smart_app_launch_test_kit 0.5.1 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (63) hide show
  1. checksums.yaml +4 -4
  2. data/config/presets/SMART_RunClientAgainstServer.json.erb +31 -0
  3. data/config/presets/SMART_RunServerAgainstClient.json.erb +42 -0
  4. data/config/presets/inferno_reference_server_preset.json +15 -86
  5. data/config/presets/inferno_reference_server_stu2_2_preset.json +20 -69
  6. data/config/presets/inferno_reference_server_stu2_preset.json +20 -69
  7. data/lib/smart_app_launch/app_redirect_test.rb +12 -44
  8. data/lib/smart_app_launch/app_redirect_test_stu2.rb +2 -17
  9. data/lib/smart_app_launch/backend_services_authorization_group.rb +33 -59
  10. data/lib/smart_app_launch/backend_services_authorization_request_builder.rb +22 -9
  11. data/lib/smart_app_launch/backend_services_authorization_request_success_test.rb +32 -24
  12. data/lib/smart_app_launch/backend_services_authorization_response_body_test.rb +23 -5
  13. data/lib/smart_app_launch/backend_services_invalid_client_assertion_test.rb +30 -25
  14. data/lib/smart_app_launch/backend_services_invalid_grant_type_test.rb +30 -24
  15. data/lib/smart_app_launch/backend_services_invalid_jwt_test.rb +31 -26
  16. data/lib/smart_app_launch/client_assertion_builder.rb +27 -12
  17. data/lib/smart_app_launch/client_stu2_2_suite.rb +79 -0
  18. data/lib/smart_app_launch/client_suite/client_access_group.rb +26 -0
  19. data/lib/smart_app_launch/client_suite/client_access_interaction_test.rb +64 -0
  20. data/lib/smart_app_launch/client_suite/client_registration_group.rb +15 -0
  21. data/lib/smart_app_launch/client_suite/client_registration_verification_test.rb +52 -0
  22. data/lib/smart_app_launch/client_suite/client_token_request_verification_test.rb +146 -0
  23. data/lib/smart_app_launch/client_suite/client_token_use_verification_test.rb +47 -0
  24. data/lib/smart_app_launch/cors_openid_fhir_user_claim_test.rb +2 -2
  25. data/lib/smart_app_launch/cors_token_exchange_test.rb +2 -2
  26. data/lib/smart_app_launch/discovery_stu1_group.rb +6 -2
  27. data/lib/smart_app_launch/docs/demo/FHIR Request.postman_collection.json +81 -0
  28. data/lib/smart_app_launch/docs/smart_stu2_2_client_suite_description.md +121 -0
  29. data/lib/smart_app_launch/ehr_launch_group.rb +41 -24
  30. data/lib/smart_app_launch/ehr_launch_group_stu2.rb +26 -10
  31. data/lib/smart_app_launch/ehr_launch_group_stu2_2.rb +0 -16
  32. data/lib/smart_app_launch/endpoints/echoing_fhir_responder.rb +52 -0
  33. data/lib/smart_app_launch/endpoints/mock_smart_server/token.rb +27 -0
  34. data/lib/smart_app_launch/endpoints/mock_smart_server.rb +217 -0
  35. data/lib/smart_app_launch/metadata.rb +2 -2
  36. data/lib/smart_app_launch/openid_fhir_user_claim_test.rb +5 -4
  37. data/lib/smart_app_launch/openid_token_payload_test.rb +6 -8
  38. data/lib/smart_app_launch/smart_stu1_suite.rb +32 -24
  39. data/lib/smart_app_launch/smart_stu2_2_suite.rb +57 -30
  40. data/lib/smart_app_launch/smart_stu2_suite.rb +57 -31
  41. data/lib/smart_app_launch/smart_tls_test.rb +14 -0
  42. data/lib/smart_app_launch/standalone_launch_group.rb +42 -25
  43. data/lib/smart_app_launch/standalone_launch_group_stu2.rb +26 -10
  44. data/lib/smart_app_launch/standalone_launch_group_stu2_2.rb +0 -16
  45. data/lib/smart_app_launch/tags.rb +7 -0
  46. data/lib/smart_app_launch/token_exchange_stu2_2_test.rb +5 -17
  47. data/lib/smart_app_launch/token_exchange_stu2_test.rb +8 -67
  48. data/lib/smart_app_launch/token_exchange_test.rb +18 -38
  49. data/lib/smart_app_launch/token_introspection_access_token_group.rb +12 -4
  50. data/lib/smart_app_launch/token_introspection_access_token_group_stu2_2.rb +9 -1
  51. data/lib/smart_app_launch/token_introspection_group.rb +2 -4
  52. data/lib/smart_app_launch/token_introspection_request_group.rb +2 -4
  53. data/lib/smart_app_launch/token_introspection_response_group.rb +64 -49
  54. data/lib/smart_app_launch/token_refresh_body_test.rb +9 -2
  55. data/lib/smart_app_launch/token_refresh_stu2_test.rb +10 -17
  56. data/lib/smart_app_launch/token_refresh_test.rb +19 -20
  57. data/lib/smart_app_launch/token_response_body_test.rb +14 -4
  58. data/lib/smart_app_launch/token_response_body_test_stu2_2.rb +3 -2
  59. data/lib/smart_app_launch/urls.rb +40 -0
  60. data/lib/smart_app_launch/version.rb +2 -2
  61. data/lib/smart_app_launch/well_known_endpoint_test.rb +11 -1
  62. data/lib/smart_app_launch_test_kit.rb +1 -0
  63. metadata +21 -4
data/lib/smart_app_launch/smart_stu2_2_suite.rb CHANGED
@@ -49,7 +49,7 @@ module SMARTAppLaunch
49
49
  * OAuth Redirect URI: `#{config.options[:redirect_uri]}`
50
50
 
51
51
  If using asymmetric client authentication, register Inferno with the
52
- following JWK Set URL:
52
+ following JWK Set URL or provide a custom JWK Set:
53
53
 
54
54
  * `#{Inferno::Application[:base_url]}/custom/smart_stu2_2/.well-known/jwks.json`
55
55
 
@@ -85,23 +85,29 @@ module SMARTAppLaunch
85
85
  * OAuth Redirect URI: `#{config.options[:redirect_uri]}`
86
86
 
87
87
  If using asymmetric client authentication, register Inferno with the
88
- following JWK Set URL:
88
+ following JWK Set URL or provide a custom JWK Set:
89
89
 
90
90
  * `#{Inferno::Application[:base_url]}/custom/smart_stu2_2/.well-known/jwks.json`
91
91
  INSTRUCTIONS
92
92
 
93
93
  run_as_group
94
94
 
95
- group from: :smart_discovery_stu2_2
95
+ group from: :smart_discovery_stu2_2,
96
+ config: {
97
+ inputs: {
98
+ smart_auth_info: { name: :standalone_smart_auth_info }
99
+ },
100
+ outputs: {
101
+ smart_auth_info: { name: :standalone_smart_auth_info }
102
+ }
103
+ }
96
104
  group from: :smart_standalone_launch_stu2_2
97
105
 
98
106
  group from: :smart_openid_connect_stu2_2,
99
107
  config: {
100
108
  inputs: {
101
109
  id_token: { name: :standalone_id_token },
102
- client_id: { name: :standalone_client_id },
103
- requested_scopes: { name: :standalone_requested_scopes },
104
- access_token: { name: :standalone_access_token },
110
+ smart_auth_info: { name: :standalone_smart_auth_info },
105
111
  smart_credentials: { name: :standalone_smart_credentials }
106
112
  }
107
113
  }
@@ -111,9 +117,7 @@ module SMARTAppLaunch
111
117
  title: 'SMART Token Refresh Without Scopes',
112
118
  config: {
113
119
  inputs: {
114
- refresh_token: { name: :standalone_refresh_token },
115
- client_id: { name: :standalone_client_id },
116
- client_secret: { name: :standalone_client_secret },
120
+ smart_auth_info: { name: :standalone_smart_auth_info },
117
121
  received_scopes: { name: :standalone_received_scopes }
118
122
  },
119
123
  outputs: {
@@ -122,7 +126,8 @@ module SMARTAppLaunch
122
126
  access_token: { name: :standalone_access_token },
123
127
  token_retrieval_time: { name: :standalone_token_retrieval_time },
124
128
  expires_in: { name: :standalone_expires_in },
125
- smart_credentials: { name: :standalone_smart_credentials }
129
+ smart_credentials: { name: :standalone_smart_credentials },
130
+ smart_auth_info: { name: :standalone_smart_auth_info }
126
131
  }
127
132
  }
128
133
 
@@ -132,9 +137,7 @@ module SMARTAppLaunch
132
137
  config: {
133
138
  options: { include_scopes: true },
134
139
  inputs: {
135
- refresh_token: { name: :standalone_refresh_token },
136
- client_id: { name: :standalone_client_id },
137
- client_secret: { name: :standalone_client_secret },
140
+ smart_auth_info: { name: :standalone_smart_auth_info },
138
141
  received_scopes: { name: :standalone_received_scopes }
139
142
  },
140
143
  outputs: {
@@ -143,7 +146,8 @@ module SMARTAppLaunch
143
146
  access_token: { name: :standalone_access_token },
144
147
  token_retrieval_time: { name: :standalone_token_retrieval_time },
145
148
  expires_in: { name: :standalone_expires_in },
146
- smart_credentials: { name: :standalone_smart_credentials }
149
+ smart_credentials: { name: :standalone_smart_credentials },
150
+ smart_auth_info: { name: :standalone_smart_auth_info }
147
151
  }
148
152
  }
149
153
  end
@@ -160,14 +164,22 @@ module SMARTAppLaunch
160
164
  * OAuth Redirect URI: `#{config.options[:redirect_uri]}`
161
165
 
162
166
  If using asymmetric client authentication, register Inferno with the
163
- following JWK Set URL:
167
+ following JWK Set URL or provide a custom JWK Set:
164
168
 
165
169
  * `#{Inferno::Application[:base_url]}/custom/smart_stu2_2/.well-known/jwks.json`
166
170
  INSTRUCTIONS
167
171
 
168
172
  run_as_group
169
173
 
170
- group from: :smart_discovery_stu2_2
174
+ group from: :smart_discovery_stu2_2,
175
+ config: {
176
+ inputs: {
177
+ smart_auth_info: { name: :ehr_smart_auth_info }
178
+ },
179
+ outputs: {
180
+ smart_auth_info: { name: :ehr_smart_auth_info }
181
+ }
182
+ }
171
183
 
172
184
  group from: :smart_ehr_launch_stu2_2
173
185
 
@@ -175,9 +187,7 @@ module SMARTAppLaunch
175
187
  config: {
176
188
  inputs: {
177
189
  id_token: { name: :ehr_id_token },
178
- client_id: { name: :ehr_client_id },
179
- requested_scopes: { name: :ehr_requested_scopes },
180
- access_token: { name: :ehr_access_token },
190
+ smart_auth_info: { name: :ehr_smart_auth_info },
181
191
  smart_credentials: { name: :ehr_smart_credentials }
182
192
  }
183
193
  }
@@ -187,9 +197,7 @@ module SMARTAppLaunch
187
197
  title: 'SMART Token Refresh Without Scopes',
188
198
  config: {
189
199
  inputs: {
190
- refresh_token: { name: :ehr_refresh_token },
191
- client_id: { name: :ehr_client_id },
192
- client_secret: { name: :ehr_client_secret },
200
+ smart_auth_info: { name: :ehr_smart_auth_info },
193
201
  received_scopes: { name: :ehr_received_scopes }
194
202
  },
195
203
  outputs: {
@@ -198,7 +206,8 @@ module SMARTAppLaunch
198
206
  access_token: { name: :ehr_access_token },
199
207
  token_retrieval_time: { name: :ehr_token_retrieval_time },
200
208
  expires_in: { name: :ehr_expires_in },
201
- smart_credentials: { name: :ehr_smart_credentials }
209
+ smart_credentials: { name: :ehr_smart_credentials },
210
+ smart_auth_info: { name: :ehr_smart_auth_info }
202
211
  }
203
212
  }
204
213
 
@@ -208,9 +217,7 @@ module SMARTAppLaunch
208
217
  config: {
209
218
  options: { include_scopes: true },
210
219
  inputs: {
211
- refresh_token: { name: :ehr_refresh_token },
212
- client_id: { name: :ehr_client_id },
213
- client_secret: { name: :ehr_client_secret },
220
+ smart_auth_info: { name: :ehr_smart_auth_info },
214
221
  received_scopes: { name: :ehr_received_scopes }
215
222
  },
216
223
  outputs: {
@@ -219,7 +226,8 @@ module SMARTAppLaunch
219
226
  access_token: { name: :ehr_access_token },
220
227
  token_retrieval_time: { name: :ehr_token_retrieval_time },
221
228
  expires_in: { name: :ehr_expires_in },
222
- smart_credentials: { name: :ehr_smart_credentials }
229
+ smart_credentials: { name: :ehr_smart_credentials },
230
+ smart_auth_info: { name: :ehr_smart_auth_info }
223
231
  }
224
232
  }
225
233
  end
@@ -230,15 +238,34 @@ module SMARTAppLaunch
230
238
 
231
239
  input_instructions <<~INSTRUCTIONS
232
240
  Please register the Inferno client with the authorization services with the
233
- following JWK Set URL:
241
+ following JWK Set URL or provide a custom JWK Set:
234
242
 
235
243
  * `#{Inferno::Application[:base_url]}/custom/smart_stu2_2/.well-known/jwks.json`
236
244
  INSTRUCTIONS
237
245
 
238
246
  run_as_group
239
247
 
240
- group from: :smart_discovery_stu2_2
241
- group from: :backend_services_authorization
248
+ group from: :smart_discovery_stu2_2 do
249
+ config(
250
+ inputs: {
251
+ smart_auth_info: { name: :backend_services_smart_auth_info }
252
+ },
253
+ outputs: {
254
+ smart_auth_info: { name: :backend_services_smart_auth_info }
255
+ }
256
+ )
257
+ end
258
+
259
+ group from: :backend_services_authorization,
260
+ config: {
261
+ inputs: {
262
+ smart_auth_info: { name: :backend_services_smart_auth_info }
263
+ },
264
+ outputs: {
265
+ smart_auth_info: { name: :backend_services_smart_auth_info },
266
+ received_scopes: { name: :backend_services_received_scopes }
267
+ }
268
+ }
242
269
  end
243
270
 
244
271
  group from: :smart_token_introspection_stu2_2
data/lib/smart_app_launch/smart_stu2_suite.rb CHANGED
@@ -50,7 +50,7 @@ module SMARTAppLaunch
50
50
  * OAuth Redirect URI: `#{config.options[:redirect_uri]}`
51
51
 
52
52
  If using asymmetric client authentication, register Inferno with the
53
- following JWK Set URL:
53
+ following JWK Set URL or provide a custom JWK Set:
54
54
 
55
55
  * `#{Inferno::Application[:base_url]}/custom/smart_stu2/.well-known/jwks.json`
56
56
  DESCRIPTION
@@ -83,23 +83,29 @@ module SMARTAppLaunch
83
83
  * OAuth Redirect URI: `#{config.options[:redirect_uri]}`
84
84
 
85
85
  If using asymmetric client authentication, register Inferno with the
86
- following JWK Set URL:
86
+ following JWK Set URL or provide a custom JWK Set:
87
87
 
88
88
  * `#{Inferno::Application[:base_url]}/custom/smart_stu2/.well-known/jwks.json`
89
89
  INSTRUCTIONS
90
90
 
91
91
  run_as_group
92
92
 
93
- group from: :smart_discovery_stu2
93
+ group from: :smart_discovery_stu2,
94
+ config: {
95
+ inputs: {
96
+ smart_auth_info: { name: :standalone_smart_auth_info }
97
+ },
98
+ outputs: {
99
+ smart_auth_info: { name: :standalone_smart_auth_info }
100
+ }
101
+ }
94
102
  group from: :smart_standalone_launch_stu2
95
103
 
96
104
  group from: :smart_openid_connect,
97
105
  config: {
98
106
  inputs: {
99
107
  id_token: { name: :standalone_id_token },
100
- client_id: { name: :standalone_client_id },
101
- requested_scopes: { name: :standalone_requested_scopes },
102
- access_token: { name: :standalone_access_token },
108
+ smart_auth_info: { name: :standalone_smart_auth_info },
103
109
  smart_credentials: { name: :standalone_smart_credentials }
104
110
  }
105
111
  }
@@ -109,9 +115,7 @@ module SMARTAppLaunch
109
115
  title: 'SMART Token Refresh Without Scopes',
110
116
  config: {
111
117
  inputs: {
112
- refresh_token: { name: :standalone_refresh_token },
113
- client_id: { name: :standalone_client_id },
114
- client_secret: { name: :standalone_client_secret },
118
+ smart_auth_info: { name: :standalone_smart_auth_info },
115
119
  received_scopes: { name: :standalone_received_scopes }
116
120
  },
117
121
  outputs: {
@@ -120,7 +124,8 @@ module SMARTAppLaunch
120
124
  access_token: { name: :standalone_access_token },
121
125
  token_retrieval_time: { name: :standalone_token_retrieval_time },
122
126
  expires_in: { name: :standalone_expires_in },
123
- smart_credentials: { name: :standalone_smart_credentials }
127
+ smart_credentials: { name: :standalone_smart_credentials },
128
+ smart_auth_info: { name: :standalone_smart_auth_info }
124
129
  }
125
130
  }
126
131
 
@@ -130,9 +135,7 @@ module SMARTAppLaunch
130
135
  config: {
131
136
  options: { include_scopes: true },
132
137
  inputs: {
133
- refresh_token: { name: :standalone_refresh_token },
134
- client_id: { name: :standalone_client_id },
135
- client_secret: { name: :standalone_client_secret },
138
+ smart_auth_info: { name: :standalone_smart_auth_info },
136
139
  received_scopes: { name: :standalone_received_scopes }
137
140
  },
138
141
  outputs: {
@@ -141,7 +144,8 @@ module SMARTAppLaunch
141
144
  access_token: { name: :standalone_access_token },
142
145
  token_retrieval_time: { name: :standalone_token_retrieval_time },
143
146
  expires_in: { name: :standalone_expires_in },
144
- smart_credentials: { name: :standalone_smart_credentials }
147
+ smart_credentials: { name: :standalone_smart_credentials },
148
+ smart_auth_info: { name: :standalone_smart_auth_info }
145
149
  }
146
150
  }
147
151
  end
@@ -158,14 +162,22 @@ module SMARTAppLaunch
158
162
  * OAuth Redirect URI: `#{config.options[:redirect_uri]}`
159
163
 
160
164
  If using asymmetric client authentication, register Inferno with the
161
- following JWK Set URL:
165
+ following JWK Set URL or provide a custom JWK Set:
162
166
 
163
167
  * `#{Inferno::Application[:base_url]}/custom/smart_stu2/.well-known/jwks.json`
164
168
  INSTRUCTIONS
165
169
 
166
170
  run_as_group
167
171
 
168
- group from: :smart_discovery_stu2
172
+ group from: :smart_discovery_stu2,
173
+ config: {
174
+ inputs: {
175
+ smart_auth_info: { name: :ehr_smart_auth_info }
176
+ },
177
+ outputs: {
178
+ smart_auth_info: { name: :ehr_smart_auth_info }
179
+ }
180
+ }
169
181
 
170
182
  group from: :smart_ehr_launch_stu2
171
183
 
@@ -173,9 +185,7 @@ module SMARTAppLaunch
173
185
  config: {
174
186
  inputs: {
175
187
  id_token: { name: :ehr_id_token },
176
- client_id: { name: :ehr_client_id },
177
- requested_scopes: { name: :ehr_requested_scopes },
178
- access_token: { name: :ehr_access_token },
188
+ smart_auth_info: { name: :ehr_smart_auth_info },
179
189
  smart_credentials: { name: :ehr_smart_credentials }
180
190
  }
181
191
  }
@@ -185,9 +195,7 @@ module SMARTAppLaunch
185
195
  title: 'SMART Token Refresh Without Scopes',
186
196
  config: {
187
197
  inputs: {
188
- refresh_token: { name: :ehr_refresh_token },
189
- client_id: { name: :ehr_client_id },
190
- client_secret: { name: :ehr_client_secret },
198
+ smart_auth_info: { name: :ehr_smart_auth_info },
191
199
  received_scopes: { name: :ehr_received_scopes }
192
200
  },
193
201
  outputs: {
@@ -196,7 +204,8 @@ module SMARTAppLaunch
196
204
  access_token: { name: :ehr_access_token },
197
205
  token_retrieval_time: { name: :ehr_token_retrieval_time },
198
206
  expires_in: { name: :ehr_expires_in },
199
- smart_credentials: { name: :ehr_smart_credentials }
207
+ smart_credentials: { name: :ehr_smart_credentials },
208
+ smart_auth_info: { name: :ehr_smart_auth_info }
200
209
  }
201
210
  }
202
211
 
@@ -206,9 +215,7 @@ module SMARTAppLaunch
206
215
  config: {
207
216
  options: { include_scopes: true },
208
217
  inputs: {
209
- refresh_token: { name: :ehr_refresh_token },
210
- client_id: { name: :ehr_client_id },
211
- client_secret: { name: :ehr_client_secret },
218
+ smart_auth_info: { name: :ehr_smart_auth_info },
212
219
  received_scopes: { name: :ehr_received_scopes }
213
220
  },
214
221
  outputs: {
@@ -217,7 +224,8 @@ module SMARTAppLaunch
217
224
  access_token: { name: :ehr_access_token },
218
225
  token_retrieval_time: { name: :ehr_token_retrieval_time },
219
226
  expires_in: { name: :ehr_expires_in },
220
- smart_credentials: { name: :ehr_smart_credentials }
227
+ smart_credentials: { name: :ehr_smart_credentials },
228
+ smart_auth_info: { name: :ehr_smart_auth_info }
221
229
  }
222
230
  }
223
231
  end
@@ -228,18 +236,36 @@ module SMARTAppLaunch
228
236
 
229
237
  input_instructions <<~INSTRUCTIONS
230
238
  Please register the Inferno client with the authorization services with the
231
- following JWK Set URL:
239
+ following JWK Set URL or provide a custom JWK Set:
232
240
 
233
241
  * `#{Inferno::Application[:base_url]}/custom/smart_stu2/.well-known/jwks.json`
234
242
  INSTRUCTIONS
235
243
 
236
244
  run_as_group
237
245
 
238
- group from: :smart_discovery_stu2
239
- group from: :backend_services_authorization
246
+ group from: :smart_discovery_stu2 do
247
+ config(
248
+ inputs: {
249
+ smart_auth_info: { name: :backend_services_smart_auth_info }
250
+ },
251
+ outputs: {
252
+ smart_auth_info: { name: :backend_services_smart_auth_info }
253
+ }
254
+ )
255
+ end
256
+
257
+ group from: :backend_services_authorization,
258
+ config: {
259
+ inputs: {
260
+ smart_auth_info: { name: :backend_services_smart_auth_info }
261
+ },
262
+ outputs: {
263
+ smart_auth_info: { name: :backend_services_smart_auth_info },
264
+ received_scopes: { name: :backend_services_received_scopes }
265
+ }
266
+ }
240
267
  end
241
268
 
242
269
  group from: :smart_token_introspection
243
-
244
270
  end
245
271
  end
data/lib/smart_app_launch/smart_tls_test.rb ADDED
@@ -0,0 +1,14 @@
1
+ require 'tls_test_kit'
2
+
3
+ module SMARTAppLaunch
4
+ class SMARTTLSTest < TLSTestKit::TLSVersionTest
5
+ id :smart_tls
6
+ input :smart_auth_info, type: :auth_info, options: { mode: 'auth' }
7
+
8
+ def url
9
+ return super if config.options[:smart_endpoint_key].blank?
10
+
11
+ smart_auth_info.send(config.options[:smart_endpoint_key])
12
+ end
13
+ end
14
+ end
data/lib/smart_app_launch/standalone_launch_group.rb CHANGED
@@ -1,5 +1,6 @@
1
1
  require_relative 'app_redirect_test'
2
2
  require_relative 'code_received_test'
3
+ require_relative 'smart_tls_test'
3
4
  require_relative 'token_exchange_test'
4
5
  require_relative 'token_response_body_test'
5
6
  require_relative 'token_response_headers_test'
@@ -36,23 +37,35 @@ module SMARTAppLaunch
36
37
 
37
38
  config(
38
39
  inputs: {
39
- client_id: {
40
- name: :standalone_client_id,
41
- title: 'Standalone Client ID',
42
- description: 'Client ID provided during registration of Inferno as a standalone application'
43
- },
44
- client_secret: {
45
- name: :standalone_client_secret,
46
- title: 'Standalone Client Secret',
47
- description: 'Client Secret provided during registration of Inferno as a standalone application. ' \
48
- 'Only for clients using confidential symmetric authentication.'
49
- },
50
- requested_scopes: {
51
- name: :standalone_requested_scopes,
52
- title: 'Standalone Scope',
53
- description: 'OAuth 2.0 scope provided by system to enable all required functionality',
54
- type: 'textarea',
55
- default: 'launch/patient openid fhirUser offline_access patient/*.read'
40
+ smart_auth_info: {
41
+ name: :standalone_smart_auth_info,
42
+ title: 'Standalone Launch Credentials',
43
+ options: {
44
+ components: [
45
+ {
46
+ name: :auth_type,
47
+ options: {
48
+ list_options: [
49
+ { label: 'Public', value: 'public' },
50
+ { label: 'Confidential Symmetric', value: 'symmetric' }
51
+ ]
52
+ }
53
+ },
54
+ {
55
+ name: :requested_scopes,
56
+ default: 'launch/patient openid fhirUser offline_access patient/*.read'
57
+ },
58
+ {
59
+ name: :use_discovery,
60
+ locked: true
61
+ },
62
+ {
63
+ name: :auth_request_method,
64
+ default: 'GET',
65
+ locked: true
66
+ }
67
+ ]
68
+ }
56
69
  },
57
70
  url: {
58
71
  title: 'Standalone FHIR Endpoint',
@@ -67,7 +80,6 @@ module SMARTAppLaunch
67
80
  smart_credentials: {
68
81
  name: :standalone_smart_credentials
69
82
  }
70
-
71
83
  },
72
84
  outputs: {
73
85
  code: { name: :standalone_code },
@@ -81,7 +93,8 @@ module SMARTAppLaunch
81
93
  encounter_id: { name: :standalone_encounter_id },
82
94
  received_scopes: { name: :standalone_received_scopes },
83
95
  intent: { name: :standalone_intent },
84
- smart_credentials: { name: :standalone_smart_credentials }
96
+ smart_credentials: { name: :standalone_smart_credentials },
97
+ smart_auth_info: { name: :standalone_smart_auth_info }
85
98
  },
86
99
  requests: {
87
100
  redirect: { name: :standalone_redirect },
@@ -89,7 +102,7 @@ module SMARTAppLaunch
89
102
  }
90
103
  )
91
104
 
92
- test from: :tls_version_test,
105
+ test from: :smart_tls,
93
106
  id: :standalone_auth_tls,
94
107
  title: 'OAuth 2.0 authorize endpoint secured by transport layer security',
95
108
  description: %(
@@ -98,12 +111,14 @@ module SMARTAppLaunch
98
111
  servers, over TLS-secured channels.
99
112
  ),
100
113
  config: {
101
- inputs: { url: { name: :smart_authorization_url } },
102
- options: { minimum_allowed_version: OpenSSL::SSL::TLS1_2_VERSION }
114
+ options: {
115
+ minimum_allowed_version: OpenSSL::SSL::TLS1_2_VERSION,
116
+ smart_endpoint_key: :auth_url
117
+ }
103
118
  }
104
119
  test from: :smart_app_redirect
105
120
  test from: :smart_code_received
106
- test from: :tls_version_test,
121
+ test from: :smart_tls,
107
122
  id: :standalone_token_tls,
108
123
  title: 'OAuth 2.0 token endpoint secured by transport layer security',
109
124
  description: %(
@@ -112,8 +127,10 @@ module SMARTAppLaunch
112
127
  servers, over TLS-secured channels.
113
128
  ),
114
129
  config: {
115
- inputs: { url: { name: :smart_token_url } },
116
- options: { minimum_allowed_version: OpenSSL::SSL::TLS1_2_VERSION }
130
+ options: {
131
+ minimum_allowed_version: OpenSSL::SSL::TLS1_2_VERSION,
132
+ smart_endpoint_key: :token_url
133
+ }
117
134
  }
118
135
  test from: :smart_token_exchange
119
136
  test from: :smart_token_response_body
data/lib/smart_app_launch/standalone_launch_group_stu2.rb CHANGED
@@ -31,16 +31,32 @@ module SMARTAppLaunch
31
31
 
32
32
  config(
33
33
  inputs: {
34
- use_pkce: {
35
- default: 'true',
36
- locked: true
37
- },
38
- pkce_code_challenge_method: {
39
- default: 'S256',
40
- locked: true
41
- },
42
- requested_scopes: {
43
- default: 'launch/patient openid fhirUser offline_access patient/*.rs'
34
+ smart_auth_info: {
35
+ name: :standalone_smart_auth_info,
36
+ title: 'Standalone Launch Credentials',
37
+ options: {
38
+ components: [
39
+ {
40
+ name: :requested_scopes,
41
+ default: 'launch/patient openid fhirUser offline_access patient/*.rs'
42
+ },
43
+ {
44
+ name: :pkce_support,
45
+ default: 'enabled',
46
+ locked: true
47
+ },
48
+ {
49
+ name: :pkce_code_challenge_method,
50
+ default: 'S256',
51
+ locked: true
52
+ },
53
+ Inferno::DSL::AuthInfo.default_auth_type_component_without_backend_services,
54
+ {
55
+ name: :use_discovery,
56
+ locked: true
57
+ }
58
+ ]
59
+ }
44
60
  }
45
61
  }
46
62
  )
data/lib/smart_app_launch/standalone_launch_group_stu2_2.rb CHANGED
@@ -30,22 +30,6 @@ module SMARTAppLaunch
30
30
  * [Standalone Launch Sequence](http://hl7.org/fhir/smart-app-launch/STU2.2/app-launch.html#launch-app-standalone-launch)
31
31
  )
32
32
 
33
- config(
34
- inputs: {
35
- use_pkce: {
36
- default: 'true',
37
- locked: true
38
- },
39
- pkce_code_challenge_method: {
40
- default: 'S256',
41
- locked: true
42
- },
43
- requested_scopes: {
44
- default: 'launch/patient openid fhirUser offline_access patient/*.rs'
45
- }
46
- }
47
- )
48
-
49
33
  test from: :smart_token_exchange_stu2_2
50
34
 
51
35
  token_exchange_index = children.find_index { |child| child.id.to_s.end_with? 'token_exchange' }
data/lib/smart_app_launch/tags.rb ADDED
@@ -0,0 +1,7 @@
1
+ # frozen_string_literal: true
2
+
3
+ module SMARTAppLaunch
4
+ TOKEN_TAG = 'token'
5
+ SMART_TAG = 'smart'
6
+ ACCESS_TAG = 'access'
7
+ end
data/lib/smart_app_launch/token_exchange_stu2_2_test.rb CHANGED
@@ -4,26 +4,14 @@ module SMARTAppLaunch
4
4
  class TokenExchangeSTU22Test < TokenExchangeSTU2Test
5
5
  id :smart_token_exchange_stu2_2
6
6
 
7
- def add_credentials_to_request(oauth2_params, oauth2_headers)
8
- if client_auth_type == 'confidential_symmetric'
9
- assert client_secret.present?,
10
- 'A client secret must be provided when using confidential symmetric client authentication.'
7
+ input :smart_auth_info, type: :auth_info, options: { mode: 'auth' }
11
8
 
12
- client_credentials = "#{client_id}:#{client_secret}"
13
- oauth2_headers['Authorization'] = "Basic #{Base64.strict_encode64(client_credentials)}"
14
- elsif client_auth_type == 'public'
15
- oauth2_params[:client_id] = client_id
9
+ def add_credentials_to_request(oauth2_params, oauth2_headers)
10
+ if smart_auth_info.public_auth?
11
+ oauth2_params[:client_id] = smart_auth_info.client_id
16
12
  oauth2_headers['Origin'] = Inferno::Application['inferno_host']
17
13
  else
18
- oauth2_params.merge!(
19
- client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
20
- client_assertion: ClientAssertionBuilder.build(
21
- iss: client_id,
22
- sub: client_id,
23
- aud: smart_token_url,
24
- client_auth_encryption_method:
25
- )
26
- )
14
+ super
27
15
  end
28
16
  end
29
17
  end