smart_app_launch_test_kit 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2c5933298e16b4e62b1381d8697fe077af1dcd3e953e930f3853fc1d0850d90c
-  data.tar.gz: af74480ebd3eca40306158c0ef47a04f33325fb1a703b645a97344eb799c4cb9
+  metadata.gz: 4b5b5d83f2f6bd20c159c0c258b0a67123880f3f526c21487795c0b7e60dde44
+  data.tar.gz: bcd5875e3e0a8a34a5d573d1cfda6b6babfc55c1b4364834a761c21c264ad83b
 SHA512:
-  metadata.gz: 822ea01dd26d84dbd79bb4d24cb45af8fc17e6aeea1522cf668962f5cf245b6fe07c24df658367892ad08f0ae3070e44579560e6a8f3c3b2272e6e971d804f1b
-  data.tar.gz: ddd6263d76f090845a441edc8c103fd1516fc5bb5c7ffcf8de84aee2bac3e706ca3038e60b2e64b13c9a0b989067efe32d3818a32600ac720a46e55885c32ebe
+  metadata.gz: 76d53cd6f4b40e128dc3510f0e4e01de66e8e61c475c7db1516bf726e8f2890c4ebc08e5838e2d3714b7791a3e5a65fc4165eeae6136bada32e23a08ada64caf
+  data.tar.gz: 6d6a3851b0d01ceb6d1576be40eb74be5a8b86089d705c26ab877251a843d68d9d4afc10c13de43d5eb122e9e971c2e5d76f8afb17b30f3def60370769ecd660

data/lib/smart_app_launch/app_redirect_test.rb

@@ -87,7 +87,8 @@ module SMARTAppLaunch
       end
 
       if use_pkce == 'true'
-        code_verifier = SecureRandom.uuid
+        # code verifier must be between 43 and 128 characters
+        code_verifier = SecureRandom.uuid + '-' + SecureRandom.uuid
         code_challenge =
           if pkce_code_challenge_method == 'S256'
             self.class.calculate_s256_challenge(code_verifier)

data/lib/smart_app_launch/token_payload_validation.rb

@@ -28,6 +28,12 @@ module SMARTAppLaunch
       end
     end
 
+    def validate_scope_subset(received_scopes, original_scopes)
+      extra_scopes = received_scopes.split - original_scopes.split
+      assert extra_scopes.empty?, "Token response contained scopes which are not a subset of the scope granted to the "\
+                                  "original access token: #{extra_scopes.join(', ')}"
+    end
+
     def validate_token_field_types(body)
       STRING_FIELDS
         .select { |field| body[field].present? }

data/lib/smart_app_launch/token_refresh_body_test.rb

@@ -11,6 +11,8 @@ module SMARTAppLaunch
       an access token or a message indicating that the authorization request
       has been denied. `access_token`, `expires_in`, `token_type`, and `scope` are
       required. `access_token` must be `Bearer`.
+
+      Scopes returned must be a strict subset of the scopes granted in the original launch.
     )
     input :received_scopes
     output :refresh_token, :access_token, :token_retrieval_time, :expires_in, :received_scopes
@@ -36,8 +38,7 @@ module SMARTAppLaunch
       validate_token_field_types(body)
       validate_token_type(body)
 
-      assert received_scopes.split.sort == old_received_scopes.split.sort,
-             'Received scopes not equal to originally granted scopes'
+      validate_scope_subset(received_scopes, old_received_scopes)
     end
   end
 end

data/lib/smart_app_launch/token_refresh_group.rb

@@ -10,7 +10,7 @@ module SMARTAppLaunch
     description %(
       # Background
 
-      The #{title} Sequence tests the ability of the system to successfuly
+      The #{title} Sequence tests the ability of the system to successfully
       exchange a refresh token for an access token. Refresh tokens are typically
       longer lived than access tokens and allow client applications to obtain a
       new access token Refresh tokens themselves cannot provide access to

data/lib/smart_app_launch/version.rb

@@ -1,3 +1,3 @@
 module SMARTAppLaunch
-  VERSION = '0.1.1'
+  VERSION = '0.1.2'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: smart_app_launch_test_kit
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - Stephen MacVicar
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-03-05 00:00:00.000000000 Z
+date: 2022-04-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: inferno_core