smart_app_launch_test_kit 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. checksums.yaml +4 -4
  2. data/execution_scripts/README.md +16 -0
  3. data/execution_scripts/client_vs_server/access_data_and_continue_client.rb +37 -0
  4. data/execution_scripts/client_vs_server/smart_v22_backend_services_with_commands.yaml +69 -0
  5. data/execution_scripts/client_vs_server/smart_v22_backend_services_with_commands_client_expected.json +1 -0
  6. data/execution_scripts/client_vs_server/smart_v22_backend_services_with_commands_server_expected.json +478 -0
  7. data/execution_scripts/client_vs_server/smart_v22_backend_services_with_commands_server_no_tls_expected.json +479 -0
  8. data/execution_scripts/client_vs_server/smart_v22_confidential_symmetric_with_commands.yaml +122 -0
  9. data/execution_scripts/client_vs_server/smart_v22_confidential_symmetric_with_commands_client_expected.json +1 -0
  10. data/execution_scripts/client_vs_server/smart_v22_confidential_symmetric_with_commands_client_no_tls_expected.json +1 -0
  11. data/execution_scripts/client_vs_server/smart_v22_confidential_symmetric_with_commands_server_expected.json +1 -0
  12. data/execution_scripts/client_vs_server/smart_v22_confidential_symmetric_with_commands_server_no_tls_expected.json +1 -0
  13. data/execution_scripts/client_vs_server/smart_v22_public_with_commands.yaml +123 -0
  14. data/execution_scripts/client_vs_server/smart_v22_public_with_commands_client_expected.json +1 -0
  15. data/execution_scripts/client_vs_server/smart_v22_public_with_commands_client_no_tls_expected.json +1 -0
  16. data/execution_scripts/client_vs_server/smart_v22_public_with_commands_server_expected.json +1 -0
  17. data/execution_scripts/client_vs_server/smart_v22_public_with_commands_server_no_tls_expected.json +1 -0
  18. data/execution_scripts/client_vs_server/visit_and_wait_to_return_to_inferno.rb +17 -0
  19. data/execution_scripts/reference_server/base_ref_server_authorize.rb +24 -0
  20. data/execution_scripts/reference_server/base_ref_server_ehr_launch.rb +24 -0
  21. data/execution_scripts/reference_server/ref_server_authorize_85_all_scopes.rb +3 -0
  22. data/execution_scripts/reference_server/ref_server_authorize_launched_all_scopes.rb +3 -0
  23. data/execution_scripts/reference_server/ref_server_ehr_launch_85.rb +3 -0
  24. data/execution_scripts/reference_server/smart_v1_vs_reference_server_with_commands.yaml +60 -0
  25. data/execution_scripts/reference_server/smart_v1_vs_reference_server_with_commands_expected.json +1 -0
  26. data/execution_scripts/reference_server/smart_v22_vs_reference_server_with_commands.yaml +93 -0
  27. data/execution_scripts/reference_server/smart_v22_vs_reference_server_with_commands_expected.json +1 -0
  28. data/execution_scripts/reference_server/smart_v22_vs_reference_server_with_commands_same_host_expected.json +4166 -0
  29. data/execution_scripts/reference_server/smart_v2_vs_reference_server_with_commands.yaml +81 -0
  30. data/execution_scripts/reference_server/smart_v2_vs_reference_server_with_commands_expected.json +1 -0
  31. data/lib/smart_app_launch/app_launch_test.rb +4 -0
  32. data/lib/smart_app_launch/app_redirect_test.rb +2 -1
  33. data/lib/smart_app_launch/client_suite/access_alca_interaction_test.rb +5 -1
  34. data/lib/smart_app_launch/client_suite/access_alcs_interaction_test.rb +5 -1
  35. data/lib/smart_app_launch/client_suite/access_alp_interaction_test.rb +6 -2
  36. data/lib/smart_app_launch/client_suite/access_bsca_interaction_test.rb +4 -1
  37. data/lib/smart_app_launch/client_suite/authentication_verification.rb +1 -1
  38. data/lib/smart_app_launch/client_suite/client_descriptions.rb +4 -3
  39. data/lib/smart_app_launch/cors_metadata_request_test.rb +11 -4
  40. data/lib/smart_app_launch/cors_openid_fhir_user_claim_test.rb +8 -4
  41. data/lib/smart_app_launch/cors_token_exchange_test.rb +8 -4
  42. data/lib/smart_app_launch/cors_well_known_endpoint_test.rb +8 -4
  43. data/lib/smart_app_launch/version.rb +2 -2
  44. metadata +34 -6
data/execution_scripts/client_vs_server/smart_v22_backend_services_with_commands_server_no_tls_expected.json ADDED
@@ -0,0 +1,479 @@
1
+ [
2
+ {
3
+ "id": "b1e2e706-b291-4547-adf0-8b7851d42fef",
4
+ "created_at": "2026-04-03T12:30:57.028-04:00",
5
+ "inputs": [
6
+ {
7
+ "name": "url",
8
+ "value": "http://localhost:4567/custom/smart_client_stu2_2/fhir",
9
+ "type": "text"
10
+ },
11
+ {
12
+ "name": "backend_services_smart_auth_info",
13
+ "value": "{\"auth_type\":\"backend_services\",\"use_discovery\":\"true\",\"requested_scopes\":\"system/*.rs\",\"client_id\":\"smart_client_test_demo\",\"pkce_support\":\"enabled\",\"pkce_code_challenge_method\":\"S256\",\"auth_request_method\":\"GET\",\"encryption_algorithm\":\"ES384\",\"name\":\"backend_services_smart_auth_info\"}",
14
+ "type": "auth_info"
15
+ }
16
+ ],
17
+ "optional": false,
18
+ "outputs": [
19
+ {
20
+ "name": "well_known_introspection_url",
21
+ "type": "text",
22
+ "value": "http://localhost:4567/custom/smart_client_stu2_2/auth/introspect"
23
+ },
24
+ {
25
+ "name": "well_known_configuration",
26
+ "type": "text",
27
+ "value": "{\"token_endpoint_auth_signing_alg_values_supported\":[\"RS384\",\"ES384\"],\"capabilities\":[\"client-confidential-asymmetric\",\"launch-ehr\",\"launch-standalone\",\"authorize-post\",\"client-public\",\"client-confidential-symmetric\",\"permission-offline\",\"permission-online\",\"permission-patient\",\"permission-user\",\"permission-v1\",\"permission-v2\",\"context-ehr-patient\",\"context-ehr-encounter\",\"context-standalone-patient\",\"context-standalone-encounter\",\"context-banner\",\"context-style\"],\"code_challenge_methods_supported\":[\"S256\"],\"token_endpoint_auth_methods_supported\":[\"private_key_jwt\",\"client_secret_basic\",\"client_secret_post\"],\"issuer\":\"http://localhost:4567/custom/smart_client_stu2_2/fhir\",\"grant_types_supported\":[\"client_credentials\",\"authorization_code\"],\"scopes_supported\":[\"system/*.read\",\"user/*.read\",\"patient/*.read\"],\"authorization_endpoint\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/authorization\",\"token_endpoint\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/token\",\"introspection_endpoint\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/introspect\"}"
28
+ },
29
+ {
30
+ "name": "smart_authorization_url",
31
+ "type": "text",
32
+ "value": "http://localhost:4567/custom/smart_client_stu2_2/auth/authorization"
33
+ },
34
+ {
35
+ "name": "well_known_management_url",
36
+ "type": "text",
37
+ "value": ""
38
+ },
39
+ {
40
+ "name": "well_known_registration_url",
41
+ "type": "text",
42
+ "value": ""
43
+ },
44
+ {
45
+ "name": "well_known_revocation_url",
46
+ "type": "text",
47
+ "value": ""
48
+ },
49
+ {
50
+ "name": "smart_token_url",
51
+ "type": "text",
52
+ "value": "http://localhost:4567/custom/smart_client_stu2_2/auth/token"
53
+ },
54
+ {
55
+ "name": "backend_services_smart_auth_info",
56
+ "type": "text",
57
+ "value": "{\"auth_type\":\"backend_services\",\"use_discovery\":\"true\",\"token_url\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/token\",\"auth_url\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/authorization\",\"requested_scopes\":\"system/*.rs\",\"client_id\":\"smart_client_test_demo\",\"pkce_support\":\"enabled\",\"pkce_code_challenge_method\":\"S256\",\"auth_request_method\":\"GET\",\"encryption_algorithm\":\"ES384\",\"name\":\"backend_services_smart_auth_info\"}"
58
+ }
59
+ ],
60
+ "requests": [
61
+ {
62
+ "id": "fc08dedc-f24f-4533-93a1-9821401ebd6b",
63
+ "direction": "outgoing",
64
+ "index": 853,
65
+ "result_id": "b1e2e706-b291-4547-adf0-8b7851d42fef",
66
+ "status": 200,
67
+ "timestamp": "2026-04-03T12:30:57.031-04:00",
68
+ "url": "http://localhost:4567/custom/smart_client_stu2_2/fhir/.well-known/smart-configuration",
69
+ "verb": "get"
70
+ }
71
+ ],
72
+ "result": "pass",
73
+ "test_id": "smart_stu2_2-smart_backend_services-smart_discovery_stu2_2-well_known_endpoint",
74
+ "test_run_id": "667e7b0a-a3fc-43f6-997e-1273109c4229",
75
+ "test_session_id": "bqd5CYxzQ0Z",
76
+ "updated_at": "2026-04-03T12:30:57.028-04:00"
77
+ },
78
+ {
79
+ "id": "5671515b-08c0-4997-9a5a-e11fe0684b48",
80
+ "created_at": "2026-04-03T12:30:57.036-04:00",
81
+ "inputs": [
82
+ {
83
+ "name": "well_known_configuration",
84
+ "value": "{\"token_endpoint_auth_signing_alg_values_supported\":[\"RS384\",\"ES384\"],\"capabilities\":[\"client-confidential-asymmetric\",\"launch-ehr\",\"launch-standalone\",\"authorize-post\",\"client-public\",\"client-confidential-symmetric\",\"permission-offline\",\"permission-online\",\"permission-patient\",\"permission-user\",\"permission-v1\",\"permission-v2\",\"context-ehr-patient\",\"context-ehr-encounter\",\"context-standalone-patient\",\"context-standalone-encounter\",\"context-banner\",\"context-style\"],\"code_challenge_methods_supported\":[\"S256\"],\"token_endpoint_auth_methods_supported\":[\"private_key_jwt\",\"client_secret_basic\",\"client_secret_post\"],\"issuer\":\"http://localhost:4567/custom/smart_client_stu2_2/fhir\",\"grant_types_supported\":[\"client_credentials\",\"authorization_code\"],\"scopes_supported\":[\"system/*.read\",\"user/*.read\",\"patient/*.read\"],\"authorization_endpoint\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/authorization\",\"token_endpoint\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/token\",\"introspection_endpoint\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/introspect\"}",
85
+ "type": "text"
86
+ }
87
+ ],
88
+ "messages": [
89
+ {
90
+ "message": "Well-known `issuer` is omitted when server capabilites does not include `sso-openid-connect`",
91
+ "type": "warning"
92
+ }
93
+ ],
94
+ "optional": false,
95
+ "outputs": [],
96
+ "requests": [],
97
+ "result": "pass",
98
+ "test_id": "smart_stu2_2-smart_backend_services-smart_discovery_stu2_2-well_known_capabilities_stu2",
99
+ "test_run_id": "667e7b0a-a3fc-43f6-997e-1273109c4229",
100
+ "test_session_id": "bqd5CYxzQ0Z",
101
+ "updated_at": "2026-04-03T12:30:57.036-04:00"
102
+ },
103
+ {
104
+ "id": "23aade05-b9e5-49c7-bf4e-a8f8e415b82f",
105
+ "created_at": "2026-04-03T12:30:57.042-04:00",
106
+ "inputs": [
107
+ {
108
+ "name": "url",
109
+ "value": "http://localhost:4567/custom/smart_client_stu2_2/fhir",
110
+ "type": "text"
111
+ }
112
+ ],
113
+ "messages": [
114
+ {
115
+ "message": "No CORS headers required: Inferno and the target server are on the same host.",
116
+ "type": "info"
117
+ }
118
+ ],
119
+ "optional": true,
120
+ "outputs": [],
121
+ "requests": [
122
+ {
123
+ "id": "8440e3cf-bf34-4a91-82d0-500a64a6d85d",
124
+ "direction": "outgoing",
125
+ "index": 854,
126
+ "result_id": "23aade05-b9e5-49c7-bf4e-a8f8e415b82f",
127
+ "status": 200,
128
+ "timestamp": "2026-04-03T12:30:57.044-04:00",
129
+ "url": "http://localhost:4567/custom/smart_client_stu2_2/fhir/.well-known/smart-configuration",
130
+ "verb": "get"
131
+ }
132
+ ],
133
+ "result": "pass",
134
+ "test_id": "smart_stu2_2-smart_backend_services-smart_discovery_stu2_2-smart_cors_well_known_endpoint",
135
+ "test_run_id": "667e7b0a-a3fc-43f6-997e-1273109c4229",
136
+ "test_session_id": "bqd5CYxzQ0Z",
137
+ "updated_at": "2026-04-03T12:30:57.042-04:00"
138
+ },
139
+ {
140
+ "id": "55c879d5-cf6d-464e-af46-773f5e22ad7f",
141
+ "created_at": "2026-04-03T12:30:57.061-04:00",
142
+ "inputs": [
143
+ {
144
+ "name": "url",
145
+ "value": "http://localhost:4567/custom/smart_client_stu2_2/fhir",
146
+ "type": "text"
147
+ }
148
+ ],
149
+ "optional": true,
150
+ "outputs": [],
151
+ "requests": [
152
+ {
153
+ "id": "f321cdbd-67b9-4afe-8111-7bfbf83b6941",
154
+ "direction": "outgoing",
155
+ "index": 855,
156
+ "result_id": "55c879d5-cf6d-464e-af46-773f5e22ad7f",
157
+ "status": 500,
158
+ "timestamp": "2026-04-03T12:30:57.062-04:00",
159
+ "url": "http://localhost:4567/custom/smart_client_stu2_2/fhir/metadata",
160
+ "verb": "get"
161
+ }
162
+ ],
163
+ "result": "fail",
164
+ "result_message": "Unexpected response status: expected 200, but received 500",
165
+ "test_id": "smart_stu2_2-smart_backend_services-smart_discovery_stu2_2-smart_cors_metadata_request",
166
+ "test_run_id": "667e7b0a-a3fc-43f6-997e-1273109c4229",
167
+ "test_session_id": "bqd5CYxzQ0Z",
168
+ "updated_at": "2026-04-03T12:30:57.061-04:00"
169
+ },
170
+ {
171
+ "id": "623757d1-642b-41c0-94af-e37059d26ea0",
172
+ "created_at": "2026-04-03T12:30:57.066-04:00",
173
+ "inputs": [
174
+ {
175
+ "name": "url",
176
+ "label": "FHIR Endpoint",
177
+ "description": "URL of the FHIR endpoint used by SMART applications",
178
+ "value": "http://localhost:4567/custom/smart_client_stu2_2/fhir",
179
+ "type": "text"
180
+ },
181
+ {
182
+ "name": "backend_services_smart_auth_info",
183
+ "label": null,
184
+ "description": null,
185
+ "value": "{\"auth_type\":\"backend_services\",\"use_discovery\":\"true\",\"requested_scopes\":\"system/*.rs\",\"client_id\":\"smart_client_test_demo\",\"pkce_support\":\"enabled\",\"pkce_code_challenge_method\":\"S256\",\"auth_request_method\":\"GET\",\"encryption_algorithm\":\"ES384\",\"name\":\"backend_services_smart_auth_info\"}",
186
+ "type": "auth_info"
187
+ }
188
+ ],
189
+ "optional": false,
190
+ "outputs": [],
191
+ "requests": [],
192
+ "result": "pass",
193
+ "test_group_id": "smart_stu2_2-smart_backend_services-smart_discovery_stu2_2",
194
+ "test_run_id": "667e7b0a-a3fc-43f6-997e-1273109c4229",
195
+ "test_session_id": "bqd5CYxzQ0Z",
196
+ "updated_at": "2026-04-03T12:30:57.066-04:00"
197
+ },
198
+ {
199
+ "id": "c85f6156-5fc7-435b-a1e7-84192b7bca09",
200
+ "created_at": "2026-04-03T12:30:57.073-04:00",
201
+ "inputs": [
202
+ {
203
+ "name": "url",
204
+ "value": "http://localhost:4567/custom/smart_client_stu2_2/fhir",
205
+ "type": "text"
206
+ },
207
+ {
208
+ "name": "backend_services_smart_auth_info",
209
+ "value": "{\"auth_type\":\"backend_services\",\"use_discovery\":\"true\",\"token_url\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/token\",\"auth_url\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/authorization\",\"requested_scopes\":\"system/*.rs\",\"client_id\":\"smart_client_test_demo\",\"pkce_support\":\"enabled\",\"pkce_code_challenge_method\":\"S256\",\"auth_request_method\":\"GET\",\"encryption_algorithm\":\"ES384\",\"name\":\"backend_services_smart_auth_info\"}",
210
+ "type": "auth_info"
211
+ }
212
+ ],
213
+ "messages": [
214
+ {
215
+ "message": "http://localhost:4567/custom/smart_client_stu2_2/auth/token correctly denied SSL 2.0 connection as required.",
216
+ "type": "info"
217
+ },
218
+ {
219
+ "message": "http://localhost:4567/custom/smart_client_stu2_2/auth/token correctly denied SSL 3.0 connection as required.",
220
+ "type": "info"
221
+ },
222
+ {
223
+ "message": "http://localhost:4567/custom/smart_client_stu2_2/auth/token correctly denied TLS 1.0 connection as required.",
224
+ "type": "info"
225
+ },
226
+ {
227
+ "message": "http://localhost:4567/custom/smart_client_stu2_2/auth/token correctly denied TLS 1.1 connection as required.",
228
+ "type": "info"
229
+ },
230
+ {
231
+ "message": "http://localhost:4567/custom/smart_client_stu2_2/auth/token denied TLS 1.2 connection.",
232
+ "type": "info"
233
+ },
234
+ {
235
+ "message": "http://localhost:4567/custom/smart_client_stu2_2/auth/token denied TLS 1.3 connection.",
236
+ "type": "info"
237
+ }
238
+ ],
239
+ "optional": false,
240
+ "outputs": [],
241
+ "requests": [],
242
+ "result": "fail",
243
+ "result_message": "Server did not support any allowed TLS versions.",
244
+ "test_id": "smart_stu2_2-smart_backend_services-backend_services_authorization-smart_backend_services_token_tls_version",
245
+ "test_run_id": "667e7b0a-a3fc-43f6-997e-1273109c4229",
246
+ "test_session_id": "bqd5CYxzQ0Z",
247
+ "updated_at": "2026-04-03T12:30:57.073-04:00"
248
+ },
249
+ {
250
+ "id": "d74c9257-3074-46fc-acf4-fd03e3f7ffdf",
251
+ "created_at": "2026-04-03T12:30:57.081-04:00",
252
+ "inputs": [
253
+ {
254
+ "name": "backend_services_smart_auth_info",
255
+ "value": "{\"auth_type\":\"backend_services\",\"use_discovery\":\"true\",\"token_url\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/token\",\"auth_url\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/authorization\",\"requested_scopes\":\"system/*.rs\",\"client_id\":\"smart_client_test_demo\",\"pkce_support\":\"enabled\",\"pkce_code_challenge_method\":\"S256\",\"auth_request_method\":\"GET\",\"encryption_algorithm\":\"ES384\",\"name\":\"backend_services_smart_auth_info\"}",
256
+ "type": "auth_info"
257
+ }
258
+ ],
259
+ "optional": false,
260
+ "outputs": [],
261
+ "requests": [
262
+ {
263
+ "id": "76172d46-5092-4ab0-a8f7-0e3be3ae603d",
264
+ "direction": "outgoing",
265
+ "index": 856,
266
+ "result_id": "d74c9257-3074-46fc-acf4-fd03e3f7ffdf",
267
+ "status": 500,
268
+ "timestamp": "2026-04-03T12:30:57.081-04:00",
269
+ "url": "http://localhost:4567/custom/smart_client_stu2_2/auth/token",
270
+ "verb": "post"
271
+ }
272
+ ],
273
+ "result": "fail",
274
+ "result_message": "Unexpected response status: expected 400, but received 500",
275
+ "test_id": "smart_stu2_2-smart_backend_services-backend_services_authorization-smart_backend_services_invalid_grant_type",
276
+ "test_run_id": "667e7b0a-a3fc-43f6-997e-1273109c4229",
277
+ "test_session_id": "bqd5CYxzQ0Z",
278
+ "updated_at": "2026-04-03T12:30:57.081-04:00"
279
+ },
280
+ {
281
+ "id": "ad74f654-421f-4bda-9ba2-47638b6df3d4",
282
+ "created_at": "2026-04-03T12:30:57.094-04:00",
283
+ "inputs": [
284
+ {
285
+ "name": "backend_services_smart_auth_info",
286
+ "value": "{\"auth_type\":\"backend_services\",\"use_discovery\":\"true\",\"token_url\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/token\",\"auth_url\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/authorization\",\"requested_scopes\":\"system/*.rs\",\"client_id\":\"smart_client_test_demo\",\"pkce_support\":\"enabled\",\"pkce_code_challenge_method\":\"S256\",\"auth_request_method\":\"GET\",\"encryption_algorithm\":\"ES384\",\"name\":\"backend_services_smart_auth_info\"}",
287
+ "type": "auth_info"
288
+ }
289
+ ],
290
+ "optional": false,
291
+ "outputs": [],
292
+ "requests": [
293
+ {
294
+ "id": "eb9a2d9c-2f9b-46e4-ad6e-e3c23bac3235",
295
+ "direction": "outgoing",
296
+ "index": 858,
297
+ "result_id": "ad74f654-421f-4bda-9ba2-47638b6df3d4",
298
+ "status": 200,
299
+ "timestamp": "2026-04-03T12:30:57.117-04:00",
300
+ "url": "http://localhost:4567/custom/smart_client_stu2_2/auth/token",
301
+ "verb": "post"
302
+ }
303
+ ],
304
+ "result": "fail",
305
+ "result_message": "Unexpected response status: expected 400, 401, but received 200",
306
+ "test_id": "smart_stu2_2-smart_backend_services-backend_services_authorization-smart_backend_services_invalid_client_assertion",
307
+ "test_run_id": "667e7b0a-a3fc-43f6-997e-1273109c4229",
308
+ "test_session_id": "bqd5CYxzQ0Z",
309
+ "updated_at": "2026-04-03T12:30:57.094-04:00"
310
+ },
311
+ {
312
+ "id": "bc8ad628-d07e-4ff0-8854-a28ff4898d2a",
313
+ "created_at": "2026-04-03T12:30:57.133-04:00",
314
+ "inputs": [
315
+ {
316
+ "name": "backend_services_smart_auth_info",
317
+ "value": "{\"auth_type\":\"backend_services\",\"use_discovery\":\"true\",\"token_url\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/token\",\"auth_url\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/authorization\",\"requested_scopes\":\"system/*.rs\",\"client_id\":\"smart_client_test_demo\",\"pkce_support\":\"enabled\",\"pkce_code_challenge_method\":\"S256\",\"auth_request_method\":\"GET\",\"encryption_algorithm\":\"ES384\",\"name\":\"backend_services_smart_auth_info\"}",
318
+ "type": "auth_info"
319
+ }
320
+ ],
321
+ "optional": false,
322
+ "outputs": [],
323
+ "requests": [
324
+ {
325
+ "id": "a63b4de7-2dfe-49ad-963a-10e5df0c8534",
326
+ "direction": "outgoing",
327
+ "index": 860,
328
+ "result_id": "bc8ad628-d07e-4ff0-8854-a28ff4898d2a",
329
+ "status": 200,
330
+ "timestamp": "2026-04-03T12:30:57.135-04:00",
331
+ "url": "http://localhost:4567/custom/smart_client_stu2_2/auth/token",
332
+ "verb": "post"
333
+ }
334
+ ],
335
+ "result": "fail",
336
+ "result_message": "Unexpected response status: expected 400, 401, but received 200",
337
+ "test_id": "smart_stu2_2-smart_backend_services-backend_services_authorization-smart_backend_services_invalid_jwt",
338
+ "test_run_id": "667e7b0a-a3fc-43f6-997e-1273109c4229",
339
+ "test_session_id": "bqd5CYxzQ0Z",
340
+ "updated_at": "2026-04-03T12:30:57.133-04:00"
341
+ },
342
+ {
343
+ "id": "51939a9c-64c3-4eae-a5d8-41c6cb69cb09",
344
+ "created_at": "2026-04-03T12:30:57.159-04:00",
345
+ "inputs": [
346
+ {
347
+ "name": "backend_services_smart_auth_info",
348
+ "value": "{\"auth_type\":\"backend_services\",\"use_discovery\":\"true\",\"token_url\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/token\",\"auth_url\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/authorization\",\"requested_scopes\":\"system/*.rs\",\"client_id\":\"smart_client_test_demo\",\"pkce_support\":\"enabled\",\"pkce_code_challenge_method\":\"S256\",\"auth_request_method\":\"GET\",\"encryption_algorithm\":\"ES384\",\"name\":\"backend_services_smart_auth_info\"}",
349
+ "type": "auth_info"
350
+ }
351
+ ],
352
+ "optional": false,
353
+ "outputs": [
354
+ {
355
+ "name": "authentication_response",
356
+ "type": "text",
357
+ "value": "{\"access_token\":\"eyJjbGllbnRfaWQiOiJzbWFydF9jbGllbnRfdGVzdF9kZW1vIiwiZXhwaXJhdGlvbiI6MTc3NTIzNzQ1Nywibm9uY2UiOiI1NDVlNDlmM2U2ZjgxMjQzIn0\",\"token_type\":\"Bearer\",\"expires_in\":3600,\"scope\":\"system/*.rs\"}"
358
+ },
359
+ {
360
+ "name": "backend_services_smart_auth_info",
361
+ "type": "text",
362
+ "value": "{\"auth_type\":\"backend_services\",\"use_discovery\":\"true\",\"token_url\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/token\",\"auth_url\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/authorization\",\"requested_scopes\":\"system/*.rs\",\"client_id\":\"smart_client_test_demo\",\"pkce_support\":\"enabled\",\"pkce_code_challenge_method\":\"S256\",\"auth_request_method\":\"GET\",\"encryption_algorithm\":\"ES384\",\"issue_time\":\"2026-04-03T12:30:57-04:00\",\"name\":\"backend_services_smart_auth_info\"}"
363
+ }
364
+ ],
365
+ "requests": [
366
+ {
367
+ "id": "2ae0eeb3-4359-4357-9f9f-07c94a788589",
368
+ "direction": "outgoing",
369
+ "index": 862,
370
+ "result_id": "51939a9c-64c3-4eae-a5d8-41c6cb69cb09",
371
+ "status": 200,
372
+ "timestamp": "2026-04-03T12:30:57.159-04:00",
373
+ "url": "http://localhost:4567/custom/smart_client_stu2_2/auth/token",
374
+ "verb": "post"
375
+ }
376
+ ],
377
+ "result": "pass",
378
+ "test_id": "smart_stu2_2-smart_backend_services-backend_services_authorization-smart_backend_services_auth_request_success",
379
+ "test_run_id": "667e7b0a-a3fc-43f6-997e-1273109c4229",
380
+ "test_session_id": "bqd5CYxzQ0Z",
381
+ "updated_at": "2026-04-03T12:30:57.159-04:00"
382
+ },
383
+ {
384
+ "id": "f18affc0-1d3a-4904-a666-af533cc10d29",
385
+ "created_at": "2026-04-03T12:30:57.168-04:00",
386
+ "inputs": [
387
+ {
388
+ "name": "authentication_response",
389
+ "value": "{\"access_token\":\"eyJjbGllbnRfaWQiOiJzbWFydF9jbGllbnRfdGVzdF9kZW1vIiwiZXhwaXJhdGlvbiI6MTc3NTIzNzQ1Nywibm9uY2UiOiI1NDVlNDlmM2U2ZjgxMjQzIn0\",\"token_type\":\"Bearer\",\"expires_in\":3600,\"scope\":\"system/*.rs\"}",
390
+ "type": "text"
391
+ },
392
+ {
393
+ "name": "backend_services_smart_auth_info",
394
+ "value": "{\"auth_type\":\"backend_services\",\"use_discovery\":\"true\",\"token_url\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/token\",\"auth_url\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/authorization\",\"requested_scopes\":\"system/*.rs\",\"client_id\":\"smart_client_test_demo\",\"pkce_support\":\"enabled\",\"pkce_code_challenge_method\":\"S256\",\"auth_request_method\":\"GET\",\"encryption_algorithm\":\"ES384\",\"issue_time\":\"2026-04-03T12:30:57-04:00\",\"name\":\"backend_services_smart_auth_info\"}",
395
+ "type": "auth_info"
396
+ }
397
+ ],
398
+ "optional": false,
399
+ "outputs": [
400
+ {
401
+ "name": "bearer_token",
402
+ "type": "text",
403
+ "value": "eyJjbGllbnRfaWQiOiJzbWFydF9jbGllbnRfdGVzdF9kZW1vIiwiZXhwaXJhdGlvbiI6MTc3NTIzNzQ1Nywibm9uY2UiOiI1NDVlNDlmM2U2ZjgxMjQzIn0"
404
+ },
405
+ {
406
+ "name": "backend_services_smart_auth_info",
407
+ "type": "text",
408
+ "value": "{\"auth_type\":\"backend_services\",\"use_discovery\":\"true\",\"token_url\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/token\",\"auth_url\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/authorization\",\"requested_scopes\":\"system/*.rs\",\"client_id\":\"smart_client_test_demo\",\"pkce_support\":\"enabled\",\"pkce_code_challenge_method\":\"S256\",\"auth_request_method\":\"GET\",\"encryption_algorithm\":\"ES384\",\"access_token\":\"eyJjbGllbnRfaWQiOiJzbWFydF9jbGllbnRfdGVzdF9kZW1vIiwiZXhwaXJhdGlvbiI6MTc3NTIzNzQ1Nywibm9uY2UiOiI1NDVlNDlmM2U2ZjgxMjQzIn0\",\"issue_time\":\"2026-04-03T12:30:57-04:00\",\"expires_in\":3600,\"name\":\"backend_services_smart_auth_info\"}"
409
+ },
410
+ {
411
+ "name": "backend_services_received_scopes",
412
+ "type": "text",
413
+ "value": "system/*.rs"
414
+ }
415
+ ],
416
+ "requests": [],
417
+ "result": "pass",
418
+ "test_id": "smart_stu2_2-smart_backend_services-backend_services_authorization-smart_backend_services_auth_response_body",
419
+ "test_run_id": "667e7b0a-a3fc-43f6-997e-1273109c4229",
420
+ "test_session_id": "bqd5CYxzQ0Z",
421
+ "updated_at": "2026-04-03T12:30:57.168-04:00"
422
+ },
423
+ {
424
+ "id": "20599988-2744-4ad6-ae30-436957709ed2",
425
+ "created_at": "2026-04-03T12:30:57.179-04:00",
426
+ "inputs": [
427
+ {
428
+ "name": "url",
429
+ "label": null,
430
+ "description": null,
431
+ "value": "http://localhost:4567/custom/smart_client_stu2_2/fhir",
432
+ "type": "text"
433
+ },
434
+ {
435
+ "name": "backend_services_smart_auth_info",
436
+ "label": "Backend Services Credentials",
437
+ "description": null,
438
+ "value": "{\"auth_type\":\"backend_services\",\"use_discovery\":\"true\",\"token_url\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/token\",\"auth_url\":\"http://localhost:4567/custom/smart_client_stu2_2/auth/authorization\",\"requested_scopes\":\"system/*.rs\",\"client_id\":\"smart_client_test_demo\",\"pkce_support\":\"enabled\",\"pkce_code_challenge_method\":\"S256\",\"auth_request_method\":\"GET\",\"encryption_algorithm\":\"ES384\",\"name\":\"backend_services_smart_auth_info\"}",
439
+ "type": "auth_info"
440
+ }
441
+ ],
442
+ "optional": false,
443
+ "outputs": [],
444
+ "requests": [],
445
+ "result": "fail",
446
+ "test_group_id": "smart_stu2_2-smart_backend_services-backend_services_authorization",
447
+ "test_run_id": "667e7b0a-a3fc-43f6-997e-1273109c4229",
448
+ "test_session_id": "bqd5CYxzQ0Z",
449
+ "updated_at": "2026-04-03T12:30:57.179-04:00"
450
+ },
451
+ {
452
+ "id": "76e734bc-183c-46a7-8a8e-e26284890e7a",
453
+ "created_at": "2026-04-03T12:30:57.181-04:00",
454
+ "inputs": [
455
+ {
456
+ "name": "url",
457
+ "label": "FHIR Endpoint",
458
+ "description": "URL of the FHIR endpoint used by SMART applications",
459
+ "value": "http://localhost:4567/custom/smart_client_stu2_2/fhir",
460
+ "type": "text"
461
+ },
462
+ {
463
+ "name": "backend_services_smart_auth_info",
464
+ "label": "Backend Services Credentials",
465
+ "description": null,
466
+ "value": "{\"auth_type\":\"backend_services\",\"use_discovery\":\"true\",\"requested_scopes\":\"system/*.rs\",\"client_id\":\"smart_client_test_demo\",\"pkce_support\":\"enabled\",\"pkce_code_challenge_method\":\"S256\",\"auth_request_method\":\"GET\",\"encryption_algorithm\":\"ES384\",\"name\":\"backend_services_smart_auth_info\"}",
467
+ "type": "auth_info"
468
+ }
469
+ ],
470
+ "optional": false,
471
+ "outputs": [],
472
+ "requests": [],
473
+ "result": "fail",
474
+ "test_group_id": "smart_stu2_2-smart_backend_services",
475
+ "test_run_id": "667e7b0a-a3fc-43f6-997e-1273109c4229",
476
+ "test_session_id": "bqd5CYxzQ0Z",
477
+ "updated_at": "2026-04-03T12:30:57.181-04:00"
478
+ }
479
+ ]
data/execution_scripts/client_vs_server/smart_v22_confidential_symmetric_with_commands.yaml ADDED
@@ -0,0 +1,122 @@
1
+ sessions:
2
+ - suite: smart_client_stu2_2
3
+ name: client
4
+ preset: smart_run_client_against_server_v2_2
5
+ suite_options:
6
+ SMART Client Type: 'SMART App Launch Confidential Symmetric Client'
7
+ - suite: smart_stu2_2
8
+ name: server
9
+ preset: 'Demo: Run Against the SMART Client Suite (Confidential Symmetric)'
10
+
11
+ comparison_config:
12
+ normalized_strings:
13
+ - replacement: <INFERNO_HOST>
14
+ patterns:
15
+ - http://localhost:4567/inferno # local inferno core ruby
16
+ - http://localhost:4567 # local ruby
17
+ - http://localhost # local docker
18
+ - https://inferno.healthit.gov/suites # prod
19
+ - https://inferno-qa.healthit.gov/suites # qa
20
+ - replacement: <REFERENCE_SERVER_URL>
21
+ patterns:
22
+ - https://inferno.healthit.gov/reference-server # prod reference server
23
+ - https://inferno-qa.healthit.gov/reference-server # qa reference server
24
+ - replacement: code_challenge=<CODE_CHALLENGE>
25
+ pattern: /code_challenge=[A-Za-z0-9+\/=_-]{43}/
26
+ - replacement: launch=<LAUNCH_KEY>
27
+ pattern: /launch=[a-f0-9]{64}/
28
+ - replacement: <UUID>
29
+ pattern: /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/i
30
+ sessions:
31
+ server:
32
+ alternate_expected_files:
33
+ - file: smart_v22_confidential_symmetric_with_commands_server_no_tls_expected.json
34
+ when:
35
+ - field: inputs.url
36
+ matches: ^http://
37
+ client:
38
+ alternate_expected_files:
39
+ - file: smart_v22_confidential_symmetric_with_commands_client_no_tls_expected.json
40
+ when:
41
+ - field: inputs.smart_launch_urls
42
+ matches: ^http://
43
+
44
+ steps:
45
+ - state_description: Session Created
46
+ session: client
47
+ status: created
48
+ start_run:
49
+ session: client
50
+ runnable: suite
51
+ action_description: Run the client suite
52
+
53
+ - state_description: Wait at Client test 5.02 Access a secured FHIR endpoint using SMART App Launch
54
+ session: client
55
+ status: waiting
56
+ last_completed: 5.02
57
+ start_run:
58
+ session: server
59
+ runnable: 1
60
+ next_poll_session: server
61
+ action_description: Run server group 1 Standalone Launch
62
+
63
+ - state_description: Wait at Server test 1.2.02 OAuth server redirects client browser to app redirect URI
64
+ session: server
65
+ status: waiting
66
+ last_completed: 1.2.02
67
+ command: bundle exec ruby execution_scripts/client_vs_server/visit_and_wait_to_return_to_inferno.rb '{server.wait_outputs.authorization_url}'
68
+ action_description: Click the authorization link
69
+
70
+ - state_description: Finished Server group 1 Standalone Launch
71
+ session: server
72
+ status: done
73
+ last_completed: 1
74
+ start_run:
75
+ session: server
76
+ runnable: 2
77
+ action_description: Run server group 2 EHR Launch
78
+
79
+ - state_description: Wait at Server test 2.2.01 EHR server redirects client browser to Inferno app launch URI
80
+ session: server
81
+ status: waiting
82
+ last_completed: 2.2.01
83
+ command: bundle exec ruby execution_scripts/client_vs_server/visit_and_wait_to_return_to_inferno.rb '{client.wait_outputs.launch_urls}'
84
+ action_description: Perform an EHR launch using the simulated launch url
85
+
86
+ - state_description: Wait at Server test 2.2.04 OAuth server redirects client browser to app redirect URI
87
+ session: server
88
+ status: waiting
89
+ last_completed: 2.2.04
90
+ command: bundle exec ruby execution_scripts/client_vs_server/visit_and_wait_to_return_to_inferno.rb '{server.wait_outputs.authorization_url}'
91
+ action_description: Click the authorization link
92
+
93
+ - state_description: Finished Server group 2 EHR Launch
94
+ session: server
95
+ status: done
96
+ last_completed: 2
97
+ start_run:
98
+ session: server
99
+ runnable: 4
100
+ action_description: Run server group 4 Token Introspection
101
+
102
+ - state_description: Wait at Server test 4.1.2.02 OAuth server redirects client browser to app redirect URI
103
+ session: server
104
+ status: waiting
105
+ last_completed: 4.1.2.02
106
+ command: bundle exec ruby execution_scripts/client_vs_server/visit_and_wait_to_return_to_inferno.rb '{server.wait_outputs.authorization_url}'
107
+ action_description: Click the authorization link
108
+
109
+ - state_description: Finished Server group 4 Token Introspection
110
+ session: server
111
+ status: done
112
+ last_completed: 4
113
+ command: bundle exec ruby execution_scripts/client_vs_server/visit_and_wait_to_return_to_inferno.rb '{client.wait_outputs.continuation_url}'
114
+ next_poll_session: client
115
+ action_description: Continue the Client tests
116
+
117
+ - state_description: Finished Client Suite
118
+ session: client
119
+ status: done
120
+ last_completed: suite
121
+ action: END_SCRIPT
122
+ action_description: Finished Script