
access_token: { name: :ehr_access_token },
|
188
|
+
smart_auth_info: { name: :ehr_smart_auth_info },
|
179
189
|
smart_credentials: { name: :ehr_smart_credentials }
|
180
190
|
}
|
181
191
|
}
|
@@ -185,9 +195,7 @@ module SMARTAppLaunch
|
|
185
195
|
title: 'SMART Token Refresh Without Scopes',
|
186
196
|
config: {
|
187
197
|
inputs: {
|
188
|
-
|
189
|
-
client_id: { name: :ehr_client_id },
|
190
|
-
client_secret: { name: :ehr_client_secret },
|
198
|
+
smart_auth_info: { name: :ehr_smart_auth_info },
|
191
199
|
received_scopes: { name: :ehr_received_scopes }
|
192
200
|
},
|
193
201
|
outputs: {
|
@@ -196,7 +204,8 @@ module SMARTAppLaunch
|
|
196
204
|
access_token: { name: :ehr_access_token },
|
197
205
|
token_retrieval_time: { name: :ehr_token_retrieval_time },
|
198
206
|
expires_in: { name: :ehr_expires_in },
|
199
|
-
smart_credentials: { name: :ehr_smart_credentials }
|
207
|
+
smart_credentials: { name: :ehr_smart_credentials },
|
208
|
+
smart_auth_info: { name: :ehr_smart_auth_info }
|
200
209
|
}
|
201
210
|
}
|
202
211
|
|
@@ -206,9 +215,7 @@ module SMARTAppLaunch
|
|
206
215
|
config: {
|
207
216
|
options: { include_scopes: true },
|
208
217
|
inputs: {
|
209
|
-
|
210
|
-
client_id: { name: :ehr_client_id },
|
211
|
-
client_secret: { name: :ehr_client_secret },
|
218
|
+
smart_auth_info: { name: :ehr_smart_auth_info },
|
212
219
|
received_scopes: { name: :ehr_received_scopes }
|
213
220
|
},
|
214
221
|
outputs: {
|
@@ -217,7 +224,8 @@ module SMARTAppLaunch
|
|
217
224
|
access_token: { name: :ehr_access_token },
|
218
225
|
token_retrieval_time: { name: :ehr_token_retrieval_time },
|
219
226
|
expires_in: { name: :ehr_expires_in },
|
220
|
-
smart_credentials: { name: :ehr_smart_credentials }
|
227
|
+
smart_credentials: { name: :ehr_smart_credentials },
|
228
|
+
smart_auth_info: { name: :ehr_smart_auth_info }
|
221
229
|
}
|
222
230
|
}
|
223
231
|
end
|
@@ -228,18 +236,35 @@ module SMARTAppLaunch
|
|
228
236
|
|
229
237
|
input_instructions <<~INSTRUCTIONS
|
230
238
|
Please register the Inferno client with the authorization services with the
|
231
|
-
following JWK Set URL:
|
239
|
+
following JWK Set URL or provide a custom JWK Set:
|
232
240
|
|
233
241
|
* `#{Inferno::Application[:base_url]}/custom/smart_stu2/.well-known/jwks.json`
|
234
242
|
INSTRUCTIONS
|
235
243
|
|
236
244
|
run_as_group
|
237
245
|
|
238
|
-
group from: :smart_discovery_stu2
|
239
|
-
|
246
|
+
group from: :smart_discovery_stu2 do
|
247
|
+
config(
|
248
|
+
inputs: {
|
249
|
+
smart_auth_info: { name: :backend_services_smart_auth_info }
|
250
|
+
},
|
251
|
+
outputs: {
|
252
|
+
smart_auth_info: { name: :backend_services_smart_auth_info }
|
253
|
+
}
|
254
|
+
)
|
255
|
+
end
|
256
|
+
|
257
|
+
group from: :backend_services_authorization,
|
258
|
+
config: {
|
259
|
+
inputs: {
|
260
|
+
smart_auth_info: { name: :backend_services_smart_auth_info }
|
261
|
+
},
|
262
|
+
outputs: {
|
263
|
+
smart_auth_info: { name: :backend_services_smart_auth_info }
|
264
|
+
}
|
265
|
+
}
|
240
266
|
end
|
241
267
|
|
242
268
|
group from: :smart_token_introspection
|
243
|
-
|
244
269
|
end
|
245
270
|
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
require 'tls_test_kit'
|
2
|
+
|
3
|
+
module SMARTAppLaunch
|
4
|
+
class SMARTTLSTest < TLSTestKit::TLSVersionTest
|
5
|
+
id :smart_tls
|
6
|
+
input :smart_auth_info, type: :auth_info, options: { mode: 'auth' }
|
7
|
+
|
8
|
+
def url
|
9
|
+
return super if config.options[:smart_endpoint_key].blank?
|
10
|
+
|
11
|
+
smart_auth_info.send(config.options[:smart_endpoint_key])
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|