smart_udap_harmonization_test_kit 0.9.0 → 0.10.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/config/presets/surefhir_certs_preset.json +174 -0
- data/lib/smart_udap_harmonization_test_kit/metadata.rb +52 -0
- data/lib/smart_udap_harmonization_test_kit/smart_udap_authorization_code_authentication_group.rb +14 -4
- data/lib/smart_udap_harmonization_test_kit/smart_udap_authorization_code_group.rb +6 -2
- data/lib/smart_udap_harmonization_test_kit/smart_udap_context_test.rb +2 -2
- data/lib/smart_udap_harmonization_test_kit/smart_udap_openid_connect_group.rb +5 -2
- data/lib/smart_udap_harmonization_test_kit/smart_udap_token_refresh_test.rb +2 -1
- data/lib/smart_udap_harmonization_test_kit/smart_udap_token_refresh_with_scopes_group.rb +4 -2
- data/lib/smart_udap_harmonization_test_kit/smart_udap_token_refresh_without_scopes_group.rb +5 -3
- data/lib/smart_udap_harmonization_test_kit/smart_udap_token_response_scope_test.rb +2 -2
- data/lib/smart_udap_harmonization_test_kit/version.rb +2 -1
- data/lib/smart_udap_harmonization_test_kit.rb +9 -10
- metadata +10 -8
- data/lib/smart_udap_harmonization_test_kit/smart_udap_authorization_code_redirect_test.rb +0 -88
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9acca50abafd3ad08a99c231c1aaecca9613a1eabc5de2ffe8ff125157cef214
|
|
4
|
+
data.tar.gz: c7df52033428ba42fe6d5e6648937313b55f884e0e419b4b4016bbe800f22a02
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 525c42c0c93f492b5e613584151159a8fdabe0a2262805d470e6f429cc2c80354797b861e61911169b38f83edc6a966fb5c7d50e7658d2094742fefd69353e39
|
|
7
|
+
data.tar.gz: d81d277ac7b8cd677f89b35e713655fa9d4e955b1534a590ca23a685ae3048714ab6cf57945e5b2356bad63858b4f816299064d1cf4e028db7eaadd2a13b8d13
|
|
@@ -0,0 +1,174 @@
|
|
|
1
|
+
{
|
|
2
|
+
"title": "SureFhir Certs + HAPI FHIR Endpoint",
|
|
3
|
+
"id": null,
|
|
4
|
+
"test_suite_id": "smart_udap_harmonization",
|
|
5
|
+
"inputs": [
|
|
6
|
+
{
|
|
7
|
+
"name": "udap_fhir_base_url",
|
|
8
|
+
"value": "https://identity-matching.fast.hl7.org/fhir",
|
|
9
|
+
"_title": "FHIR Server Base URL",
|
|
10
|
+
"_description": "Base FHIR URL of FHIR Server. Discovery request will be sent to {baseURL}/.well-known/udap",
|
|
11
|
+
"_type": "text"
|
|
12
|
+
},
|
|
13
|
+
{
|
|
14
|
+
"name": "udap_community_parameter",
|
|
15
|
+
"value": "udap://stage.healthtogo.me/",
|
|
16
|
+
"_title": "UDAP Community Parameter",
|
|
17
|
+
"_description": "If included, the designated community value will be appended as a query to the well-known\n endpoint to indicate the client's trust of certificates from this trust community.",
|
|
18
|
+
"_type": "text",
|
|
19
|
+
"_optional": true
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
"name": "flow_type_auth_code",
|
|
23
|
+
"value": [
|
|
24
|
+
"authorization_code"
|
|
25
|
+
],
|
|
26
|
+
"_title": "Required OAuth2.0 Flow Type for Authorization Code Workflow",
|
|
27
|
+
"_description": "Which grant type(s) must be supported per the returned Discovery metadata",
|
|
28
|
+
"_type": "checkbox",
|
|
29
|
+
"_optional": false,
|
|
30
|
+
"_options": {
|
|
31
|
+
"list_options": [
|
|
32
|
+
{
|
|
33
|
+
"label": "Authorization Code",
|
|
34
|
+
"value": "authorization_code"
|
|
35
|
+
},
|
|
36
|
+
{
|
|
37
|
+
"label": "Client Credentials",
|
|
38
|
+
"value": "client_credentials"
|
|
39
|
+
}
|
|
40
|
+
]
|
|
41
|
+
},
|
|
42
|
+
"_locked": true
|
|
43
|
+
},
|
|
44
|
+
{
|
|
45
|
+
"name": "udap_server_trust_anchor_certs",
|
|
46
|
+
"value": "-----BEGIN CERTIFICATE-----\nMIIF4DCCA8igAwIBAgIIC7cAbiIvVFwwDQYJKoZIhvcNAQELBQAwgZgxCzAJBgNV\nBAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UEBxMJU2FuIERpZWdvMRMwEQYDVQQK\nEwpFTVIgRGlyZWN0MTYwNAYDVQQLEy1DZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAo\nY2VydHMuZW1yZGlyZWN0LmNvbSkxGzAZBgNVBAMTEkVNUiBEaXJlY3QgVGVzdCBD\nQTAeFw0xNDA0MjQxNjI5MjBaFw0yOTA0MjQxNjI5MjBaMIGzMQswCQYDVQQGEwJV\nUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJU2FuIERpZWdvMRMwEQYD\nVQQKDApFTVIgRGlyZWN0MT8wPQYDVQQLDDZUZXN0IFBLSSBDZXJ0aWZpY2F0aW9u\nIEF1dGhvcml0eSAoY2VydHMuZW1yZGlyZWN0LmNvbSkxJTAjBgNVBAMMHEVNUiBE\naXJlY3QgVGVzdCBDbGllbnQgU3ViQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw\nggEKAoIBAQCPwkP36KVBwdb9dNsKAhqEoVtMEdL4Ee01tB7y6gIINi3ZGbqhw/lF\nJjRS/fi+SqN8SkjZMkLl6ET9aTM5W+y7aXl+3iqn+dKsesS+kinTAfD4cSI2R4WK\n5HBomEf+PR3scewFKMBbguYW2I42tKPLMwI6L+kMRlQhI3sK4Fyj6M6gUqPaKlx7\nsGPQ/qr8PLwU3doCrC65avSmuC+y5jpbCkJ1kk+g4DLcO+TXx8oC2aVrMRFdD+lx\nNiShdlo5hzhiIGUZmyVe08vLTLB9LGCHz1w9+oqteco4aerYbOlZQxe9d0f7xlZa\nhj7DDfmkqLEFKRQXOJFQtcdCFp3XrXbDAgMBAAGjggEPMIIBCzBQBggrBgEFBQcB\nAQREMEIwQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0cy5lbXJkaXJlY3QuY29tL2Nl\ncnRzL0VNUkRpcmVjdFRlc3RDQS5jcnQwHQYDVR0OBBYEFKOVbWu9K1HN4c/lkG/X\nJk+/3T7eMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUMdaEL0mYbgAB0Geh\n+J4csG+noqwwEQYDVR0gBAowCDAGBgRVHSAAMEMGA1UdHwQ8MDowOKA2oDSGMmh0\ndHA6Ly9jZXJ0cy5lbXJkaXJlY3QuY29tL2NybC9FTVJEaXJlY3RUZXN0Q0EuY3Js\nMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAKAjGzW0AEdMKRjKx\niEzS5SQqmHmAYmajowd38wac4udD3TMvf3tHMZfkGy3ulZSQ40LyjXa60s9/5508\nbwFGHBejyfo1vnc2FJA/0KcmlKzhwhmpe7QoZ1T7uWwG+Y98TRzL7wF8mzCUT+Fe\nMFP35xL3IIJ3CKzIkC9Wv+6kSgkobNoAJyUECbVtmxJer2/LmzfXsYI0NQ3QmeZL\npYoo4EOmIXpoWUSeZHh3av3guoy16s+bs5UuFQ2NfJeuD1n+uQBaNRchR3DxshEK\n66RiKu+QjdBrq0aoTXIT2MYKGiVEbYQlJuDuxilXLYlcYTcDpPIS7hh95bmAxRho\nwgbr3E3dsNgvMuANlgUJno5vyMr9P5zu+kDbJ8nB2fm5/LjXLmNvOy+rj8jCLbuP\nGS/vWxfvi21l4Xfmphi6skeq6JyIUPAm/U6bkR8LF5+/aVoIXUvkRHqbyBzDDDWc\n4+LjI4+INFK+Lxj/cwvh398Ko4LCA0KenJDBFN0Je/rz92uK867sgcQ7dreOK8pf\ngqWulL9H4kCkoZZF4367x2SQVQPWPExefQrpPwk6AlJTHocFqm1TUvmjTwCxmXWr\nztkq2GRxsmT6/2n5TrmHabl6cXDKtmnhS3k9FGFA556YowwJSEm9pKexguxqcyrg\nPPKM/j6ERtHoHDSMKT0frOoawoY=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIGZjCCBE6gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx\nCzAJBgNVBAgTAkNBMRIwEAYDVQQHEwlTYW4gRGllZ28xEzARBgNVBAoTCkVNUiBE\naXJlY3QxNjA0BgNVBAsTLUNlcnRpZmljYXRpb24gQXV0aG9yaXR5IChjZXJ0cy5l\nbXJkaXJlY3QuY29tKTEbMBkGA1UEAxMSRU1SIERpcmVjdCBUZXN0IENBMB4XDTEy\nMDkwNjA0MzEzNloXDTMyMDkwNjA0MzEzNlowgZgxCzAJBgNVBAYTAlVTMQswCQYD\nVQQIEwJDQTESMBAGA1UEBxMJU2FuIERpZWdvMRMwEQYDVQQKEwpFTVIgRGlyZWN0\nMTYwNAYDVQQLEy1DZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAoY2VydHMuZW1yZGly\nZWN0LmNvbSkxGzAZBgNVBAMTEkVNUiBEaXJlY3QgVGVzdCBDQTCCAiIwDQYJKoZI\nhvcNAQEBBQADggIPADCCAgoCggIBALugk56Hoot6yEEohbRQdQP6sMTCzXOSgxHr\neYI4h00EhMb8x8VzD/ZCEdgmrwa6y1WE7WaPdTcX/jCd0GNUwgqPz7sLP2NeTA9k\ngn/m0kXvxIgzaEhJntdqdvzHqlhtIMAURAu9erAfMn0giK7zwtSg5bYwC09tyv4d\nRIAX9UuvOpOqJnQk9DRRd64+9EKkX9Zj1lqT0/Wjr0w3jcGYN02dB03T4WARZEug\nzkBzPcmYPLhl09gRrgQg8msgTQi68vR+UKNUoQhRJAkk/CAqkMT8Uzuae/W7utYk\n4/vmiJEHoC7OV7yGa7VrD0HhjDzfs53kdnnzlo6MB+6oGFtIKaMF4D8GVSr+MY/p\na+C2dkqf4y3Pr3hqM3t4vgmr/eg0dhzh9+z4lpEZz9ciWcOXwjmxec3OFanvMOeG\n4OhKRiGIj/mVkDEWlC3tcdP22DtGk/RHGOJHkf6qKFxeNDOFHUdTpiXldAl3cUg9\nBNAlUnWHFwim+byxxVYzmXs/8KfLfOp6xIFjI/eddNE7/avQWoEkOapgUDfaixWi\nI1d40QGKJr0d1Yo+W5VxzzufJp5iC/4EmlYzaK9+dVOtfQGfNWaXmfYa8H7krcrW\ncvp0ando4Reh3a+qpybvBVyRJree1WODQHqs7J2lx9quyVfI3Box3uc/Hw2xxdjx\nV3cUsvd5AgMBAAGjgbgwgbUwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\nAQYwHQYDVR0OBBYEFDHWhC9JmG4AAdBnofieHLBvp6KsMB8GA1UdIwQYMBaAFDHW\nhC9JmG4AAdBnofieHLBvp6KsMD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly9jZXJ0\ncy5lbXJkaXJlY3QuY29tL0VNUkRpcmVjdFRlc3RDQS5jcmwwEQYDVR0gBAowCDAG\nBgRVHSAAMA0GCSqGSIb3DQEBCwUAA4ICAQBsXbY8B7FcIskyeB/CGEI77GaDMDfK\nWGseJJYlJYz2FeIJgPtqdPhzn0jhQUVcwr//gC5j1aARlussG3gMr8OajpSpOqqf\nXEjzuITeq+Hxsp+ursiJXOZKhurY5NJKZ30ulFDxOZ97bWVUYPTfyy1qUrsqnNlW\n8LJcCnNzZ2uDSJn32FugUtWe0EEgRM10/8Q2IJXLuIhEQLbwl6q7PcDiPkT/yVh/\n9L6ul2bO/ZXp7DeSPeOafWOuCoTNbKxgBuljajm2VNB5+Xx/rSuPnoTRhsaXhke+\nnb3ZbGHJ2ZRu/Q45+OB1ws7VednMci25OVo+yVpH8tl2KF9u1JVNtf5mY3//HEwR\n8OfPPRZeQCqquESVrQjZILa6Ot7lVIhoNI6zkZAp3TaWYBi94upVkeA9uqVIC7cB\npiOz+6XXRDdJDMuh6xsA2tq2E5BY51H5pfskXBBGgHxDQ56R3RskZ7q/NaKSiqBA\nInueG7TVW+dR++rT2n9wkzJHKpA+YS0zHodvIoB71KNq1P/9choCMcBrNph5n32C\n8DpOlF+hi3kOkwjwchfkzC5XS+Zio5VYOyCV1C+CYJ7sw1psk1yYAWPm9rnUmfrm\nO27HXv6lW0Z9EpeUu++52CSYjZsx3E4J1FR0TulzsD8BQtFRL6aPfuSg85okOsxw\nb/p0AdITxRO0vQ==\n-----END CERTIFICATE-----",
|
|
47
|
+
"_title": "Auth Server Trust Anchor X509 Certificate(s) (PEM Format)",
|
|
48
|
+
"_description": "\n A list of one or more trust anchor root CA X.509 certificates, separated by a newline. Inferno will use\n these to establish\n trust with the authorization server's certificates provided in the discovery response signed_metadata JWT.\n ",
|
|
49
|
+
"_type": "textarea",
|
|
50
|
+
"_optional": true
|
|
51
|
+
},
|
|
52
|
+
{
|
|
53
|
+
"name": "udap_auth_code_flow_registration_grant_type",
|
|
54
|
+
"value": "authorization_code",
|
|
55
|
+
"_title": "Client Registration Grant Type",
|
|
56
|
+
"_description": "\n The OAuth2.0 grant type for which this client will register itself. A given client may register as either\n option, but not both.\n ",
|
|
57
|
+
"_type": "radio",
|
|
58
|
+
"_options": {
|
|
59
|
+
"list_options": [
|
|
60
|
+
{
|
|
61
|
+
"label": "Authorization Code",
|
|
62
|
+
"value": "authorization_code"
|
|
63
|
+
},
|
|
64
|
+
{
|
|
65
|
+
"label": "Client Credentials",
|
|
66
|
+
"value": "client_credentials"
|
|
67
|
+
}
|
|
68
|
+
]
|
|
69
|
+
},
|
|
70
|
+
"_locked": true
|
|
71
|
+
},
|
|
72
|
+
{
|
|
73
|
+
"name": "udap_auth_code_flow_client_registration_status",
|
|
74
|
+
"value": "update",
|
|
75
|
+
"_title": "Client Registration Status",
|
|
76
|
+
"_description": "\n If the client's iss and certificate combination has already been registered with the authorization server\n prior to this test run, select 'Update'.\n ",
|
|
77
|
+
"_type": "radio",
|
|
78
|
+
"_options": {
|
|
79
|
+
"list_options": [
|
|
80
|
+
{
|
|
81
|
+
"label": "New Registration (201 Response Code Expected)",
|
|
82
|
+
"value": "new"
|
|
83
|
+
},
|
|
84
|
+
{
|
|
85
|
+
"label": "Update Registration (200 or 201 Response Code Expected)",
|
|
86
|
+
"value": "update"
|
|
87
|
+
}
|
|
88
|
+
]
|
|
89
|
+
}
|
|
90
|
+
},
|
|
91
|
+
{
|
|
92
|
+
"name": "udap_auth_code_flow_client_cert_pem",
|
|
93
|
+
"value": "-----BEGIN CERTIFICATE-----\nMIIF3DCCA8SgAwIBAgIQXiP2tOn9g80CORa00pkHEzANBgkqhkiG9w0BAQsFADB+\nMQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFu\nZDEUMBIGA1UEChMLRmhpciBDb2RpbmcxFTATBgNVBAsTDEludGVybWVkaWF0ZTEe\nMBwGA1UEAxMVU3VyZUZoaXItSW50ZXJtZWRpYXRlMB4XDTI0MDQwMTIxMjE1N1oX\nDTI2MDQwMTIxMjE1N1owbTELMAkGA1UEBhMCVVMxDzANBgNVBAgTBk9yZWdvbjER\nMA8GA1UEBxMIUG9ydGxhbmQxFDASBgNVBAoTC0ZoaXIgQ29kaW5nMQ0wCwYDVQQL\nEwRVREFQMRUwEwYDVQQDEwxmaGlybGFicy5uZXQwggEiMA0GCSqGSIb3DQEBAQUA\nA4IBDwAwggEKAoIBAQCjQtGFfRZmParIDDAP3qhs6+qcbTVCvJU5uogJqa36IVEm\nMjC4o8EH9FBs62H+BX7LaogXaN5zk9JoZGM6BiNWhfY2sjdDtT8Pby2hqKfhwbkd\nvSkTAAkLKjf+eUA8tvhKLkomQQcc/VgNaY2nZg5Btt3M+3sgNqwChyGZFC1/dMkr\nZ6RAinIYmRb+A5u+GW7FBgz6bD++gexF+8ZDmKRUokuWfGe2VquiepS+3It059Vd\nytDHe03Ufwg4uT1s4sqNwOcWPwEoQUrGIaO665F3eAwL09ybCr2WjqnG/JWa+41a\n8K8+1EpPKPob4Fi0E+ucHrglH2gYMIJ+VUqV1CMFAgMBAAGjggFlMIIBYTAMBgNV\nHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQUBS+f+ZToFlW7b/33\nemx8egARAHUwHwYDVR0jBBgwFoAUffrWFW01n6A5GTggnyqUp2pxKZMwTQYDVR0f\nBEYwRDBCoECgPoY8aHR0cDovL2NybC5maGlyY2VydHMubmV0L2NybC9zdXJlZmhp\ncmxhYnNJbnRlcm1lZGlhdGVDcmwuY3JsMEoGA1UdEQRDMEGGHGh0dHBzOi8vZmhp\ncmxhYnMubmV0L2ZoaXIvcjSGIWh0dHBzOi8vZmhpcmxhYnMubmV0OjcwMTYvZmhp\nci9yNDBmBggrBgEFBQcBAQRaMFgwVgYIKwYBBQUHMAKGSmh0dHA6Ly9jcmwuZmhp\ncmNlcnRzLm5ldC9jZXJ0cy9pbnRlcm1lZGlhdGVzL1N1cmVGaGlyTGFic19JbnRl\ncm1lZGlhdGUuY2VyMA0GCSqGSIb3DQEBCwUAA4ICAQAWPtVhrzMu8Mnz1IfiSyRe\n94GYi/YPGTDcWGu/U8z1ltXd62CRtK8GggR0BZraDH8HOfs2GDDIRh1hORCiR9rn\nHsS/cQ8CdlgAiy5Tqf5RLuBWf8HYtx/bjkHfmr0raINm7utR6EWwHyG+8D8vb5Es\noUdsMvrXuumR+gFE95XXH7dHvoylt1+/fnOsKPibFhNrkhi2s3BvsV6RWN3Y2eqm\nvaY+EsNu8jl18iajtz0zMoA7yxIp7ZlRJv3IquKKrF20PCcpWkpFMiT9sEVFE60M\nVY3qxh+aFBvS+IENFpEHcDOFQ7Q1XpN17xfwBtMoueCIQe1Ph41+MESc8mqxUd9M\nmnqfFvvJEEhVmE0XMeuyT/qtC/nymxwtR8GbIvcW+iMYLmhcohCHw+Yhk9k7BcRH\ntEjM0+e5QnoZPYRktfptoWGsOL/eAXAOCfsyjPz0QPpqPxGoCUmUoWL63mJR2h62\nfjp5d/nCLQApDAS7wvpsa3Eqxc5gsEX6dlW31zCLLwUlSze0zpR4n0yceXjJjs4b\nE+1oxxBnBep+rGe84CNjC+MoizjdOFaxG5abodggk5cxFv9eAf/2utgeeaQPh23x\nVYaM5BnDuKTwuA21+2oI//KwIZypxZPTPwKjFTSE/Uzje9EIsCzqDdIzDQrMy3Nc\nrscMFzcVxbjWkt5gVZVTZg==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIGlDCCBHygAwIBAgIRAPAQo572a38pKrE1y3TWITIwDQYJKoZIhvcNAQELBQAw\nbDELMAkGA1UEBhMCVVMxDzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxh\nbmQxFDASBgNVBAoTC0ZoaXIgQ29kaW5nMQ0wCwYDVQQLEwRSb290MRQwEgYDVQQD\nEwtTdXJlRmhpci1DQTAeFw0yNDAzMzEyMTIxNTdaFw0yOTA0MDEyMTIxNTdaMH4x\nCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5k\nMRQwEgYDVQQKEwtGaGlyIENvZGluZzEVMBMGA1UECxMMSW50ZXJtZWRpYXRlMR4w\nHAYDVQQDExVTdXJlRmhpci1JbnRlcm1lZGlhdGUwggIiMA0GCSqGSIb3DQEBAQUA\nA4ICDwAwggIKAoICAQDoUwSdndRTVIzHTG6C1EOktgQYq6ON91JpSDUX5mnPtSbn\nHU6v8G7qvFWzK6S6jquuflV21xv5wQMtT0P7jsUdZAZfFB5OnxjC6sGraBeemwZg\n0SPoq+0h0Mnk+R0pXmwmc57x+nGADoVVnBBflGPRMg8Lnh/+31S4LT+0fmzHxfTy\nXG8jRJGT/yyYFSAJP3lx+WRioi0TykHrap4cztnL68jA4RszfRdsrvjCEeSzli8E\n7p7aakyQLqsC4Q4HBwHsK7uYc8bAx9o7s1ydyLGZsYTxOu7GQEhkLdAZFeiuoptW\nSUcb/ykVq4X/d88zp3cvjj35tTzfvWKb5lyWnMe3pGHJRyLOKq/PDDvfjb07F9sT\nbUjEAXf28WWMlCKW76KMD4c/ZacWRcH6LFFVLL60B21vippvhh4Sim1j7Py/8VKC\n98n6sp2rZQtA90V9+UEewZphtrZiEhgg5wOotBE992qaveILColwscu+os2AOeE0\nkbcggShVdPW6j9ZFqkwM9ZX9d23w39p3grtjBkHfGgPftRVn6kY6cd1Xh+bmlH4z\nV3GLDjSk3eHDy2R22PSfIQXkr7e+jh9umHwgSxXFBEqIpHPsFS9o+H9VqMqv9IOs\nd2nD9A7NuEwR4hyw84RYV0uKNFWKnBxhlEeyCR3g24Bt01EpO9W2DSeE1qPzBQID\nAQABo4IBHTCCARkwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYD\nVR0OBBYEFH361hVtNZ+gORk4IJ8qlKdqcSmTMB8GA1UdIwQYMBaAFOvJcuZBjV4H\nKquZj31t/Dd30UojMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jcmwuZmhpcmNl\ncnRzLm5ldC9jcmwvU3VyZUZoaXJMYWJzUm9vdENybC5jcmwwHwYDVR0RBBgwFoYU\ndWRhcDovL2ZoaXJsYWJzLm5ldC8wTgYIKwYBBQUHAQEEQjBAMD4GCCsGAQUFBzAC\nhjJodHRwOi8vY3JsLmZoaXJjZXJ0cy5uZXQvY2VydHMvU3VyZUZoaXJMYWJzX0NB\nLmNlcjANBgkqhkiG9w0BAQsFAAOCAgEAfI95Qn1DpBU54DHz8ysUcgdi2XnHMe83\nghym9/0Ov5w8fZ1kr5GMjt9wWK0/qRv8gcWPwcZPyMgEiEq1rgQsi2LdmNmVmp2h\np8T1zqhRdJDjUSiOTWJZW+ULypHS7vhqHjAwQXxpznQYRDUqRQNr/PuscDbHJ+qm\nSMJHn186129V+C5sAjLthijIY1t+gNROsbc7EQ9wqXPa1jhS5hhntKzm7OKzlFKu\nmyWORXIpTBEqzyrK8ynMxgUnsZtV7PFqT4h4kfHZPi2ZgSukuBLNpLqgR9OLZ4od\n3VcoS83pZiq0WaY76iK+2Fqv0QtHuhLm5R/EWlRsbQ4DlYWR9MgjoE7rR5tWb6l5\nNvtPGwvTARRCYoFX0kjP/YwzldWHWdM1YZ73z7u7Fj7jCsNhUHYaGIRw25bxMxqr\nYUDsbtj3Ze+wjSDxiWxtgV5qrWz8BDjpFIDeE3VsJPHCw4Vy4ufqizrNd7ZcNBmp\ncMmx1ollvdxnQRVrlQAowK+ACjtcVEzcT8QBWRu0D3hjdbDeHmJwu/a+BmAaBKhS\n/1ieQ0eTN5pTrTndmOkICOMqYG4H14AvoR/NGkMOWcNwm0bfiFzRyunc2uZkyXvf\np8LT2aL9LWZNxREyjOqMCBGFcLXA+r02I+c550YwNtJkUTDqsDCMGyC5pB3dZdc2\ng+IojrfmcIE=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFyDCCA7CgAwIBAgIID4f+NanzOocwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UE\nBhMCVVMxDzANBgNVBAgTBk9yZWdvbjERMA8GA1UEBxMIUG9ydGxhbmQxFDASBgNV\nBAoTC0ZoaXIgQ29kaW5nMQ0wCwYDVQQLEwRSb290MRQwEgYDVQQDEwtTdXJlRmhp\nci1DQTAeFw0yNDAzMzEyMTIxNTVaFw0zNDA0MDEyMTIxNTVaMGwxCzAJBgNVBAYT\nAlVTMQ8wDQYDVQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5kMRQwEgYDVQQK\nEwtGaGlyIENvZGluZzENMAsGA1UECxMEUm9vdDEUMBIGA1UEAxMLU3VyZUZoaXIt\nQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDD+/hwbP6Frzz3lGrm\n43nDZ8Irg+4zuIjbhKMUtEoBhUKdTVJa1DDPVgDoMoGLBhyePHepJtizY7CPnkNv\nNnCdU8vyIld1k3b+xigEH7oEhscBgyvaWMhyGNu318nFE8eWDhfEF9p31g4yHLZo\n4qqYyDgOlDOJqPNoU2llRnwx6x78ZrlQOMfdo95P6FKImp4t3OVjAGWIWQXmHx0l\n2nt1rShvA/KAIRzA6jpWcIBc9aWagkcoqiebSLpS8AYn1tytI0Abn+nL85BMH18B\n2glVHWBreRGcYDGStlKeIHapHzA3Kzz0QadwJjGQdtNqNIIwvk9RFNfaQRrkYw97\nf3gpTTQ6BHAm71qwBxlOWnyn5qaNuUBcSLAqUt+bXarEujYd5XGOFjtUjr+Uf04n\n968hC1v7Whk/tKDwvQFctyrvaNaHi6kcElUhAc9NzIK/cQkiYvfF8rHLePxzUOVx\nsRUkcxciNXN5iM6NZNRIQSuUmbLTfiYoFql0LOFyuxY0RDlRUdGodPuiylj3eFrh\nOoSX6cYanZmya33Ln90hEjQfNP4ISkco/0xIzTZ+56qKi3QRfziE5Ua0X0L51GiP\nlBrQZ4eiKW8rbTE42Ingg2r3GzMglU7PEeqNOdDeX8b9keevI0LXiXFKUA2ckwy1\nqJ38giw9BNGVeYauNFu4DvRrwQIDAQABo24wbDAPBgNVHRMBAf8EBTADAQH/MA4G\nA1UdDwEB/wQEAwIBBjAqBgNVHSUBAf8EIDAeBggrBgEFBQcDAgYIKwYBBQUHAwEG\nCCsGAQUFBwMIMB0GA1UdDgQWBBTryXLmQY1eByqrmY99bfw3d9FKIzANBgkqhkiG\n9w0BAQsFAAOCAgEAsgMzB5Q3k18urq1ztcF2/8hDAJZ7JeI7qRKYujkfwm8skkLN\n4IYQl4bT5MBD4EehQBQYD2BqqmOdXxDiCdWyvNKfberIXZpufEK2vrlz3U3nE05S\nMoVtaNievQpH5XVvmF46AKJUVVx6zHntWBv1gTvyBk/i8pcMdH7/x2d1DFYsjmam\n4VCbjEeLyyocYju+wXwEu5r1HC9lqSUSdJX5oUSuxDdHBf7MQlFUUi5hNpm7qa2a\nJ36fTgOi5C24gR11qO5PV69drlNgr0iPC3hEEICI33YzHMVG9EfuST2nUZsYIdYr\ndr596osBMIRkCgQfyR2AfkoMAW/ea6x7nzqWphfTCGij0XboYYR/prm6odXBbhQD\nEn1cTlXceyyyhPV7QhR8gD284PyQQ9MiTp9Z1S4TWWItH1p251G9BaLgvnL1zMp3\nx2j3GH3auMJzirpsHS0Z8ph7gg0mI5Tf8yBHZ4t3CM0gmcuhjcSUxT0myOa04+Fp\nnNWkPc8Sms/3vL/rOcxOd+WJXD6VnpgjAvYKqjDHls27wG3wTu06aU9CEP+MxCQo\nvUAZ8rab6UBwCyqcuP2BMqYQUVzhLyxXicQqbxzc8bFep0Z988UjTkqYhTujZ7Ha\nH+y31f+V92LrJJAAO2hpOh5Xqqz34AMVDi87+zD4Z0+b7rFVfTOPOBZQRKU=\n-----END CERTIFICATE-----",
|
|
94
|
+
"_title": "Authorization Code Client Certificate(s) (PEM Format)",
|
|
95
|
+
"_description": "\n A list of one or more X.509 certificates in PEM format separated by a newline. The first (leaf) certificate\n MUST represent the client entity Inferno will register as,\n and the trust chain that will be built from the provided certificate(s) must resolve to a CA trusted by the\n authorization server under test.\n ",
|
|
96
|
+
"_type": "textarea",
|
|
97
|
+
"_optional": false
|
|
98
|
+
},
|
|
99
|
+
{
|
|
100
|
+
"name": "udap_auth_code_flow_client_private_key",
|
|
101
|
+
"value": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCjQtGFfRZmParI\nDDAP3qhs6+qcbTVCvJU5uogJqa36IVEmMjC4o8EH9FBs62H+BX7LaogXaN5zk9Jo\nZGM6BiNWhfY2sjdDtT8Pby2hqKfhwbkdvSkTAAkLKjf+eUA8tvhKLkomQQcc/VgN\naY2nZg5Btt3M+3sgNqwChyGZFC1/dMkrZ6RAinIYmRb+A5u+GW7FBgz6bD++gexF\n+8ZDmKRUokuWfGe2VquiepS+3It059VdytDHe03Ufwg4uT1s4sqNwOcWPwEoQUrG\nIaO665F3eAwL09ybCr2WjqnG/JWa+41a8K8+1EpPKPob4Fi0E+ucHrglH2gYMIJ+\nVUqV1CMFAgMBAAECggEAHFdwKf1CEzOnXx0Ghuq/UFFQJCGtOk2kliX0kcDcC+0W\nukvCO3tp+iiGgbIHC+MGVOfEglPZMjU6NJcgxqTkI5QT3wDnKSDgtpw1TrgJlN5d\ndXUuGTdLWp3UpJ+F8ERPLAmHI8bsJjMwwvtM9P95gBzvujL59+ilybaNtZZUI6jq\nYjtcUWEPhcBo9Rm7xs4yqk2A/f9eoitdPBzbFr0c84EZlRGR60n/mkAeoLzVAAwH\nmQ7BFYUuccTbrhBqs+RmI8qY8lv6QFiXPqbgl+HTPSZY8cvEUZfL8+MmobkRz/nT\nKU39jtaKMYtn1FkLL+HXvOjnmeRYqQGslKOt/6DA7QKBgQDBxQTNshGUmk6T8Hbb\nknboyun8bq/NBK6jEEDJqTgwIVuLlYUqrcvjY+PXevplPd+FP9Jf+pL6wwYj2Hht\nL2rumTwgBBmS/3pndYDgIPCE9Efjvm9RCu4bk4yR4EtO5Z6qFoxA3tmVJgLoYphH\nfgJTS2O5gT62P+WdwNzF4sUPwwKBgQDXsYCBWVwnzDFiXoRtiF1AxgPHYc7ADTGO\n7nGJhExYMcpFAa6xmDGcbasVXKWxjBZt7f1AtV1sXHDIDF2CFdc4Udak5Ft3G4yv\niJBmYg4PWSRdUA3vJYq+PFy9ia2HZjusIq58n0vkesVTouU0uGWf0F4Bv/u6qFWR\ni30vL8pdlwKBgBlqUhr4xD2Nj8jvvWdHarlWBCLMEdr+Rjm1JApPW8NUXMGONw1G\nBnwo2fWld7pXxz2fBWT5ZNXnRqLk/ca0dX4eMziv0Prq748qZmD/cQy/Tb6dd9RV\nbq3HSKTJmpcanxkIJBVOJZPejHsWk4qtCHkMZmQqg6M79k4ewdZizB4pAoGAbVKh\nQG5LYDyFl0cytdWU9lym06rGQN8vDDPcxgeRLm5mB93XblomYxPOz+/6Z2gKgkNK\nxj5mkKK14x8pUeLCB+Cq+z5nAZKsFtgP4GS4nZzf6o/F0D1l+g/cLZEXq/XsLs4R\nREb1D2QOmdqJc9Q2Ze8VhquI6k2huThLBdyiJBcCgYEAvb3LhUgPHzB99NGtYLM8\nHwAnjS3AmOVorfmMJKHCSfyJeiHugvn0Dm0BoYOWWCgilkeqJhaRsQ6QskHv8ImG\nM4YX88OH6dvvZ7cYR4yyJXKr78bm57LyUe1igc1UmfytzNYudtOSxJ7Zlh7Tl537\nC3rdEoP/JKnwyST334AnepA=\n-----END PRIVATE KEY-----",
|
|
102
|
+
"_title": "Authorization Code Client Private Key (PEM Format)",
|
|
103
|
+
"_description": "\n The private key corresponding to the client certificate used for registration, in PEM format. Used to sign\n registration and/or authentication JWTs.\n ",
|
|
104
|
+
"_type": "textarea",
|
|
105
|
+
"_optional": false
|
|
106
|
+
},
|
|
107
|
+
{
|
|
108
|
+
"name": "udap_auth_code_flow_cert_iss",
|
|
109
|
+
"value": "https://fhirlabs.net:7016/fhir/r4",
|
|
110
|
+
"_title": "Authorization Code JWT Issuer (iss) Claim",
|
|
111
|
+
"_description": "\n MUST correspond to a unique URI entry in the Subject Alternative Name (SAN) extension of the client\n certificate used for registration.\n ",
|
|
112
|
+
"_type": "text",
|
|
113
|
+
"_optional": false
|
|
114
|
+
},
|
|
115
|
+
{
|
|
116
|
+
"name": "udap_auth_code_flow_registration_scope",
|
|
117
|
+
"value": "openid fhirUser offline_access patient/*.r",
|
|
118
|
+
"_title": "Authorization Code Registration Requested Scope(s)",
|
|
119
|
+
"_description": "\n String containing a space delimited list of scopes requested by the client application for use in\n subsequent requests. The Authorization Server MAY consider this list when deciding the scopes that it\n will allow the application to subsequently request. Apps requesting the \"authorization_code\" grant\n type SHOULD request user or patient scopes.\n ",
|
|
120
|
+
"_type": "text"
|
|
121
|
+
},
|
|
122
|
+
{
|
|
123
|
+
"name": "udap_jwt_signing_alg",
|
|
124
|
+
"value": "RS256",
|
|
125
|
+
"_title": "JWT Signing Algorithm",
|
|
126
|
+
"_description": "\n Algorithm used to sign UDAP JSON Web Tokens (JWTs). UDAP Implementations SHALL support\n RS256.\n ",
|
|
127
|
+
"_type": "radio",
|
|
128
|
+
"_options": {
|
|
129
|
+
"list_options": [
|
|
130
|
+
{
|
|
131
|
+
"label": "RS256",
|
|
132
|
+
"value": "RS256"
|
|
133
|
+
}
|
|
134
|
+
]
|
|
135
|
+
},
|
|
136
|
+
"_locked": true
|
|
137
|
+
},
|
|
138
|
+
{
|
|
139
|
+
"name": "udap_auth_code_flow_registration_certifications",
|
|
140
|
+
"value": null,
|
|
141
|
+
"_title": "Authorization Code UDAP Registration Certifications",
|
|
142
|
+
"_description": "\n Additional UDAP certifications to include in registration request, if required by the authorization server.\n Include a space separated list of strings representing a Base64-encoded, signed JWT.\n ",
|
|
143
|
+
"_type": "textarea",
|
|
144
|
+
"_optional": true
|
|
145
|
+
},
|
|
146
|
+
{
|
|
147
|
+
"name": "udap_authorization_code_request_scopes",
|
|
148
|
+
"value": "openid patient/AllergyIntolerance.r patient/Condition.r patient/Encounter.r patient/Patient.r",
|
|
149
|
+
"_title": "Scope Parameter for Authorization Request",
|
|
150
|
+
"_description": "\n A list of space-separated scopes to include in the authorization request. If included, these may be equal\n to or a subset of the scopes requested during registration.\n If empty, scope will be omitted as a parameter to the authorization endpoint.\n ",
|
|
151
|
+
"_type": "text",
|
|
152
|
+
"_optional": true
|
|
153
|
+
},
|
|
154
|
+
{
|
|
155
|
+
"name": "udap_authorization_code_request_aud",
|
|
156
|
+
"value": [
|
|
157
|
+
"include_aud"
|
|
158
|
+
],
|
|
159
|
+
"_title": "Audience ('aud') Parameter for Authorization Request",
|
|
160
|
+
"_description": "\n If selected, the Base FHIR URL will be used as the 'aud' parameter in the request to the authorization\n endpoint.\n ",
|
|
161
|
+
"_type": "checkbox",
|
|
162
|
+
"_optional": true,
|
|
163
|
+
"_options": {
|
|
164
|
+
"list_options": [
|
|
165
|
+
{
|
|
166
|
+
"label": "Include 'aud' parameter",
|
|
167
|
+
"value": "include_aud"
|
|
168
|
+
}
|
|
169
|
+
]
|
|
170
|
+
},
|
|
171
|
+
"_locked": true
|
|
172
|
+
}
|
|
173
|
+
]
|
|
174
|
+
}
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
require_relative 'version'
|
|
2
|
+
|
|
3
|
+
module SMART_UDAP_HarmonizationTestKit
|
|
4
|
+
class Metadata < Inferno::TestKit
|
|
5
|
+
id :smart_udap_harmonization
|
|
6
|
+
title 'SMART-UDAP Harmonization Test Kit'
|
|
7
|
+
description <<~DESCRIPTION
|
|
8
|
+
The SMART-UDAP Harmonization Test Kit is an experimental Test Kit for evaluating
|
|
9
|
+
options for testing authorization systems that conform to both SMART App Launch
|
|
10
|
+
Implementation Guide and the Security for Scalable Registration, Authentication
|
|
11
|
+
and Authorization Implementation Guide requirements.
|
|
12
|
+
<!-- break -->
|
|
13
|
+
The [Security for Scalable Registration, Authentication, and Authorization
|
|
14
|
+
IG](https://hl7.org/fhir/us/udap-security/index.html) states, "This guide is also
|
|
15
|
+
intended to be compatible and harmonious with client and server use of versions
|
|
16
|
+
1 or 2 of the HL7 SMART App Launch IG.”
|
|
17
|
+
|
|
18
|
+
This test kit is an effort to demonstrate how a client could interact with a server
|
|
19
|
+
supporting both UDAP and SMART App Launch.
|
|
20
|
+
|
|
21
|
+
## Overview
|
|
22
|
+
|
|
23
|
+
The basic assumption underlying these tests is that a client could perform
|
|
24
|
+
dynamic registration and launch with client authorization from the UDAP workflow
|
|
25
|
+
while using SMART App Launch scopes, and the server could include additional
|
|
26
|
+
launch context parameters defined by SMART App Launch in the token response.
|
|
27
|
+
|
|
28
|
+
The tests begin with normal parts of the UDAP workflow: discovery, dynamic
|
|
29
|
+
registration, and authorization.
|
|
30
|
+
|
|
31
|
+
Then there are tests for SMART App Launch context parameters which could be
|
|
32
|
+
included as part of the token response, including an OpenIDConnect id token.
|
|
33
|
+
Finally, there are tests for token refresh.
|
|
34
|
+
|
|
35
|
+
## Known Limitations
|
|
36
|
+
|
|
37
|
+
The UDAP dynamic registration workflow does not define a way to register a
|
|
38
|
+
launch URI, so the tests only perform a standalone launch.
|
|
39
|
+
|
|
40
|
+
## Reporting Issues
|
|
41
|
+
|
|
42
|
+
Please report any issues with this set of tests in the [GitHub Issues](https://github.com/inferno-framework/smart-udap-harmonization-test-kit/issues) section of the [open-source code repository](https://github.com/inferno-framework/smart-udap-harmonization-test-kit).
|
|
43
|
+
DESCRIPTION
|
|
44
|
+
suite_ids [:smart_udap_harmonization]
|
|
45
|
+
tags ['UDAP']
|
|
46
|
+
last_updated LAST_UPDATED
|
|
47
|
+
version VERSION
|
|
48
|
+
maturity 'Low'
|
|
49
|
+
authors ['Alisa Wallace']
|
|
50
|
+
repo 'https://github.com/inferno-framework/smart-udap-harmonization-test-kit'
|
|
51
|
+
end
|
|
52
|
+
end
|
data/lib/smart_udap_harmonization_test_kit/smart_udap_authorization_code_authentication_group.rb
CHANGED
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
require_relative 'smart_udap_authorization_code_redirect_test'
|
|
2
1
|
require_relative 'smart_udap_token_response_scope_test'
|
|
3
2
|
|
|
4
3
|
module SMART_UDAP_HarmonizationTestKit
|
|
@@ -16,14 +15,25 @@ module SMART_UDAP_HarmonizationTestKit
|
|
|
16
15
|
|
|
17
16
|
run_as_group
|
|
18
17
|
|
|
19
|
-
test from: :
|
|
18
|
+
test from: :udap_authorization_code_redirect,
|
|
19
|
+
config: {
|
|
20
|
+
inputs: {
|
|
21
|
+
udap_authorization_code_request_aud: {
|
|
22
|
+
default: ['include_aud'],
|
|
23
|
+
locked: true
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
}
|
|
20
27
|
test from: :udap_authorization_code_received
|
|
21
28
|
test from: :udap_authorization_code_token_exchange,
|
|
22
29
|
config: {
|
|
23
30
|
requests: {
|
|
24
31
|
token_exchange: {
|
|
25
|
-
name: :
|
|
32
|
+
name: :udap_auth_code_flow_token_exchange
|
|
26
33
|
}
|
|
34
|
+
},
|
|
35
|
+
options: {
|
|
36
|
+
redirect_uri: UDAPSecurityTestKit::UDAP_REDIRECT_URI
|
|
27
37
|
}
|
|
28
38
|
}
|
|
29
39
|
|
|
@@ -42,7 +52,7 @@ module SMART_UDAP_HarmonizationTestKit
|
|
|
42
52
|
config: {
|
|
43
53
|
requests: {
|
|
44
54
|
token_exchange: {
|
|
45
|
-
name: :
|
|
55
|
+
name: :udap_auth_code_flow_token_exchange
|
|
46
56
|
}
|
|
47
57
|
}
|
|
48
58
|
}
|
|
@@ -59,10 +59,13 @@ module SMART_UDAP_HarmonizationTestKit
|
|
|
59
59
|
config: {
|
|
60
60
|
inputs: {
|
|
61
61
|
udap_registration_grant_type: {
|
|
62
|
-
name: :
|
|
62
|
+
name: :udap_auth_code_flow_registration_grant_type,
|
|
63
63
|
default: 'authorization_code',
|
|
64
64
|
locked: true
|
|
65
65
|
},
|
|
66
|
+
udap_client_registration_status: {
|
|
67
|
+
name: :udap_auth_code_flow_client_registration_status
|
|
68
|
+
},
|
|
66
69
|
udap_client_cert_pem: {
|
|
67
70
|
name: :udap_auth_code_flow_client_cert_pem,
|
|
68
71
|
title: 'Authorization Code Client Certificate(s) (PEM Format)'
|
|
@@ -103,7 +106,8 @@ module SMART_UDAP_HarmonizationTestKit
|
|
|
103
106
|
}
|
|
104
107
|
} do
|
|
105
108
|
input_order :udap_registration_endpoint,
|
|
106
|
-
:
|
|
109
|
+
:udap_auth_code_flow_registration_grant_type,
|
|
110
|
+
:udap_auth_code_flow_client_registration_status,
|
|
107
111
|
:udap_auth_code_flow_client_cert_pem,
|
|
108
112
|
:udap_auth_code_flow_client_private_key,
|
|
109
113
|
:udap_auth_code_flow_cert_iss,
|
|
@@ -6,7 +6,7 @@ module SMART_UDAP_HarmonizationTestKit
|
|
|
6
6
|
title: 'Token Exchange Response Body',
|
|
7
7
|
description: 'JSON response body returned by the authorization server during the token exchange step.',
|
|
8
8
|
type: 'textarea'
|
|
9
|
-
input :
|
|
9
|
+
input :udap_authorization_code_request_scopes,
|
|
10
10
|
title: 'Requested Scopes',
|
|
11
11
|
description: 'Scopes client requested from the authorization server during the authorization step.'
|
|
12
12
|
|
|
@@ -19,7 +19,7 @@ module SMART_UDAP_HarmonizationTestKit
|
|
|
19
19
|
end
|
|
20
20
|
|
|
21
21
|
def requested_scopes
|
|
22
|
-
|
|
22
|
+
udap_authorization_code_request_scopes
|
|
23
23
|
end
|
|
24
24
|
|
|
25
25
|
def missing_requested_context_scopes
|
|
@@ -19,6 +19,9 @@ module SMART_UDAP_HarmonizationTestKit
|
|
|
19
19
|
token_response_body: {
|
|
20
20
|
name: :udap_auth_code_flow_token_exchange_response_body
|
|
21
21
|
},
|
|
22
|
+
token_retrieval_time: {
|
|
23
|
+
name: :udap_auth_code_flow_token_retrieval_time
|
|
24
|
+
},
|
|
22
25
|
requested_scopes: {
|
|
23
26
|
name: :udap_auth_code_flow_registration_scope,
|
|
24
27
|
title: 'Requested Scopes',
|
|
@@ -39,7 +42,7 @@ module SMART_UDAP_HarmonizationTestKit
|
|
|
39
42
|
title: 'Token Exchange Response Body',
|
|
40
43
|
description: 'JSON response body returned by the authorization server during the token exchange step'
|
|
41
44
|
|
|
42
|
-
input :
|
|
45
|
+
input :token_retrieval_time,
|
|
43
46
|
title: 'Token Retrieval Time'
|
|
44
47
|
|
|
45
48
|
output :id_token,
|
|
@@ -56,7 +59,7 @@ module SMART_UDAP_HarmonizationTestKit
|
|
|
56
59
|
smart_credentials: {
|
|
57
60
|
access_token: token_response_body['access_token'],
|
|
58
61
|
expires_in: token_response_body['expires_in'],
|
|
59
|
-
|
|
62
|
+
token_retrieval_time:
|
|
60
63
|
}.to_json
|
|
61
64
|
end
|
|
62
65
|
end
|
|
@@ -45,7 +45,8 @@ module SMART_UDAP_HarmonizationTestKit
|
|
|
45
45
|
title: 'Refresh Token',
|
|
46
46
|
type: 'textarea'
|
|
47
47
|
|
|
48
|
-
|
|
48
|
+
# These should default to those received and output by the token exchange test
|
|
49
|
+
input :received_scopes,
|
|
49
50
|
title: 'Requested Scopes',
|
|
50
51
|
description: 'A list of scopes that will be requested during token exchange.'
|
|
51
52
|
|
|
@@ -62,8 +62,10 @@ module SMART_UDAP_HarmonizationTestKit
|
|
|
62
62
|
udap_auth_code_flow_token_exchange_response_body: {
|
|
63
63
|
name: :smart_udap_token_refresh_response_body
|
|
64
64
|
},
|
|
65
|
-
|
|
66
|
-
|
|
65
|
+
# For token refresh, we requested the same scopes we already
|
|
66
|
+
# received in the original token exchange step
|
|
67
|
+
udap_authorization_code_request_scopes: {
|
|
68
|
+
name: :received_scopes
|
|
67
69
|
},
|
|
68
70
|
udap_auth_code_flow_token_retrieval_time: {
|
|
69
71
|
name: :smart_udap_refresh_token_retrieval_time
|
|
@@ -28,7 +28,7 @@ module SMART_UDAP_HarmonizationTestKit
|
|
|
28
28
|
test from: :smart_udap_token_refresh,
|
|
29
29
|
config: {
|
|
30
30
|
inputs: {
|
|
31
|
-
|
|
31
|
+
received_scopes: {
|
|
32
32
|
locked: true,
|
|
33
33
|
description: 'Will be omitted in refresh request.'
|
|
34
34
|
}
|
|
@@ -50,8 +50,10 @@ module SMART_UDAP_HarmonizationTestKit
|
|
|
50
50
|
udap_auth_code_flow_token_exchange_response_body: {
|
|
51
51
|
name: :smart_udap_token_refresh_response_body
|
|
52
52
|
},
|
|
53
|
-
|
|
54
|
-
|
|
53
|
+
# For token refresh, we requested the same scopes we already
|
|
54
|
+
# received in the original token exchange step
|
|
55
|
+
udap_authorization_code_request_scopes: {
|
|
56
|
+
name: :received_scopes,
|
|
55
57
|
locked: true
|
|
56
58
|
},
|
|
57
59
|
udap_auth_code_flow_token_retrieval_time: {
|
|
@@ -12,7 +12,7 @@ module SMART_UDAP_HarmonizationTestKit
|
|
|
12
12
|
)
|
|
13
13
|
|
|
14
14
|
input :udap_auth_code_flow_token_exchange_response_body,
|
|
15
|
-
:
|
|
15
|
+
:udap_authorization_code_request_scopes,
|
|
16
16
|
:udap_auth_code_flow_token_retrieval_time,
|
|
17
17
|
:udap_token_endpoint,
|
|
18
18
|
:udap_client_id
|
|
@@ -50,7 +50,7 @@ module SMART_UDAP_HarmonizationTestKit
|
|
|
50
50
|
|
|
51
51
|
assert received_scopes.present?, 'Token exchange response does not include the `scope` parameter'
|
|
52
52
|
|
|
53
|
-
check_for_missing_scopes(
|
|
53
|
+
check_for_missing_scopes(udap_authorization_code_request_scopes, token_response_body_parsed)
|
|
54
54
|
end
|
|
55
55
|
end
|
|
56
56
|
end
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
require 'udap_security_test_kit'
|
|
2
|
+
require_relative 'smart_udap_harmonization_test_kit/metadata'
|
|
2
3
|
require_relative 'smart_udap_harmonization_test_kit/smart_udap_authorization_code_group'
|
|
3
|
-
require_relative 'smart_udap_harmonization_test_kit/version'
|
|
4
4
|
|
|
5
5
|
module SMART_UDAP_HarmonizationTestKit
|
|
6
6
|
class Suite < Inferno::TestSuite
|
|
@@ -35,34 +35,33 @@ module SMART_UDAP_HarmonizationTestKit
|
|
|
35
35
|
launch URI, so the tests only perform a standalone launch.
|
|
36
36
|
)
|
|
37
37
|
|
|
38
|
-
version VERSION
|
|
39
|
-
|
|
40
38
|
resume_test_route :get, '/redirect' do |request|
|
|
41
39
|
request.query_parameters['state']
|
|
42
40
|
end
|
|
43
41
|
|
|
44
|
-
config options: {
|
|
45
|
-
redirect_uri: "#{Inferno::Application['base_url']}/custom/smart_udap_harmonization/redirect"
|
|
46
|
-
}
|
|
47
|
-
|
|
48
42
|
links [
|
|
49
43
|
{
|
|
44
|
+
type: 'report_issue',
|
|
50
45
|
label: 'Report Issue',
|
|
51
|
-
url: 'https://github.com/inferno-framework/smart-udap-harmonization-test-kit/issues'
|
|
46
|
+
url: 'https://github.com/inferno-framework/smart-udap-harmonization-test-kit/issues/'
|
|
52
47
|
},
|
|
53
48
|
{
|
|
49
|
+
type: 'source_code',
|
|
54
50
|
label: 'Open Source',
|
|
55
|
-
url: 'https://github.com/inferno-framework/smart-udap-harmonization-test-kit'
|
|
51
|
+
url: 'https://github.com/inferno-framework/smart-udap-harmonization-test-kit/'
|
|
56
52
|
},
|
|
57
53
|
{
|
|
54
|
+
type: 'download',
|
|
58
55
|
label: 'Download',
|
|
59
|
-
url: 'https://github.com/inferno-framework/smart-udap-harmonization-test-kit/releases'
|
|
56
|
+
url: 'https://github.com/inferno-framework/smart-udap-harmonization-test-kit/releases/'
|
|
60
57
|
},
|
|
61
58
|
{
|
|
59
|
+
type: 'ig',
|
|
62
60
|
label: 'UDAP Implementation Guide',
|
|
63
61
|
url: 'https://hl7.org/fhir/us/udap-security/STU1'
|
|
64
62
|
},
|
|
65
63
|
{
|
|
64
|
+
type: 'ig',
|
|
66
65
|
label: 'SMART Implementation Guide',
|
|
67
66
|
url: 'https://hl7.org/fhir/smart-app-launch/STU2.2/scopes-and-launch-context.html'
|
|
68
67
|
}
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: smart_udap_harmonization_test_kit
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.10.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alisa Wallace
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2025-03-06 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: inferno_core
|
|
@@ -17,14 +17,14 @@ dependencies:
|
|
|
17
17
|
requirements:
|
|
18
18
|
- - "~>"
|
|
19
19
|
- !ruby/object:Gem::Version
|
|
20
|
-
version: 0.
|
|
20
|
+
version: 0.6.2
|
|
21
21
|
type: :runtime
|
|
22
22
|
prerelease: false
|
|
23
23
|
version_requirements: !ruby/object:Gem::Requirement
|
|
24
24
|
requirements:
|
|
25
25
|
- - "~>"
|
|
26
26
|
- !ruby/object:Gem::Version
|
|
27
|
-
version: 0.
|
|
27
|
+
version: 0.6.2
|
|
28
28
|
- !ruby/object:Gem::Dependency
|
|
29
29
|
name: smart_app_launch_test_kit
|
|
30
30
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -45,14 +45,14 @@ dependencies:
|
|
|
45
45
|
requirements:
|
|
46
46
|
- - "~>"
|
|
47
47
|
- !ruby/object:Gem::Version
|
|
48
|
-
version: 0.
|
|
48
|
+
version: 0.11.0
|
|
49
49
|
type: :runtime
|
|
50
50
|
prerelease: false
|
|
51
51
|
version_requirements: !ruby/object:Gem::Requirement
|
|
52
52
|
requirements:
|
|
53
53
|
- - "~>"
|
|
54
54
|
- !ruby/object:Gem::Version
|
|
55
|
-
version: 0.
|
|
55
|
+
version: 0.11.0
|
|
56
56
|
description: Test Kit for integrating SMART App Launch and UDAP Security IGs
|
|
57
57
|
email:
|
|
58
58
|
- inferno@groups.mitre.org
|
|
@@ -61,10 +61,11 @@ extensions: []
|
|
|
61
61
|
extra_rdoc_files: []
|
|
62
62
|
files:
|
|
63
63
|
- LICENSE
|
|
64
|
+
- config/presets/surefhir_certs_preset.json
|
|
64
65
|
- lib/smart_udap_harmonization_test_kit.rb
|
|
66
|
+
- lib/smart_udap_harmonization_test_kit/metadata.rb
|
|
65
67
|
- lib/smart_udap_harmonization_test_kit/smart_udap_authorization_code_authentication_group.rb
|
|
66
68
|
- lib/smart_udap_harmonization_test_kit/smart_udap_authorization_code_group.rb
|
|
67
|
-
- lib/smart_udap_harmonization_test_kit/smart_udap_authorization_code_redirect_test.rb
|
|
68
69
|
- lib/smart_udap_harmonization_test_kit/smart_udap_context_test.rb
|
|
69
70
|
- lib/smart_udap_harmonization_test_kit/smart_udap_encounter_context_test.rb
|
|
70
71
|
- lib/smart_udap_harmonization_test_kit/smart_udap_fhir_context_test.rb
|
|
@@ -87,6 +88,7 @@ licenses:
|
|
|
87
88
|
metadata:
|
|
88
89
|
homepage_uri: https://github.com/inferno-framework/smart-udap-harmonization-test-kit
|
|
89
90
|
source_code_uri: https://github.com/inferno-framework/smart-udap-harmonization-test-kit
|
|
91
|
+
inferno_test_kit: 'true'
|
|
90
92
|
post_install_message:
|
|
91
93
|
rdoc_options: []
|
|
92
94
|
require_paths:
|
|
@@ -102,7 +104,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
102
104
|
- !ruby/object:Gem::Version
|
|
103
105
|
version: '0'
|
|
104
106
|
requirements: []
|
|
105
|
-
rubygems_version: 3.5.
|
|
107
|
+
rubygems_version: 3.5.22
|
|
106
108
|
signing_key:
|
|
107
109
|
specification_version: 4
|
|
108
110
|
summary: SMART-UDAP Harmonization Test Kit
|
|
@@ -1,88 +0,0 @@
|
|
|
1
|
-
module SMART_UDAP_HarmonizationTestKit
|
|
2
|
-
class SMART_UDAP_AuthorizationCodeRedirectTest < Inferno::Test # rubocop:disable Naming/ClassAndModuleCamelCase
|
|
3
|
-
title 'Authorization server redirects client to redirect URI with SMART scopes'
|
|
4
|
-
id :smart_udap_authorization_code_redirect
|
|
5
|
-
description %(
|
|
6
|
-
Per [RFC 6749 OAuth 2.0 Authorization Framework Section 4.1.1](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.1),
|
|
7
|
-
once the server validates the client's authorization request, the authorization server directs the user-agent to
|
|
8
|
-
the provided client redirection URI using an HTTP redirection response.
|
|
9
|
-
)
|
|
10
|
-
|
|
11
|
-
input :udap_fhir_base_url,
|
|
12
|
-
title: 'FHIR Server Base URL',
|
|
13
|
-
description: 'Base FHIR URL of FHIR Server. Value for the aud parameter in the redirect URI.'
|
|
14
|
-
|
|
15
|
-
input :udap_authorization_endpoint,
|
|
16
|
-
title: 'Authorization Endpoint',
|
|
17
|
-
description: 'The full URL from which Inferno will request an authorization code.'
|
|
18
|
-
|
|
19
|
-
input :udap_client_id,
|
|
20
|
-
title: 'Client ID',
|
|
21
|
-
description: 'Client ID as registered with the authorization server.'
|
|
22
|
-
|
|
23
|
-
input :udap_auth_code_flow_registration_scope,
|
|
24
|
-
title: 'Requested Scopes',
|
|
25
|
-
description: 'A list of space-separated scopes.',
|
|
26
|
-
default: 'launch/patient openid fhirUser offline_access patient/*.read'
|
|
27
|
-
|
|
28
|
-
output :udap_authorization_code_state
|
|
29
|
-
|
|
30
|
-
receives_request :redirect
|
|
31
|
-
|
|
32
|
-
def wait_message(auth_url)
|
|
33
|
-
if config.options[:redirect_message_proc].present?
|
|
34
|
-
return instance_exec(auth_url, &config.options[:redirect_message_proc])
|
|
35
|
-
end
|
|
36
|
-
|
|
37
|
-
%(
|
|
38
|
-
### #{self.class.parent&.parent&.title}
|
|
39
|
-
|
|
40
|
-
[Follow this link to authorize with the auth server](#{auth_url}).
|
|
41
|
-
|
|
42
|
-
Tests will resume once Inferno receives a request at
|
|
43
|
-
`#{config.options[:redirect_uri]}` with a state of `#{udap_authorization_code_state}`.
|
|
44
|
-
)
|
|
45
|
-
end
|
|
46
|
-
|
|
47
|
-
def authorization_url_builder(url, params)
|
|
48
|
-
uri = URI(url)
|
|
49
|
-
|
|
50
|
-
# because the URL might have parameters on it
|
|
51
|
-
original_parameters = URI.decode_www_form(uri.query || '').to_h
|
|
52
|
-
new_params = original_parameters.merge(params)
|
|
53
|
-
|
|
54
|
-
uri.query = URI.encode_www_form(new_params)
|
|
55
|
-
uri.to_s
|
|
56
|
-
end
|
|
57
|
-
|
|
58
|
-
run do
|
|
59
|
-
assert_valid_http_uri(
|
|
60
|
-
udap_authorization_endpoint,
|
|
61
|
-
"OAuth2 Authorization Endpoint '#{udap_authorization_endpoint}' is not a valid URI"
|
|
62
|
-
)
|
|
63
|
-
|
|
64
|
-
output udap_authorization_code_state: SecureRandom.uuid
|
|
65
|
-
|
|
66
|
-
oauth2_params = {
|
|
67
|
-
'response_type' => 'code',
|
|
68
|
-
'client_id' => udap_client_id,
|
|
69
|
-
'redirect_uri' => config.options[:redirect_uri],
|
|
70
|
-
'scope' => udap_auth_code_flow_registration_scope,
|
|
71
|
-
'state' => udap_authorization_code_state,
|
|
72
|
-
'aud' => udap_fhir_base_url
|
|
73
|
-
}.compact
|
|
74
|
-
|
|
75
|
-
authorization_url = authorization_url_builder(
|
|
76
|
-
udap_authorization_endpoint,
|
|
77
|
-
oauth2_params
|
|
78
|
-
)
|
|
79
|
-
|
|
80
|
-
info("Inferno redirecting browser to #{authorization_url}.")
|
|
81
|
-
|
|
82
|
-
wait(
|
|
83
|
-
identifier: udap_authorization_code_state,
|
|
84
|
-
message: wait_message(authorization_url)
|
|
85
|
-
)
|
|
86
|
-
end
|
|
87
|
-
end
|
|
88
|
-
end
|