AEGIS Touchstone Testing Implementation Guide

This is the Version 1.6.0 Release of the Touchstone Testing Implementation Guide, based on FHIR Version 4.0.1. See the Directory of published versions

OAuth2StandaloneLaunch

Generated Narrative

url: http://touchstone.aegis.net/touchstone/fhir/testing/TestScript/oauth2-standalone-launch

version: 1.6.0

name: OAuth2StandaloneLaunch

status: active

date: 2020-08-27

publisher: AEGIS.net, Inc.

contact: Touchstone Support: Touchstone_Support@aegis.net

description: Demonstrate the use of the oauth2-authorize operation and the new extensions variable-paramField, operation-oauth2AuthzRequestId, operation-oauth2AuthzRedirectId, assert-variable and assert-stopTestOnFail.

jurisdiction: United States of America

copyright: (c) AEGIS.net, Inc. 2015+

variable

AEGIS Touchstone Testing TestScript Variable ParamField Extension: state

name: oauth2AuthzRequest1StateParam

sourceId: oauth2AuthzRequest1

variable

AEGIS Touchstone Testing TestScript Variable ParamField Extension: redirect_uri

name: oauth2AuthzRequest1RedirectUri

sourceId: oauth2AuthzRequest1

variable

AEGIS Touchstone Testing TestScript Variable ParamField Extension: code

name: oauth2AuthzRedirect1AuthCode

sourceId: oauth2AuthzRedirect1

variable

name: authorizeEndpoint

defaultValue: https://oauth2.aegis.net/auth

variable

name: oauth2AuthzRequestedScopes

defaultValue: launch/patient openid fhirUser offline_access patient/Patient.read

test

Ids

-
*

AEGIS Touchstone Testing TestScript Test Manual Completion Extension: pass

name: Standalone Launch With Patient Scope

description: Perform Standalone SMART launch sequence and test OpenID Connect and token refresh functionality.

action

Operations

-ExtensionTypeDescriptionEncodeRequestUrlUrl
*, , OAuth2 AuthorizeRedirect user to the authorize endpoint for target test system specified in smart configurationfalse${authorizeEndpoint}?client_id=clientId&scope=${oauth2AuthzRequestedScopes}

action

Asserts

-ExtensionDescriptionDirectionOperatorRequestURLSourceIdWarningOnly
*OAuth server redirects client browser to app redirect URI. Client browser redirected from OAuth server to redirect URI of client app as described in SMART authorization sequence.requestcontains/oauth2/authcode/redirectoauth2AuthzRedirect1false

action

Asserts

-ExtensionDescriptionDirectionOperatorValueWarningOnly
*, Direct comparison example.requestequals${authorizeEndpoint}false