smart_app_launch_test_kit 0.4.2 → 0.4.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ff7cc187f6f513f3380f3828f963a3636b7156ed8e673d1495db1df4bc8c763c
4
- data.tar.gz: 4346b705c6ff48f9bc7733c8f06798dd3c73bb379259ac4d13221e2251db9855
3
+ metadata.gz: cbcdac5d671ebac20ff73778eddb755fb7a3774ef4ac3000260f6d6d6cb4d7f0
4
+ data.tar.gz: 1f34741969397758075cab6802652dd7f8895d137d3f9b819c28ea7662a64d27
5
5
  SHA512:
6
- metadata.gz: d4fa02dab1c8782c8beebc2aee05eda38bb4c1374286091acada9c1c78e3c625dc102e6e92df1923dc68e3c983f3aed44b38e38882e8bc3d6dfb3600840b22ae
7
- data.tar.gz: add7130f94d7ba65c102df442b7198166b80476d91f4bf10afd5e98a34824a222a43129c1e8bd2da23dfe479e7d696af64bd80f565a60eed7dde074040def3e8
6
+ metadata.gz: 8b6bbae2d20d3039b3c2e701e66a85eb4dad83f4f6e8b7f044eac044f7de4582a03a9bbca2d2e38febcf41cf51216fcd0651c863fe90c890fbac2be284ff2bc2
7
+ data.tar.gz: cbeca0cdb3c88e163e5e41ab7d8015715d8d4fd1192d69865b0936a1ab98fe6328053f7060f1c4e6aa7d2ef78fb0f0b445ebb1751ee9c3e346b622fa3e8631f1
@@ -13,8 +13,9 @@ module SMARTAppLaunch
13
13
  input :client_auth_encryption_method,
14
14
  :backend_services_requested_scope,
15
15
  :backend_services_client_id,
16
- :smart_token_url,
17
- :backend_services_jwks_kid
16
+ :smart_token_url
17
+ input :backend_services_jwks_kid,
18
+ optional: true
18
19
 
19
20
  output :authentication_response
20
21
 
@@ -20,8 +20,9 @@ module SMARTAppLaunch
20
20
  input :client_auth_encryption_method,
21
21
  :backend_services_requested_scope,
22
22
  :backend_services_client_id,
23
- :smart_token_url,
24
- :backend_services_jwks_kid
23
+ :smart_token_url
24
+ input :backend_services_jwks_kid,
25
+ optional: true
25
26
 
26
27
  http_client :token_endpoint do
27
28
  url :smart_token_url
@@ -20,8 +20,9 @@ module SMARTAppLaunch
20
20
  input :client_auth_encryption_method,
21
21
  :backend_services_requested_scope,
22
22
  :backend_services_client_id,
23
- :smart_token_url,
24
- :backend_services_jwks_kid
23
+ :smart_token_url
24
+ input :backend_services_jwks_kid,
25
+ optional: true
25
26
 
26
27
  http_client :token_endpoint do
27
28
  url :smart_token_url
@@ -31,8 +31,9 @@ module SMARTAppLaunch
31
31
  input :client_auth_encryption_method,
32
32
  :backend_services_requested_scope,
33
33
  :backend_services_client_id,
34
- :smart_token_url,
35
- :backend_services_jwks_kid
34
+ :smart_token_url
35
+ input :backend_services_jwks_kid,
36
+ optional: true
36
37
 
37
38
  http_client :token_endpoint do
38
39
  url :smart_token_url
@@ -7,7 +7,7 @@ require_relative 'standalone_launch_group_stu2'
7
7
  require_relative 'ehr_launch_group_stu2'
8
8
  require_relative 'openid_connect_group'
9
9
  require_relative 'token_introspection_group'
10
- require_relative 'token_refresh_group'
10
+ require_relative 'token_refresh_stu2_group'
11
11
  require_relative 'backend_services_authorization_group'
12
12
 
13
13
  module SMARTAppLaunch
@@ -103,7 +103,7 @@ module SMARTAppLaunch
103
103
  }
104
104
  }
105
105
 
106
- group from: :smart_token_refresh,
106
+ group from: :smart_token_refresh_stu2,
107
107
  id: :smart_standalone_refresh_without_scopes,
108
108
  title: 'SMART Token Refresh Without Scopes',
109
109
  config: {
@@ -123,7 +123,7 @@ module SMARTAppLaunch
123
123
  }
124
124
  }
125
125
 
126
- group from: :smart_token_refresh,
126
+ group from: :smart_token_refresh_stu2,
127
127
  id: :smart_standalone_refresh_with_scopes,
128
128
  title: 'SMART Token Refresh With Scopes',
129
129
  config: {
@@ -179,7 +179,7 @@ module SMARTAppLaunch
179
179
  }
180
180
  }
181
181
 
182
- group from: :smart_token_refresh,
182
+ group from: :smart_token_refresh_stu2,
183
183
  id: :smart_ehr_refresh_without_scopes,
184
184
  title: 'SMART Token Refresh Without Scopes',
185
185
  config: {
@@ -199,7 +199,7 @@ module SMARTAppLaunch
199
199
  }
200
200
  }
201
201
 
202
- group from: :smart_token_refresh,
202
+ group from: :smart_token_refresh_stu2,
203
203
  id: :smart_ehr_refresh_with_scopes,
204
204
  title: 'SMART Token Refresh With Scopes',
205
205
  config: {
@@ -0,0 +1,46 @@
1
+ require_relative 'token_refresh_stu2_test'
2
+ require_relative 'token_refresh_body_test'
3
+ require_relative 'token_response_headers_test'
4
+
5
+ module SMARTAppLaunch
6
+ class TokenRefreshSTU2Group < Inferno::TestGroup
7
+ id :smart_token_refresh_stu2
8
+ title 'SMART Token Refresh'
9
+ short_description 'Demonstrate the ability to exchange a refresh token for an access token.'
10
+ description %(
11
+ # Background
12
+
13
+ The #{title} Sequence tests the ability of the system to successfully
14
+ exchange a refresh token for an access token. Refresh tokens are typically
15
+ longer lived than access tokens and allow client applications to obtain a
16
+ new access token Refresh tokens themselves cannot provide access to
17
+ resources on the server.
18
+
19
+ Token refreshes are accomplished through a `POST` request to the token
20
+ exchange endpoint as described in the [SMART App Launch
21
+ Framework](https://www.hl7.org/fhir/smart-app-launch/1.0.0/index.html#step-5-later-app-uses-a-refresh-token-to-obtain-a-new-access-token).
22
+
23
+ # Test Methodology
24
+
25
+ This test attempts to exchange the refresh token for a new access token
26
+ and verify that the information returned contains the required fields and
27
+ uses the proper headers.
28
+
29
+ For more information see:
30
+
31
+ * [The OAuth 2.0 Authorization
32
+ Framework](https://tools.ietf.org/html/rfc6749)
33
+ * [Using a refresh token to obtain a new access
34
+ token](https://www.hl7.org/fhir/smart-app-launch/1.0.0/index.html#step-5-later-app-uses-a-refresh-token-to-obtain-a-new-access-token)
35
+ )
36
+
37
+ test from: :smart_token_refresh_stu2
38
+ test from: :smart_token_refresh_body
39
+ test from: :smart_token_response_headers,
40
+ config: {
41
+ requests: {
42
+ token: { name: :token_refresh }
43
+ }
44
+ }
45
+ end
46
+ end
@@ -0,0 +1,46 @@
1
+ require_relative 'token_refresh_test'
2
+
3
+ module SMARTAppLaunch
4
+ class TokenRefreshSTU2Test < TokenRefreshTest
5
+ include TokenPayloadValidation
6
+
7
+ id :smart_token_refresh_stu2
8
+ title 'Server successfully refreshes the access token when optional scope parameter omitted'
9
+ description %(
10
+ Server successfully exchanges refresh token at OAuth token endpoint
11
+ without providing scope in the body of the request.
12
+
13
+ Although not required in the token refresh portion of the SMART App
14
+ Launch Guide, the token refresh response should include the HTTP
15
+ Cache-Control response header field with a value of no-store, as well as
16
+ the Pragma response header field with a value of no-cache to be
17
+ consistent with the requirements of the inital access token exchange.
18
+ )
19
+ input :client_auth_type
20
+ input :client_auth_encryption_method, optional: true
21
+ input :client_secret, optional: true
22
+
23
+ def add_credentials_to_request(oauth2_headers, oauth2_params)
24
+ case client_auth_type
25
+ when 'public'
26
+ oauth2_params['client_id'] = client_id
27
+ when 'confidential_symmetric'
28
+ assert client_secret.present?,
29
+ "A client secret must be provided when using confidential symmetric client authentication."
30
+
31
+ credentials = Base64.strict_encode64("#{client_id}:#{client_secret}")
32
+ oauth2_headers['Authorization'] = "Basic #{credentials}"
33
+ when 'confidential_asymmetric'
34
+ oauth2_params.merge!(
35
+ client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
36
+ client_assertion: ClientAssertionBuilder.build(
37
+ iss: client_id,
38
+ sub: client_id,
39
+ aud: smart_token_url,
40
+ client_auth_encryption_method: client_auth_encryption_method
41
+ )
42
+ )
43
+ end
44
+ end
45
+ end
46
+ end
@@ -21,6 +21,15 @@ module SMARTAppLaunch
21
21
  output :smart_credentials, :token_retrieval_time
22
22
  makes_request :token_refresh
23
23
 
24
+ def add_credentials_to_request(oauth2_headers, oauth2_params)
25
+ if client_secret.present?
26
+ credentials = Base64.strict_encode64("#{client_id}:#{client_secret}")
27
+ oauth2_headers['Authorization'] = "Basic #{credentials}"
28
+ else
29
+ oauth2_params['client_id'] = client_id
30
+ end
31
+ end
32
+
24
33
  run do
25
34
  skip_if refresh_token.blank?
26
35
 
@@ -32,12 +41,7 @@ module SMARTAppLaunch
32
41
 
33
42
  oauth2_params['scope'] = received_scopes if config.options[:include_scopes]
34
43
 
35
- if client_secret.present?
36
- credentials = Base64.strict_encode64("#{client_id}:#{client_secret}")
37
- oauth2_headers['Authorization'] = "Basic #{credentials}"
38
- else
39
- oauth2_params['client_id'] = client_id
40
- end
44
+ add_credentials_to_request(oauth2_headers, oauth2_params)
41
45
 
42
46
  post(smart_token_url, body: oauth2_params, name: :token_refresh, headers: oauth2_headers)
43
47
 
@@ -1,3 +1,3 @@
1
1
  module SMARTAppLaunch
2
- VERSION = '0.4.2'.freeze
2
+ VERSION = '0.4.3'.freeze
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: smart_app_launch_test_kit
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.2
4
+ version: 0.4.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Stephen MacVicar
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-03-25 00:00:00.000000000 Z
11
+ date: 2024-07-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: inferno_core
@@ -186,6 +186,8 @@ files:
186
186
  - lib/smart_app_launch/token_payload_validation.rb
187
187
  - lib/smart_app_launch/token_refresh_body_test.rb
188
188
  - lib/smart_app_launch/token_refresh_group.rb
189
+ - lib/smart_app_launch/token_refresh_stu2_group.rb
190
+ - lib/smart_app_launch/token_refresh_stu2_test.rb
189
191
  - lib/smart_app_launch/token_refresh_test.rb
190
192
  - lib/smart_app_launch/token_response_body_test.rb
191
193
  - lib/smart_app_launch/token_response_headers_test.rb
@@ -216,7 +218,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
216
218
  - !ruby/object:Gem::Version
217
219
  version: '0'
218
220
  requirements: []
219
- rubygems_version: 3.3.7
221
+ rubygems_version: 3.5.9
220
222
  signing_key:
221
223
  specification_version: 4
222
224
  summary: Inferno Tests for the SMART Application Launch Framework Implementation Guide