smart_app_launch_test_kit 0.6.3 → 0.6.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/smart_app_launch/app_redirect_test.rb +3 -0
- data/lib/smart_app_launch/backend_services_authorization_request_success_test.rb +1 -0
- data/lib/smart_app_launch/backend_services_authorization_response_body_test.rb +11 -0
- data/lib/smart_app_launch/backend_services_invalid_client_assertion_test.rb +1 -0
- data/lib/smart_app_launch/backend_services_invalid_grant_type_test.rb +1 -0
- data/lib/smart_app_launch/client_stu2_2_suite.rb +8 -0
- data/lib/smart_app_launch/client_suite/access_alca_interaction_test.rb +5 -0
- data/lib/smart_app_launch/client_suite/access_alcs_interaction_test.rb +5 -0
- data/lib/smart_app_launch/client_suite/access_alp_interaction_test.rb +4 -0
- data/lib/smart_app_launch/client_suite/access_bsca_interaction_test.rb +3 -0
- data/lib/smart_app_launch/client_suite/authorization_request_verification_test.rb +11 -0
- data/lib/smart_app_launch/client_suite/registration_alca_group.rb +1 -1
- data/lib/smart_app_launch/client_suite/registration_alca_verification_test.rb +6 -1
- data/lib/smart_app_launch/client_suite/registration_alcs_verification_test.rb +4 -1
- data/lib/smart_app_launch/client_suite/registration_alp_verification_test.rb +3 -1
- data/lib/smart_app_launch/client_suite/registration_bsca_verification_test.rb +4 -0
- data/lib/smart_app_launch/client_suite/token_request_alca_verification_test.rb +15 -0
- data/lib/smart_app_launch/client_suite/token_request_alcs_verification_test.rb +6 -0
- data/lib/smart_app_launch/client_suite/token_request_alp_verification_test.rb +9 -0
- data/lib/smart_app_launch/client_suite/token_request_bsca_verification_test.rb +9 -1
- data/lib/smart_app_launch/client_suite/token_use_verification_test.rb +2 -1
- data/lib/smart_app_launch/code_received_test.rb +4 -0
- data/lib/smart_app_launch/cors_metadata_request_test.rb +2 -0
- data/lib/smart_app_launch/cors_openid_fhir_user_claim_test.rb +2 -0
- data/lib/smart_app_launch/cors_token_exchange_test.rb +2 -0
- data/lib/smart_app_launch/cors_well_known_endpoint_test.rb +2 -0
- data/lib/smart_app_launch/ehr_launch_group.rb +4 -0
- data/lib/smart_app_launch/openid_connect_group_stu2_2.rb +1 -0
- data/lib/smart_app_launch/openid_decode_id_token_test.rb +2 -1
- data/lib/smart_app_launch/openid_fhir_user_claim_test.rb +1 -0
- data/lib/smart_app_launch/openid_required_configuration_fields_test.rb +2 -0
- data/lib/smart_app_launch/openid_retrieve_configuration_test.rb +1 -1
- data/lib/smart_app_launch/openid_retrieve_jwks_test.rb +3 -1
- data/lib/smart_app_launch/openid_token_header_test.rb +2 -0
- data/lib/smart_app_launch/openid_token_payload_test.rb +2 -0
- data/lib/smart_app_launch/requirements/generated/smart_access_brands_requirements_coverage.csv +1 -0
- data/lib/smart_app_launch/requirements/generated/smart_client_stu2_2_requirements_coverage.csv +193 -0
- data/lib/smart_app_launch/requirements/generated/smart_requirements_coverage.csv +1 -0
- data/lib/smart_app_launch/requirements/generated/smart_stu2_2_requirements_coverage.csv +305 -0
- data/lib/smart_app_launch/requirements/generated/smart_stu2_requirements_coverage.csv +1 -0
- data/lib/smart_app_launch/requirements/hl7.fhir.uv.smart-app-launch_2.0.0_Requirements.xlsx +0 -0
- data/lib/smart_app_launch/requirements/hl7.fhir.uv.smart-app-launch_2.2.0_Requirements.xlsx +0 -0
- data/lib/smart_app_launch/requirements/smart_app_launch_test_kit_requirements.csv +1017 -0
- data/lib/smart_app_launch/smart_access_brands_group.rb +1 -0
- data/lib/smart_app_launch/smart_access_brands_retrieve_bundle_test.rb +4 -1
- data/lib/smart_app_launch/smart_access_brands_validate_brands_test.rb +2 -0
- data/lib/smart_app_launch/smart_access_brands_validate_bundle_test.rb +5 -1
- data/lib/smart_app_launch/smart_access_brands_validate_endpoint_urls_test.rb +1 -0
- data/lib/smart_app_launch/smart_access_brands_validate_endpoints_test.rb +3 -1
- data/lib/smart_app_launch/smart_stu2_2_suite.rb +8 -0
- data/lib/smart_app_launch/standalone_launch_group.rb +4 -0
- data/lib/smart_app_launch/token_introspection_group_stu2_2.rb +1 -0
- data/lib/smart_app_launch/token_introspection_response_group.rb +9 -2
- data/lib/smart_app_launch/token_refresh_body_test.rb +6 -0
- data/lib/smart_app_launch/token_refresh_stu2_test.rb +2 -1
- data/lib/smart_app_launch/token_refresh_test.rb +1 -1
- data/lib/smart_app_launch/token_response_body_test_stu2_2.rb +8 -0
- data/lib/smart_app_launch/token_response_headers_test.rb +2 -0
- data/lib/smart_app_launch/version.rb +2 -2
- data/lib/smart_app_launch/well_known_capabilities_stu2_test.rb +9 -1
- data/lib/smart_app_launch/well_known_endpoint_test.rb +5 -0
- metadata +26 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5e89eb970e47404f06ff2951599ebe0a879c594f682054416f3dfdd3a45e2fe9
|
|
4
|
+
data.tar.gz: 50a306cf022778dba0eef1b30cfd81e33796583ea188f57885b7ed4c4794fef6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ce5caa1cd1dbab2cfb847c0fbcc55e3935600f2e13d04157c7cb73f6adcf8cd693fdc3e8af265a20313eb9bce8ffdb2d407a98213011904595defc6c06c51a38
|
|
7
|
+
data.tar.gz: 46d7cb5ec46a27fdacb0c618e6bb6b65cc45145b7f0c9c12a357292da406881b132059faed11528f3b3dbbaf8e786d4f2c6347a37d31f11ad211ccdd868f502f
|
|
@@ -8,6 +8,9 @@ module SMARTAppLaunch
|
|
|
8
8
|
app as described in SMART authorization sequence.
|
|
9
9
|
)
|
|
10
10
|
id :smart_app_redirect
|
|
11
|
+
verifies_requirements 'hl7.fhir.uv.smart-app-launch_2.2.0@48',
|
|
12
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@49',
|
|
13
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@57'
|
|
11
14
|
|
|
12
15
|
input :url
|
|
13
16
|
input :smart_auth_info, type: :auth_info, options: { mode: 'auth' }
|
|
@@ -9,6 +9,7 @@ module SMARTAppLaunch
|
|
|
9
9
|
The [SMART App Launch 2.0.0 IG specification for Backend Services](https://hl7.org/fhir/smart-app-launch/STU2/backend-services.html#issue-access-token)
|
|
10
10
|
states "If the access token request is valid and authorized, the authorization server SHALL issue an access token in response."
|
|
11
11
|
DESCRIPTION
|
|
12
|
+
verifies_requirements 'hl7.fhir.uv.smart-app-launch_2.2.0@253'
|
|
12
13
|
|
|
13
14
|
input :smart_auth_info,
|
|
14
15
|
type: :auth_info,
|
|
@@ -16,6 +16,11 @@ module SMARTAppLaunch
|
|
|
16
16
|
| `scope` | required | Scope of access authorized. Note that this can be different from the scopes requested by the app. |
|
|
17
17
|
DESCRIPTION
|
|
18
18
|
|
|
19
|
+
verifies_requirements 'hl7.fhir.uv.smart-app-launch_2.2.0@254',
|
|
20
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@255',
|
|
21
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@256',
|
|
22
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@258'
|
|
23
|
+
|
|
19
24
|
input :authentication_response
|
|
20
25
|
input :smart_auth_info,
|
|
21
26
|
type: :auth_info,
|
|
@@ -52,6 +57,12 @@ module SMARTAppLaunch
|
|
|
52
57
|
|
|
53
58
|
required_keys.each do |key|
|
|
54
59
|
assert response_body[key].present?, "Token response did not contain #{key} as required"
|
|
60
|
+
if key == 'token_type'
|
|
61
|
+
assert response_body[key].casecmp('bearer').zero?, '`token_type` must be `bearer`'
|
|
62
|
+
elsif key == 'expires_in'
|
|
63
|
+
assert response_body[key].is_a?(Numeric),
|
|
64
|
+
"Expected expires_in to be a Numeric, but found #{response_body[key].class.name}"
|
|
65
|
+
end
|
|
55
66
|
end
|
|
56
67
|
end
|
|
57
68
|
end
|
|
@@ -16,6 +16,7 @@ module SMARTAppLaunch
|
|
|
16
16
|
"If the request failed client authentication or is invalid, the authorization server returns an
|
|
17
17
|
error response as described in [Section 5.2](https://tools.ietf.org/html/rfc6749#section-5.2)."
|
|
18
18
|
DESCRIPTION
|
|
19
|
+
verifies_requirements 'hl7.fhir.uv.smart-app-launch_2.2.0@251'
|
|
19
20
|
|
|
20
21
|
input :smart_auth_info,
|
|
21
22
|
type: :auth_info,
|
|
@@ -16,6 +16,7 @@ module SMARTAppLaunch
|
|
|
16
16
|
"If the request failed client authentication or is invalid, the authorization server returns an
|
|
17
17
|
error response as described in [Section 5.2](https://tools.ietf.org/html/rfc6749#section-5.2)."
|
|
18
18
|
DESCRIPTION
|
|
19
|
+
verifies_requirements 'hl7.fhir.uv.smart-app-launch_2.2.0@251'
|
|
19
20
|
|
|
20
21
|
input :smart_auth_info,
|
|
21
22
|
type: :auth_info,
|
|
@@ -41,6 +41,14 @@ module SMARTAppLaunch
|
|
|
41
41
|
}
|
|
42
42
|
]
|
|
43
43
|
|
|
44
|
+
requirement_sets(
|
|
45
|
+
{
|
|
46
|
+
identifier: 'hl7.fhir.uv.smart-app-launch_2.2.0',
|
|
47
|
+
title: 'SMART App Launch',
|
|
48
|
+
actor: 'Client'
|
|
49
|
+
}
|
|
50
|
+
)
|
|
51
|
+
|
|
44
52
|
suite_option :client_type,
|
|
45
53
|
title: 'SMART Client Type',
|
|
46
54
|
list_options: [
|
|
@@ -14,6 +14,11 @@ module SMARTAppLaunch
|
|
|
14
14
|
using a SMART token obtained using the SMART App Launch EHR launch
|
|
15
15
|
or standalone launch flow.
|
|
16
16
|
)
|
|
17
|
+
verifies_requirements 'hl7.fhir.uv.smart-app-launch_2.2.0@11',
|
|
18
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@64',
|
|
19
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@65',
|
|
20
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@233'
|
|
21
|
+
|
|
17
22
|
input :client_id,
|
|
18
23
|
title: 'Client Id',
|
|
19
24
|
type: 'text',
|
|
@@ -14,6 +14,11 @@ module SMARTAppLaunch
|
|
|
14
14
|
using a SMART token obtained using the SMART App Launch EHR launch
|
|
15
15
|
or standalone launch flow.
|
|
16
16
|
)
|
|
17
|
+
verifies_requirements 'hl7.fhir.uv.smart-app-launch_2.2.0@12',
|
|
18
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@64',
|
|
19
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@66',
|
|
20
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@229'
|
|
21
|
+
|
|
17
22
|
input :client_id,
|
|
18
23
|
title: 'Client Id',
|
|
19
24
|
type: 'text',
|
|
@@ -14,6 +14,10 @@ module SMARTAppLaunch
|
|
|
14
14
|
using a SMART token obtained using the SMART App Launch EHR launch
|
|
15
15
|
or standalone launch flow.
|
|
16
16
|
)
|
|
17
|
+
verifies_requirements 'hl7.fhir.uv.smart-app-launch_2.2.0@12',
|
|
18
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@63',
|
|
19
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@71'
|
|
20
|
+
|
|
17
21
|
input :client_id,
|
|
18
22
|
title: 'Client Id',
|
|
19
23
|
type: 'text',
|
|
@@ -13,6 +13,9 @@ module SMARTAppLaunch
|
|
|
13
13
|
During this test, Inferno will wait for the client to access data
|
|
14
14
|
using a SMART token obtained using the Backend Services flow.
|
|
15
15
|
)
|
|
16
|
+
verifies_requirements 'hl7.fhir.uv.smart-app-launch_2.2.0@229',
|
|
17
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@233'
|
|
18
|
+
|
|
16
19
|
input :client_id,
|
|
17
20
|
title: 'Client Id',
|
|
18
21
|
type: 'text',
|
|
@@ -12,6 +12,17 @@ module SMARTAppLaunch
|
|
|
12
12
|
description %(
|
|
13
13
|
Check that SMART authorization requests made are conformant.
|
|
14
14
|
)
|
|
15
|
+
verifies_requirements 'hl7.fhir.uv.smart-app-launch_2.2.0@3',
|
|
16
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@32',
|
|
17
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@33',
|
|
18
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@34',
|
|
19
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@35',
|
|
20
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@37',
|
|
21
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@41',
|
|
22
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@42',
|
|
23
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@44',
|
|
24
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@45',
|
|
25
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@235'
|
|
15
26
|
|
|
16
27
|
input :client_id,
|
|
17
28
|
title: 'Client Id',
|
|
@@ -3,7 +3,7 @@ require_relative 'registration_alca_verification_test'
|
|
|
3
3
|
module SMARTAppLaunch
|
|
4
4
|
class SMARTClientRegistrationAppLaunchConfidentialAsymmetric < Inferno::TestGroup
|
|
5
5
|
id :smart_client_registration_alca
|
|
6
|
-
title 'SMART App Launch Confidential
|
|
6
|
+
title 'SMART App Launch Confidential Asymmetric Client Registration'
|
|
7
7
|
description %(
|
|
8
8
|
During these tests, Inferno will verify the provided registration details for the
|
|
9
9
|
SMART App Launch client using Confidential Asymmetric authentication.
|
|
@@ -16,7 +16,12 @@ module SMARTAppLaunch
|
|
|
16
16
|
confidential client using [asymmetric authentication](https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html)
|
|
17
17
|
are conformant.
|
|
18
18
|
)
|
|
19
|
-
|
|
19
|
+
verifies_requirements 'hl7.fhir.uv.smart-app-launch_2.2.0@20',
|
|
20
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@21',
|
|
21
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@22',
|
|
22
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@293',
|
|
23
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@294'
|
|
24
|
+
|
|
20
25
|
input :client_id,
|
|
21
26
|
title: 'Client Id',
|
|
22
27
|
type: 'text',
|
|
@@ -16,7 +16,10 @@ module SMARTAppLaunch
|
|
|
16
16
|
confidential client using [symmetric authentication](https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-symmetric.html)
|
|
17
17
|
are conformant.
|
|
18
18
|
)
|
|
19
|
-
|
|
19
|
+
verifies_requirements 'hl7.fhir.uv.smart-app-launch_2.2.0@20',
|
|
20
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@21',
|
|
21
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@23'
|
|
22
|
+
|
|
20
23
|
input :client_id,
|
|
21
24
|
title: 'Client Id',
|
|
22
25
|
type: 'text',
|
|
@@ -14,7 +14,9 @@ module SMARTAppLaunch
|
|
|
14
14
|
provided for a [SMART App Launch](https://hl7.org/fhir/smart-app-launch/STU2.2/app-launch.html)
|
|
15
15
|
public client using are conformant.
|
|
16
16
|
)
|
|
17
|
-
|
|
17
|
+
verifies_requirements 'hl7.fhir.uv.smart-app-launch_2.2.0@20',
|
|
18
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@21'
|
|
19
|
+
|
|
18
20
|
input :client_id,
|
|
19
21
|
title: 'Client Id',
|
|
20
22
|
type: 'text',
|
|
@@ -14,6 +14,10 @@ module SMARTAppLaunch
|
|
|
14
14
|
client using [asymmetric authentication](https://hl7.org/fhir/smart-app-launch/STU2.2/client-confidential-asymmetric.html)
|
|
15
15
|
are valid.
|
|
16
16
|
)
|
|
17
|
+
verifies_requirements 'hl7.fhir.uv.smart-app-launch_2.2.0@22',
|
|
18
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@293',
|
|
19
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@294'
|
|
20
|
+
|
|
17
21
|
input :client_id,
|
|
18
22
|
title: 'Client Id',
|
|
19
23
|
type: 'text',
|
|
@@ -17,6 +17,21 @@ module SMARTAppLaunch
|
|
|
17
17
|
description %(
|
|
18
18
|
Check that SMART token requests are conformant.
|
|
19
19
|
)
|
|
20
|
+
verifies_requirements 'hl7.fhir.uv.smart-app-launch_2.2.0@13',
|
|
21
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@64',
|
|
22
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@68',
|
|
23
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@69',
|
|
24
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@70',
|
|
25
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@105',
|
|
26
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@233',
|
|
27
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@323',
|
|
28
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@327',
|
|
29
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@328',
|
|
30
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@329',
|
|
31
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@330',
|
|
32
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@332',
|
|
33
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@333',
|
|
34
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@334'
|
|
20
35
|
|
|
21
36
|
input :client_id,
|
|
22
37
|
title: 'Client Id',
|
|
@@ -17,6 +17,12 @@ module SMARTAppLaunch
|
|
|
17
17
|
description %(
|
|
18
18
|
Check that SMART token requests are conformant.
|
|
19
19
|
)
|
|
20
|
+
verifies_requirements 'hl7.fhir.uv.smart-app-launch_2.2.0@13',
|
|
21
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@64',
|
|
22
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@68',
|
|
23
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@69',
|
|
24
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@70',
|
|
25
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@105'
|
|
20
26
|
|
|
21
27
|
input :client_id,
|
|
22
28
|
title: 'Client Id',
|
|
@@ -17,6 +17,15 @@ module SMARTAppLaunch
|
|
|
17
17
|
description %(
|
|
18
18
|
Check that SMART token requests are conformant.
|
|
19
19
|
)
|
|
20
|
+
verifies_requirements 'hl7.fhir.uv.smart-app-launch_2.2.0@13',
|
|
21
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@63',
|
|
22
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@67',
|
|
23
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@68',
|
|
24
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@69',
|
|
25
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@70',
|
|
26
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@71',
|
|
27
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@105',
|
|
28
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@317'
|
|
20
29
|
|
|
21
30
|
input :client_id,
|
|
22
31
|
title: 'Client Id',
|
|
@@ -17,7 +17,15 @@ module SMARTAppLaunch
|
|
|
17
17
|
title 'Verify SMART Token Requests'
|
|
18
18
|
description %(
|
|
19
19
|
Check that SMART token requests are conformant.
|
|
20
|
-
|
|
20
|
+
)
|
|
21
|
+
verifies_requirements 'hl7.fhir.uv.smart-app-launch_2.2.0@13',
|
|
22
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@105',
|
|
23
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@229',
|
|
24
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@233',
|
|
25
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@236',
|
|
26
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@237',
|
|
27
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@238',
|
|
28
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@267'
|
|
21
29
|
|
|
22
30
|
input :client_id,
|
|
23
31
|
title: 'Client Id',
|
|
@@ -8,7 +8,8 @@ module SMARTAppLaunch
|
|
|
8
8
|
description %(
|
|
9
9
|
Check that a SMART token returned to the client was used for request
|
|
10
10
|
authentication.
|
|
11
|
-
|
|
11
|
+
)
|
|
12
|
+
verifies_requirements 'hl7.fhir.uv.smart-app-launch_2.2.0@267'
|
|
12
13
|
|
|
13
14
|
input :smart_tokens, # from :smart_client_token_request_verification
|
|
14
15
|
optional: true # verified in the test to return a more specific error message
|
|
@@ -35,6 +35,7 @@ module SMARTAppLaunch
|
|
|
35
35
|
* [Apps Requesting Authorization](https://www.hl7.org/fhir/smart-app-launch/STU2.2/index.html#step-1-app-asks-for-authorization)
|
|
36
36
|
* [OpenID Connect Core](https://openid.net/specs/openid-connect-core-1_0.html)
|
|
37
37
|
)
|
|
38
|
+
|
|
38
39
|
test from: :smart_cors_openid_fhir_user_claim
|
|
39
40
|
end
|
|
40
41
|
end
|
|
@@ -4,7 +4,8 @@ module SMARTAppLaunch
|
|
|
4
4
|
title 'ID token can be decoded'
|
|
5
5
|
description %(
|
|
6
6
|
Verify that the ID token is a properly constructed JWT.
|
|
7
|
-
|
|
7
|
+
)
|
|
8
|
+
verifies_requirements 'hl7.fhir.uv.smart-app-launch_2.2.0@200'
|
|
8
9
|
|
|
9
10
|
input :id_token
|
|
10
11
|
output :id_token_payload_json, :id_token_header_json
|
|
@@ -7,6 +7,7 @@ module SMARTAppLaunch
|
|
|
7
7
|
FHIR resource it refers to can be retrieved. The `fhirUser` claim must be
|
|
8
8
|
the url for a Patient, Practitioner, RelatedPerson, or Person resource
|
|
9
9
|
)
|
|
10
|
+
verifies_requirements 'hl7.fhir.uv.smart-app-launch_2.2.0@198'
|
|
10
11
|
|
|
11
12
|
input :id_token_payload_json, :url
|
|
12
13
|
input :smart_auth_info, type: :auth_info
|
|
@@ -5,7 +5,9 @@ module SMARTAppLaunch
|
|
|
5
5
|
description %(
|
|
6
6
|
Verify that the JWKS can be retrieved from the `jwks_uri` from the
|
|
7
7
|
OpenID Connect well-known configuration.
|
|
8
|
-
|
|
8
|
+
)
|
|
9
|
+
verifies_requirements 'hl7.fhir.uv.smart-app-launch_2.2.0@207',
|
|
10
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@210'
|
|
9
11
|
|
|
10
12
|
input :openid_jwks_uri
|
|
11
13
|
output :openid_jwks_json, :openid_rsa_keys_json
|
|
@@ -15,6 +15,8 @@ module SMARTAppLaunch
|
|
|
15
15
|
- `exp` must represent a time in the future
|
|
16
16
|
- `sub` must be a non-blank string not exceeding 255 characters in length
|
|
17
17
|
)
|
|
18
|
+
verifies_requirements 'hl7.fhir.uv.smart-app-launch_2.2.0@94',
|
|
19
|
+
'hl7.fhir.uv.smart-app-launch_2.2.0@96'
|
|
18
20
|
|
|
19
21
|
REQUIRED_CLAIMS = ['iss', 'sub', 'aud', 'exp', 'iat'].freeze
|
|
20
22
|
|
data/lib/smart_app_launch/requirements/generated/smart_access_brands_requirements_coverage.csv
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
Req Set,ID,URL,Requirement,Conformance,Actors,Conditionality,Not Tested Reason,Not Tested Details,SMART User-access Brands and Endpoints STU2.2 Short ID(s),SMART User-access Brands and Endpoints STU2.2 Full ID(s)
|