smart_udap_harmonization_test_kit 0.9.0

data/lib/smart_udap_harmonization_test_kit/smart_udap_token_refresh_without_scopes_group.rb

@@ -0,0 +1,70 @@
+require_relative 'smart_udap_token_refresh_test'
+require_relative 'smart_udap_token_refresh_with_scopes_group'
+require_relative 'smart_udap_token_response_scope_test'
+require 'udap_security_test_kit/token_exchange_response_body_test'
+require 'udap_security_test_kit/token_exchange_response_headers_test'
+
+module SMART_UDAP_HarmonizationTestKit
+  class SMART_UDAP_TokenRefreshWithoutScopesGroup < Inferno::TestGroup # rubocop:disable Naming/ClassAndModuleCamelCase
+    title 'Support for Token Refresh Without Scopes'
+    id :smart_udap_token_refresh_without_scopes
+
+    scopes_omitted_description = %(
+      The optional `scope` parameter will not be inclued in the token exchange request. [RFC 6749 Section 6](https://datatracker.ietf.org/doc/html/rfc6749#section-6)
+      states:
+      > The requested scope MUST NOT include any scope
+        not originally granted by the resource owner, and *if omitted is
+        treated as equal to the scope originally granted by the
+        resource owner*.
+    )
+
+    description %(
+      #{SMART_UDAP_HarmonizationTestKit::SMART_UDAP_TokenRefreshWithScopesGroup.token_refresh_group_description}
+      #{scopes_omitted_description}
+    )
+
+    run_as_group
+
+    test from: :smart_udap_token_refresh,
+         config: {
+           inputs: {
+             udap_received_scopes: {
+               locked: true,
+               description: 'Will be omitted in refresh request.'
+             }
+           }
+         }
+
+    test from: :udap_token_exchange_response_body,
+         config: {
+           inputs: {
+             token_response_body: {
+               name: :smart_udap_token_refresh_response_body
+             }
+           }
+         }
+
+    test from: :smart_udap_token_response_scope,
+         config: {
+           inputs: {
+             udap_auth_code_flow_token_exchange_response_body: {
+               name: :smart_udap_token_refresh_response_body
+             },
+             udap_auth_code_flow_registration_scope: {
+               name: :udap_received_scopes,
+               locked: true
+             },
+             udap_auth_code_flow_token_retrieval_time: {
+               name: :smart_udap_refresh_token_retrieval_time
+             }
+           }
+         }
+
+    test from: :udap_token_exchange_response_headers,
+         config: {
+           requests: {
+             name: :smart_udap_token_refresh_request
+           }
+         }
+  end
+end

data/lib/smart_udap_harmonization_test_kit/smart_udap_token_response_scope_test.rb

@@ -0,0 +1,56 @@
+require 'smart_app_launch/token_payload_validation'
+
+module SMART_UDAP_HarmonizationTestKit
+  class SMART_UDAP_TokenResponseScopeTest < Inferno::Test # rubocop:disable Naming/ClassAndModuleCamelCase
+    include SMARTAppLaunch::TokenPayloadValidation
+    title 'Token exchange reponse body includes required content for SMART scopes'
+    id :smart_udap_token_response_scope
+    description %(
+        In addition to the baseline UDAP requirements for the token exchange response body, this test verifies that the
+        scope parameter is included in the response body and issues a warning if any of the requested scopes are
+        missing.
+      )
+
+    input :udap_auth_code_flow_token_exchange_response_body,
+          :udap_auth_code_flow_registration_scope,
+          :udap_auth_code_flow_token_retrieval_time,
+          :udap_token_endpoint,
+          :udap_client_id
+
+    output :smart_credentials,
+           :id_token,
+           :refresh_token,
+           :access_token,
+           :expires_in,
+           :patient_id,
+           :encounter_id,
+           :received_scopes
+
+    run do
+      assert_valid_json(udap_auth_code_flow_token_exchange_response_body)
+      token_response_body_parsed = JSON.parse(udap_auth_code_flow_token_exchange_response_body)
+
+      output smart_credentials: {
+        refresh_token: token_response_body_parsed['refresh_token'],
+        access_token: token_response_body_parsed['access_token'],
+        expires_in: token_response_body_parsed['expires_in'],
+        client_id: udap_client_id,
+        client_secret: '',
+        udap_auth_code_flow_token_retrieval_time:,
+        token_url: udap_token_endpoint
+      }.to_json
+
+      output id_token: token_response_body_parsed['id_token'],
+             refresh_token: token_response_body_parsed['refresh_token'],
+             access_token: token_response_body_parsed['access_token'],
+             expires_in: token_response_body_parsed['expires_in'],
+             patient_id: token_response_body_parsed['patient'],
+             encounter_id: token_response_body_parsed['encounter'],
+             received_scopes: token_response_body_parsed['scope']
+
+      assert received_scopes.present?, 'Token exchange response does not include the `scope` parameter'
+
+      check_for_missing_scopes(udap_auth_code_flow_registration_scope, token_response_body_parsed)
+    end
+  end
+end

data/lib/smart_udap_harmonization_test_kit/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module SMART_UDAP_HarmonizationTestKit
+  VERSION = '0.9.0'
+end

data/lib/smart_udap_harmonization_test_kit.rb

@@ -0,0 +1,73 @@
+require 'udap_security_test_kit'
+require_relative 'smart_udap_harmonization_test_kit/smart_udap_authorization_code_group'
+require_relative 'smart_udap_harmonization_test_kit/version'
+
+module SMART_UDAP_HarmonizationTestKit
+  class Suite < Inferno::TestSuite
+    id :smart_udap_harmonization
+    title 'SMART-UDAP Harmonization'
+    description %(
+      ## Overview
+      This test suite tests server support for the [Security for Scalable
+      Registration, Authentication, and Authorization
+      IG](https://hl7.org/fhir/us/udap-security/index.html) set of UDAP
+      workflows (discovery, client registration, and
+      authentication/authorization) using [SMART App Launch STU2-compliant
+      scopes and launch
+      contexts](https://hl7.org/fhir/smart-app-launch/STU2.2/scopes-and-launch-context.html).
+
+      The [Security for Scalable Registration, Authentication, and Authorization
+      IG](https://hl7.org/fhir/us/udap-security/index.html) states that
+
+      > This guide is also intended to be compatible and harmonious with client and
+      > server use of versions 1 or 2 of the HL7 SMART App Launch IG.
+
+      This test kit is an effort to demonstrate how a client could interact with a
+      server supporting both UDAP and SMART App Launch.
+
+      The basic assumption underlying these tests is that a client could perform
+      dynamic registration and launch with client authorization from the UDAP workflow
+      while using SMART App Launch scopes, and the server could include additional
+      launch context parameters defined by SMART App Launch in the token response.
+
+      ## Known Limitations
+      The UDAP dynamic registration workflow does not define a way to register a
+      launch URI, so the tests only perform a standalone launch.
+    )
+
+    version VERSION
+
+    resume_test_route :get, '/redirect' do |request|
+      request.query_parameters['state']
+    end
+
+    config options: {
+      redirect_uri: "#{Inferno::Application['base_url']}/custom/smart_udap_harmonization/redirect"
+    }
+
+    links [
+      {
+        label: 'Report Issue',
+        url: 'https://github.com/inferno-framework/smart-udap-harmonization-test-kit/issues'
+      },
+      {
+        label: 'Open Source',
+        url: 'https://github.com/inferno-framework/smart-udap-harmonization-test-kit'
+      },
+      {
+        label: 'Download',
+        url: 'https://github.com/inferno-framework/smart-udap-harmonization-test-kit/releases'
+      },
+      {
+        label: 'UDAP Implementation Guide',
+        url: 'https://hl7.org/fhir/us/udap-security/STU1'
+      },
+      {
+        label: 'SMART Implementation Guide',
+        url: 'https://hl7.org/fhir/smart-app-launch/STU2.2/scopes-and-launch-context.html'
+      }
+    ]
+
+    group from: :smart_udap_authorization_code_group
+  end
+end

metadata

@@ -0,0 +1,109 @@
+--- !ruby/object:Gem::Specification
+name: smart_udap_harmonization_test_kit
+version: !ruby/object:Gem::Version
+  version: 0.9.0
+platform: ruby
+authors:
+- Alisa Wallace
+- Stephen MacVicar
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2024-11-12 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: inferno_core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.0
+- !ruby/object:Gem::Dependency
+  name: smart_app_launch_test_kit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.4.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.4.3
+- !ruby/object:Gem::Dependency
+  name: udap_security_test_kit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.10.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.10.0
+description: Test Kit for integrating SMART App Launch and UDAP Security IGs
+email:
+- inferno@groups.mitre.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- lib/smart_udap_harmonization_test_kit.rb
+- lib/smart_udap_harmonization_test_kit/smart_udap_authorization_code_authentication_group.rb
+- lib/smart_udap_harmonization_test_kit/smart_udap_authorization_code_group.rb
+- lib/smart_udap_harmonization_test_kit/smart_udap_authorization_code_redirect_test.rb
+- lib/smart_udap_harmonization_test_kit/smart_udap_context_test.rb
+- lib/smart_udap_harmonization_test_kit/smart_udap_encounter_context_test.rb
+- lib/smart_udap_harmonization_test_kit/smart_udap_fhir_context_test.rb
+- lib/smart_udap_harmonization_test_kit/smart_udap_intent_context_test.rb
+- lib/smart_udap_harmonization_test_kit/smart_udap_launch_context_group.rb
+- lib/smart_udap_harmonization_test_kit/smart_udap_need_patient_banner_context_test.rb
+- lib/smart_udap_harmonization_test_kit/smart_udap_openid_connect_group.rb
+- lib/smart_udap_harmonization_test_kit/smart_udap_patient_context_test.rb
+- lib/smart_udap_harmonization_test_kit/smart_udap_request_builder.rb
+- lib/smart_udap_harmonization_test_kit/smart_udap_smart_style_url_context_test.rb
+- lib/smart_udap_harmonization_test_kit/smart_udap_tenant_context_test.rb
+- lib/smart_udap_harmonization_test_kit/smart_udap_token_refresh_test.rb
+- lib/smart_udap_harmonization_test_kit/smart_udap_token_refresh_with_scopes_group.rb
+- lib/smart_udap_harmonization_test_kit/smart_udap_token_refresh_without_scopes_group.rb
+- lib/smart_udap_harmonization_test_kit/smart_udap_token_response_scope_test.rb
+- lib/smart_udap_harmonization_test_kit/version.rb
+homepage: https://github.com/inferno-framework/smart-udap-harmonization-test-kit
+licenses:
+- Apache-2.0
+metadata:
+  homepage_uri: https://github.com/inferno-framework/smart-udap-harmonization-test-kit
+  source_code_uri: https://github.com/inferno-framework/smart-udap-harmonization-test-kit
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.2
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.5.9
+signing_key:
+specification_version: 4
+summary: SMART-UDAP Harmonization Test Kit
+test_files: []