smart_app_launch_test_kit 0.6.0 → 0.6.2

data/lib/smart_app_launch/endpoints/mock_smart_server.rb

@@ -0,0 +1,278 @@
+require 'jwt'
+require 'faraday'
+require 'time'
+require 'base64'
+require 'rack/utils'
+require_relative '../urls'
+require_relative '../tags'
+require_relative '../client_suite/client_options'
+
+module SMARTAppLaunch
+  module MockSMARTServer
+    SUPPORTED_SCOPES = ['system/*.read', 'user/*.read', 'patient/*.read'].freeze
+
+    module_function
+
+    def smart_server_metadata(suite_id)
+      base_url = "#{Inferno::Application['base_url']}/custom/#{suite_id}"
+      response_body = {
+        token_endpoint_auth_signing_alg_values_supported: ['RS384', 'ES384'],
+        capabilities: ['client-confidential-asymmetric', 'launch-ehr' ,'launch-standalone', 'authorize-post',
+                       'client-public', 'client-confidential-symmetric', 'permission-offline', 'permission-online',
+                       'permission-patient', 'permission-user', 'permission-v1', 'permission-v2',
+                       'context-ehr-patient', 'context-ehr-encounter', 
+                       'context-standalone-patient', 'context-standalone-encounter',
+                       'context-banner', 'context-style'],
+        code_challenge_methods_supported: ['S256'],
+        token_endpoint_auth_methods_supported: ['private_key_jwt', 'client_secret_basic', 'client_secret_post'],
+        issuer: base_url + FHIR_PATH,
+        grant_types_supported: ['client_credentials', 'authorization_code'],
+        scopes_supported: SUPPORTED_SCOPES,
+        authorization_endpoint: base_url + AUTHORIZATION_PATH,
+        token_endpoint: base_url + TOKEN_PATH,
+        introspection_endpoint: base_url + INTROSPECTION_PATH
+      }.to_json
+
+      [200, { 'Content-Type' => 'application/json', 'Access-Control-Allow-Origin' => '*' }, [response_body]]
+    end
+
+    def openid_connect_metadata(suite_id)
+      base_url = "#{Inferno::Application['base_url']}/custom/#{suite_id}"
+      response_body = {
+        issuer: base_url + FHIR_PATH,
+        authorization_endpoint: base_url + AUTHORIZATION_PATH,
+        token_endpoint: base_url + TOKEN_PATH,
+        jwks_uri: base_url + OIDC_JWKS_PATH,
+        response_types_supported: ['code', 'id_token', 'token id_token'],
+        subject_types_supported: ['pairwise', 'public'],
+        id_token_signing_alg_values_supported: ['RS256']
+      }.to_json
+
+      [200, { 'Content-Type' => 'application/json', 'Access-Control-Allow-Origin' => '*' }, [response_body]]
+    end
+
+    def client_id_from_client_assertion(client_assertion_jwt)
+      return unless client_assertion_jwt.present?
+
+      claims, _header = JWT.decode(client_assertion_jwt, nil, false)[0]
+      claims&.dig('iss')
+    end
+
+    def client_id_to_token(client_id, exp_min)
+      token_structure = {
+        client_id:,
+        expiration: exp_min.minutes.from_now.to_i,
+        nonce: SecureRandom.hex(8)
+      }.to_json
+
+      Base64.urlsafe_encode64(token_structure, padding: false)
+    end
+
+    def decode_token(token)
+      token_to_decode = 
+        if issued_token_is_refresh_token(token)
+          refresh_token_to_authorization_code(token)
+        else
+          token
+        end
+      return unless token_to_decode.present?
+      
+      JSON.parse(Base64.urlsafe_decode64(token_to_decode))
+    rescue JSON::ParserError
+      nil
+    end
+
+    def issued_token_to_client_id(token)
+      decode_token(token)&.dig('client_id')
+    end
+
+    def issued_token_is_refresh_token(token)
+      token.end_with?('_rt')
+    end
+
+    def authorization_code_to_refresh_token(code)
+      "#{code}_rt"
+    end
+
+    def refresh_token_to_authorization_code(refresh_token)
+      refresh_token[..-4]
+    end
+
+    def jwk_set(jku, warning_messages = []) # rubocop:disable Metrics/CyclomaticComplexity
+      jwk_set = JWT::JWK::Set.new
+
+      if jku.blank?
+        warning_messages << 'No key set input.'
+        return jwk_set
+      end
+
+      jwk_body = # try as raw jwk set
+        begin
+          JSON.parse(jku)
+        rescue JSON::ParserError
+          nil
+        end
+
+      if jwk_body.blank?
+        retrieved = Faraday.get(jku) # try as url pointing to a jwk set
+        jwk_body =
+          begin
+            JSON.parse(retrieved.body)
+          rescue JSON::ParserError
+            warning_messages << "Failed to fetch valid json from jwks uri #{jwk_set}."
+            nil
+          end
+      else
+        warning_messages << 'Providing the JWK Set directly is strongly discouraged.'
+      end
+
+      return jwk_set if jwk_body.blank?
+
+      jwk_body['keys']&.each_with_index do |key_hash, index|
+        parsed_key =
+          begin
+            JWT::JWK.new(key_hash)
+          rescue JWT::JWKError => e
+            id = key_hash['kid'] | index
+            warning_messages << "Key #{id} invalid: #{e}"
+            nil
+          end
+        jwk_set << parsed_key unless parsed_key.blank?
+      end
+
+      jwk_set
+    end
+
+    def request_has_expired_token?(request)
+      return false if request.params[:session_path].present?
+
+      token = request.headers['authorization']&.delete_prefix('Bearer ')
+      token_expired?(token)
+    end
+
+    def token_expired?(token, check_time = nil)
+      decoded_token = decode_token(token)
+      return false unless decoded_token&.dig('expiration').present?
+
+      check_time = Time.now.to_i unless check_time.present?
+      decoded_token['expiration'] < check_time
+    end
+
+    def update_response_for_expired_token(response, type)
+      response.status = 401
+      response.format = :json
+      response.body = FHIR::OperationOutcome.new(
+        issue: FHIR::OperationOutcome::Issue.new(severity: 'fatal', code: 'expired',
+                                                 details: FHIR::CodeableConcept.new(text: "#{type}has expired"))
+      ).to_json
+    end
+
+    def smart_assertion_signature_verification(token, key_set_input) # rubocop:disable Metrics/CyclomaticComplexity
+      encoded_token = nil
+      if token.is_a?(JWT::EncodedToken)
+        encoded_token = token
+      else
+        begin
+          encoded_token = JWT::EncodedToken.new(token)
+        rescue StandardError => e
+          return "invalid token structure: #{e}"
+        end
+      end
+      return 'invalid token' unless encoded_token.present?
+      return 'missing `alg` header' if encoded_token.header['alg'].blank?
+      return 'missing `kid` header' if encoded_token.header['kid'].blank?
+
+      jwk = identify_smart_signing_key(encoded_token.header['kid'], encoded_token.header['jku'], key_set_input)
+      return "no key found with `kid` '#{encoded_token.header['kid']}'" if jwk.blank?
+
+      begin
+        encoded_token.verify_signature!(algorithm: encoded_token.header['alg'], key: jwk.verify_key)
+      rescue StandardError => e
+        return e
+      end
+
+      nil
+    end
+
+    def identify_smart_signing_key(kid, jku, key_set_input)
+      key_set = jku.present? ? jku : key_set_input
+      parsed_key_set = jwk_set(key_set)
+      parsed_key_set&.find { |key| key.kid == kid }
+    end
+
+    def update_response_for_error(response, error_message)
+      response.status = 401
+      response.format = :json
+      response.body = { error: 'invalid_client', error_description: error_message }.to_json
+    end
+
+    def confidential_symmetric_header_value_error(authorization_header_value, client_id, client_secret)
+      unless authorization_header_value.present?
+        return 'authorization header missing from confidential symmetric client request'
+      end
+      unless authorization_header_value.start_with?('Basic ')
+        return 'authorization header for confidential symmetric client request does not use Basic auth'
+      end
+      
+      client_and_secret = 
+        begin
+          Base64.strict_decode64(authorization_header_value.delete_prefix('Basic '))
+        rescue
+          return 'Basic authorization header could not be decoded'
+        end
+      expected_client_and_secret = "#{client_id}:#{client_secret}"
+      unless client_and_secret == expected_client_and_secret
+        return 'basic authorization header has the wrong decoded value - ' \
+               "expected '#{expected_client_and_secret}', got '#{client_and_secret}'"
+      end
+
+      nil
+    end
+
+    def pkce_error(verifier, challenge, method)
+      if verifier.blank?
+        'pkce check failed: no verifier provided'
+      elsif challenge.blank?
+        'pkce check failed: no challenge code provided'
+      elsif method == 'S256'
+        return nil unless challenge != AppRedirectTest.calculate_s256_challenge(verifier)
+
+        "invalid S256 pkce verifier: got '#{AppRedirectTest.calculate_s256_challenge(verifier)}' " \
+          "expected '#{challenge}'"
+      else
+        "invalid pkce challenge method '#{method}'"
+      end
+    end
+
+    def pkce_valid?(verifier, challenge, method, response)
+      pkce_error = pkce_error(verifier, challenge, method)
+
+      if pkce_error.present?
+        update_response_for_error(response, pkce_error)
+        false
+      else
+        true
+      end
+    end
+
+    def authorization_request_for_code(code, test_session_id)
+      authorization_requests = Inferno::Repositories::Requests.new.tagged_requests(test_session_id, [AUTHORIZATION_TAG])
+      authorization_requests.find do |request|
+        location_header = request.response_headers.find { |header| header.name.downcase == 'location' }
+        if location_header.present? && location_header.value.present?
+          Rack::Utils.parse_query(URI(location_header.value)&.query)&.dig('code') == code
+        else
+          false
+        end
+      end
+    end
+
+    def authorization_code_request_details(inferno_request)
+      if inferno_request.verb.downcase == 'get'
+        Rack::Utils.parse_query(URI(inferno_request.url)&.query)
+      elsif inferno_request.verb.downcase == 'post'
+        Rack::Utils.parse_query(inferno_request.request_body)
+      end
+    end
+  end
+end

data/lib/smart_app_launch/metadata.rb

@@ -5,9 +5,9 @@ module SMARTAppLaunch
     id :smart_app_launch_test_kit
     title 'SMART App Launch Test Kit'
     description <<~DESCRIPTION
-      The SMART App Launch Test Kit primarily validates the conformance of an
-      authorization server implementation to a specified version of the [SMART
-      Application Launch Framework Implementation
+      The SMART App Launch Test Kit validates the conformance of authorization server
+      implementations and clients that interact with them to a specified version of the
+      [SMART Application Launch Framework Implementation
       Guide](http://hl7.org/fhir/smart-app-launch/index.html).  This Test Kit also
       provides Brand Bundle Publisher testing for the User-access Brands and Endpoints
       specification.  This Test Kit supports following versions of the SMART App
@@ -25,21 +25,26 @@ module SMARTAppLaunch
       kits for any FHIR-based data exchange.
 
       To run tests for a SMART App Launch authorization server, select one of the
-      "SMART App Launch" suites.  To run tests for a Brand Bundle Publisher, select
+      "SMART App Launch" suites.  To run tests for a SMART App Launch or backend
+      services client, select the "SMART App Launch STU2.2 Client" suite and choose
+      the type of client. To run tests for a Brand Bundle Publisher, select
       the "SMART User-access Brands and Endpoints" suite.
 
       ## Status
 
-      The SMART App Launch Test Kit primarily verifies that systems correctly
-      implement the SMART App Launch IG for providing authorization and/or
-      authentication services to client applications accessing HL7 FHIR APIs.
-
-      The test kit currently tests the following requirements:
-      - Standalone Launch
-      - EHR Launch
-
-      It also tests the ability of a Brand Bundle Publisher to publish a valid brand
-      bundle as described in the User-access Brands and Endpoints specification.
+      The SMART App Launch Test Kit provides five suites that verify that systems
+      correctly implement different aspects and versions of the SMART App Launch IG.
+      - Three server suites (SMART App Launch STU1, STU2, and STU2.2) verifying that SMART server implementations
+        can provide authorization and/or authentication services to
+        client applications accessing HL7 FHIR APIs. Thes
+        - Standalone Launch
+        - EHR Launch
+        - Backend Services (STU2 and STU2.2 only)
+        - Token Introspection (STU2 and STU2.2 only)
+      - A client suite (SMART App Launch STU2.2 Client) verifying that a SMART STU2.2
+        client can obtain and use an access token using the SMART flows and authentication options.
+      - A suite verifying a server's compliance with the User-access Brands and Endpoints
+        specification.
 
       See the test descriptions within the test kit for detail on the specific
       validations performed as part of testing these requirements.
@@ -64,12 +69,12 @@ module SMARTAppLaunch
       section](https://github.com/inferno-framework/smart-app-launch-test-kit/issues)
       of the repository.
     DESCRIPTION
-    suite_ids [:smart, :smart_stu2, :smart_stu2_2, :smart_access_brands]
+    suite_ids [:smart, :smart_stu2, :smart_stu2_2, :smart_access_brands, :smart_client_stu2_2]
     tags ['SMART App Launch', 'Endpoint Publication']
     last_updated LAST_UPDATED
     version VERSION
     maturity 'Medium'
-    authors ['Stephen MacVicar']
+    authors ['Stephen MacVicar', 'Karl Naden']
     repo 'https://github.com/inferno-framework/smart-app-launch-test-kit'
   end
 end

data/lib/smart_app_launch/smart_stu2_2_suite.rb

@@ -262,7 +262,8 @@ module SMARTAppLaunch
                 smart_auth_info: { name: :backend_services_smart_auth_info }
               },
               outputs: {
-                smart_auth_info: { name: :backend_services_smart_auth_info }
+                smart_auth_info: { name: :backend_services_smart_auth_info },
+                received_scopes: { name: :backend_services_received_scopes }
               }
             }
     end

data/lib/smart_app_launch/smart_stu2_suite.rb

@@ -260,7 +260,8 @@ module SMARTAppLaunch
                 smart_auth_info: { name: :backend_services_smart_auth_info }
               },
               outputs: {
-                smart_auth_info: { name: :backend_services_smart_auth_info }
+                smart_auth_info: { name: :backend_services_smart_auth_info },
+                received_scopes: { name: :backend_services_received_scopes }
               }
             }
     end

data/lib/smart_app_launch/tags.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module SMARTAppLaunch
+  TOKEN_TAG = 'token'
+  AUTHORIZATION_TAG = 'authorization'
+  INTROSPECTION_TAG = 'introspection'
+  SMART_TAG = 'SMART'
+  ACCESS_TAG = 'access'
+  CLIENT_CREDENTIALS_TAG = 'client_credentials'
+  AUTHORIZATION_CODE_TAG = 'authorization_code'
+  REFRESH_TOKEN_TAG = 'refresh_token'
+  PUBLIC_TAG = 'public'
+  CONFIDENTIAL_SYMMETRIC_TAG = 'confidential_symmetric'
+  CONFIDENTIAL_ASYMMETRIC_TAG = 'confidential_asymmetric'
+end

data/lib/smart_app_launch/token_introspection_response_group.rb

@@ -53,7 +53,7 @@ module SMARTAppLaunch
         introspection response and should match the claim in the ID token
       )
 
-      input :standalone_smart_auth_info, type: :auth_info, options: { mode: 'auth' }
+      input :standalone_smart_auth_info, type: :auth_info, options: { mode: 'access' }
 
       input :standalone_received_scopes,
             title: 'Expected Introspection Response Value: scope',

data/lib/smart_app_launch/token_payload_validation.rb

@@ -78,8 +78,8 @@ module SMARTAppLaunch
     end
 
     def check_for_missing_scopes(requested_scopes, body)
-      expected_scopes = requested_scopes.split
-      new_scopes = body['scope'].split
+      expected_scopes = requested_scopes&.split || []
+      new_scopes = body['scope']&.split || []
       missing_scopes = expected_scopes - new_scopes
 
       warning do

data/lib/smart_app_launch/urls.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module SMARTAppLaunch
+  FHIR_PATH = '/fhir'
+  RESUME_PASS_PATH = '/resume_pass'
+  RESUME_FAIL_PATH = '/resume_fail'
+  AUTH_SERVER_PATH = '/auth'
+  SMART_DISCOVERY_PATH = "#{FHIR_PATH}/.well-known/smart-configuration".freeze
+  OIDC_DISCOVERY_PATH = "#{FHIR_PATH}/.well-known/openid-configuration".freeze
+  OIDC_JWKS_PATH = "#{FHIR_PATH}/.well-known/jwks.json".freeze
+  TOKEN_PATH = "#{AUTH_SERVER_PATH}/token".freeze
+  AUTHORIZATION_PATH = "#{AUTH_SERVER_PATH}/authorization".freeze
+  INTROSPECTION_PATH = "#{AUTH_SERVER_PATH}/introspect".freeze
+
+  module URLs
+    def client_base_url
+      @client_base_url ||= "#{Inferno::Application['base_url']}/custom/#{client_suite_id}"
+    end
+
+    def client_fhir_base_url
+      @client_fhir_base_url ||= client_base_url + FHIR_PATH
+    end
+
+    def client_resume_pass_url
+      @client_resume_pass_url ||= client_base_url + RESUME_PASS_PATH
+    end
+
+    def client_resume_fail_url
+      @client_resume_fail_url ||= client_base_url + RESUME_FAIL_PATH
+    end
+
+    def client_smart_discovery_url
+      @client_smart_discovery_url ||= client_base_url + SMART_DISCOVERY_PATH
+    end
+
+    def client_token_url
+      @client_token_url ||= client_base_url + TOKEN_PATH
+    end
+
+    def client_authorization_url
+      @client_authorization_url ||= client_base_url + AUTHORIZATION_PATH
+    end
+
+    def client_introspection_url
+      @client_introspection_url ||= client_base_url + INTROSPECTION_PATH
+    end
+
+    def client_suite_id
+      SMARTAppLaunch::SMARTClientSTU22Suite.id
+    end
+  end
+end

data/lib/smart_app_launch/version.rb

@@ -1,4 +1,4 @@
 module SMARTAppLaunch
-  VERSION = '0.6.0'.freeze
-  LAST_UPDATED = '2025-03-14'.freeze
+  VERSION = '0.6.2'.freeze
+  LAST_UPDATED = '2025-05-02'.freeze
 end

data/lib/smart_app_launch_test_kit.rb

@@ -5,3 +5,4 @@ require_relative 'smart_app_launch/smart_stu1_suite'
 require_relative 'smart_app_launch/smart_stu2_suite'
 require_relative 'smart_app_launch/smart_stu2_2_suite'
 require_relative 'smart_app_launch/smart_access_brands_suite'
+require_relative 'smart_app_launch/client_stu2_2_suite'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: smart_app_launch_test_kit
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.6.2
 platform: ruby
 authors:
 - Stephen MacVicar
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-03-14 00:00:00.000000000 Z
+date: 2025-05-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: inferno_core
@@ -145,6 +145,10 @@ extensions: []
 extra_rdoc_files: []
 files:
 - LICENSE
+- config/presets/SMART_RunClientAgainstServer.json.erb
+- config/presets/SMART_RunServerAgainstClient_ConfidentialAsymmetric.json.erb
+- config/presets/SMART_RunServerAgainstClient_ConfidentialSymmetric.json.erb
+- config/presets/SMART_RunServerAgainstClient_Public.json.erb
 - config/presets/inferno_reference_server_preset.json
 - config/presets/inferno_reference_server_stu2_2_preset.json
 - config/presets/inferno_reference_server_stu2_preset.json
@@ -164,6 +168,33 @@ files:
 - lib/smart_app_launch/backend_services_invalid_grant_type_test.rb
 - lib/smart_app_launch/backend_services_invalid_jwt_test.rb
 - lib/smart_app_launch/client_assertion_builder.rb
+- lib/smart_app_launch/client_stu2_2_suite.rb
+- lib/smart_app_launch/client_suite/access_alca_interaction_test.rb
+- lib/smart_app_launch/client_suite/access_alcs_interaction_test.rb
+- lib/smart_app_launch/client_suite/access_alp_interaction_test.rb
+- lib/smart_app_launch/client_suite/access_bsca_interaction_test.rb
+- lib/smart_app_launch/client_suite/access_group.rb
+- lib/smart_app_launch/client_suite/authentication_verification.rb
+- lib/smart_app_launch/client_suite/authorization_request_verification_test.rb
+- lib/smart_app_launch/client_suite/client_descriptions.rb
+- lib/smart_app_launch/client_suite/client_options.rb
+- lib/smart_app_launch/client_suite/oidc_jwks.json
+- lib/smart_app_launch/client_suite/oidc_jwks.rb
+- lib/smart_app_launch/client_suite/registration_alca_group.rb
+- lib/smart_app_launch/client_suite/registration_alca_verification_test.rb
+- lib/smart_app_launch/client_suite/registration_alcs_group.rb
+- lib/smart_app_launch/client_suite/registration_alcs_verification_test.rb
+- lib/smart_app_launch/client_suite/registration_alp_group.rb
+- lib/smart_app_launch/client_suite/registration_alp_verification_test.rb
+- lib/smart_app_launch/client_suite/registration_bsca_group.rb
+- lib/smart_app_launch/client_suite/registration_bsca_verification_test.rb
+- lib/smart_app_launch/client_suite/registration_verification.rb
+- lib/smart_app_launch/client_suite/token_request_alca_verification_test.rb
+- lib/smart_app_launch/client_suite/token_request_alcs_verification_test.rb
+- lib/smart_app_launch/client_suite/token_request_alp_verification_test.rb
+- lib/smart_app_launch/client_suite/token_request_bsca_verification_test.rb
+- lib/smart_app_launch/client_suite/token_request_verification.rb
+- lib/smart_app_launch/client_suite/token_use_verification_test.rb
 - lib/smart_app_launch/code_received_test.rb
 - lib/smart_app_launch/cors_metadata_request_test.rb
 - lib/smart_app_launch/cors_openid_fhir_user_claim_test.rb
@@ -172,9 +203,19 @@ files:
 - lib/smart_app_launch/discovery_stu1_group.rb
 - lib/smart_app_launch/discovery_stu2_2_group.rb
 - lib/smart_app_launch/discovery_stu2_group.rb
+- lib/smart_app_launch/docs/demo/FHIR Request.postman_collection.json
+- lib/smart_app_launch/docs/smart_stu2_2_client_suite_description.md
 - lib/smart_app_launch/ehr_launch_group.rb
 - lib/smart_app_launch/ehr_launch_group_stu2.rb
 - lib/smart_app_launch/ehr_launch_group_stu2_2.rb
+- lib/smart_app_launch/endpoints/echoing_fhir_responder_endpoint.rb
+- lib/smart_app_launch/endpoints/mock_smart_server.rb
+- lib/smart_app_launch/endpoints/mock_smart_server/authorization_endpoint.rb
+- lib/smart_app_launch/endpoints/mock_smart_server/introspection_endpoint.rb
+- lib/smart_app_launch/endpoints/mock_smart_server/smart_authorization_response_creation.rb
+- lib/smart_app_launch/endpoints/mock_smart_server/smart_introspection_response_creation.rb
+- lib/smart_app_launch/endpoints/mock_smart_server/smart_token_response_creation.rb
+- lib/smart_app_launch/endpoints/mock_smart_server/token_endpoint.rb
 - lib/smart_app_launch/jwks.rb
 - lib/smart_app_launch/launch_received_test.rb
 - lib/smart_app_launch/metadata.rb
@@ -207,6 +248,7 @@ files:
 - lib/smart_app_launch/standalone_launch_group.rb
 - lib/smart_app_launch/standalone_launch_group_stu2.rb
 - lib/smart_app_launch/standalone_launch_group_stu2_2.rb
+- lib/smart_app_launch/tags.rb
 - lib/smart_app_launch/token_exchange_stu2_2_test.rb
 - lib/smart_app_launch/token_exchange_stu2_test.rb
 - lib/smart_app_launch/token_exchange_test.rb
@@ -226,6 +268,7 @@ files:
 - lib/smart_app_launch/token_response_body_test_stu2_2.rb
 - lib/smart_app_launch/token_response_headers_test.rb
 - lib/smart_app_launch/url_helpers.rb
+- lib/smart_app_launch/urls.rb
 - lib/smart_app_launch/version.rb
 - lib/smart_app_launch/well_known_capabilities_stu1_test.rb
 - lib/smart_app_launch/well_known_capabilities_stu2_test.rb