| Name | /FHIRSandbox/DaVinci/FHIR4-0-1-DTR/EHR-Launch/00-DTR-SMART-EHR-Discovery-Configuration |
|---|
| Description | DaVinci DTR - SMART on FHIR EHR Discovery and Configuration Tests - Retrieve and verify the FHIR Server's CapabilityStatement and SMART on FHIR Well-Known Uniform Resource Identifiers JSON document. |
|---|
| Version | 4 | Latest | 4 |
|---|
<?xml version="1.0" encoding="UTF-8"?>
<TestScript xmlns="http://hl7.org/fhir">
<id value="dtr-smart-ehr-discovery"/>
<meta>
<profile value="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript"/>
</meta>
<text>
<status value="generated"/>
<div xmlns="http://www.w3.org/1999/xhtml">
<p>DaVinci DTR - SMART on FHIR EHR Discovery</p>
</div>
</text>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-rule">
<extension url="ruleId">
<valueId value="AssertBodyExists"/>
</extension>
<extension url="path">
<valueString value="/FHIRCommon/_reference/rule/AssertBodyExists.groovy"/>
</extension>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-rule">
<extension url="ruleId">
<valueId value="RuleSMARTonFHIRCheckCapabilities"/>
</extension>
<extension url="path">
<valueString value="/FHIRCommon/_reference/rule/RuleSMARTonFHIRCheckCapabilities.groovy"/>
</extension>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-rule">
<extension url="ruleId">
<valueId value="RuleSMARTonFHIROAuthGetEndpoints"/>
</extension>
<extension url="path">
<valueString value="/FHIRCommon/_reference/rule/RuleSMARTonFHIROAuthGetEndpoints.groovy"/>
</extension>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-rule">
<extension url="ruleId">
<valueId value="RuleSMARTonFHIROAuthConpareValues"/>
</extension>
<extension url="path">
<valueString value="/FHIRCommon/_reference/rule/RuleSMARTonFHIROAuthConpareValues.groovy"/>
</extension>
</extension>
<url value="http://wildfhir.aegis.net/fhir4-0-1/TestScript/security-fhir-r4-smart-on-fhir-discovery"/>
<name value="DTRSMARTonFHIREHRDiscovery"/>
<title value="DaVinci DTR - SMART on FHIR EHR Discovery and Configuration"/>
<status value="active"/>
<date value="2020-12-28"/>
<publisher value="AEGIS.net, Inc."/>
<contact>
<name value="Touchstone Support"/>
<telecom>
<system value="email"/>
<value value="Touchstone_Support@aegis.net"/>
<use value="work"/>
</telecom>
</contact>
<description value="DaVinci DTR - SMART on FHIR EHR Discovery and Configuration Tests - Retrieve and verify the FHIR Server's CapabilityStatement and SMART on FHIR Well-Known Uniform Resource Identifiers JSON document."/>
<copyright value="This FHIR Test Script is licensed under Creative Commons (CC0) 'No Rights Reserved'. Learn more at https://creativecommons.org/licenses"/>
<profile id="capabilities-profile">
<reference value="http://hl7.org/fhir/StructureDefinition/CapabilityStatement"/>
</profile>
<variable>
<name value="smartRequiredAuthorizeEndpoint"/>
<path value=".authorization_endpoint"/>
<sourceId value="dest1SMARTOnFHIRWellKnown"/>
</variable>
<variable>
<name value="smartRequiredCapabilities"/>
<path value=".capabilities"/>
<sourceId value="dest1SMARTOnFHIRWellKnown"/>
</variable>
<variable>
<name value="smartRequiredTokenEndpoint"/>
<path value=".token_endpoint"/>
<sourceId value="dest1SMARTOnFHIRWellKnown"/>
</variable>
<variable>
<name value="smartRecommendedRegistrationEndpoint"/>
<path value=".registration_endpoint"/>
<sourceId value="dest1SMARTOnFHIRWellKnown"/>
</variable>
<variable>
<name value="smartRecommendedScopesSupported"/>
<path value=".scopes_supported"/>
<sourceId value="dest1SMARTOnFHIRWellKnown"/>
</variable>
<variable>
<name value="smartRecommendedResponseTypesSupported"/>
<path value=".response_types_supported"/>
<sourceId value="dest1SMARTOnFHIRWellKnown"/>
</variable>
<variable>
<name value="smartRecommendedManagementEndpoint"/>
<path value=".management_endpoint"/>
<sourceId value="dest1SMARTOnFHIRWellKnown"/>
</variable>
<variable>
<name value="smartRecommendedIntrospectionEndpoint"/>
<path value=".introspection_endpoint"/>
<sourceId value="dest1SMARTOnFHIRWellKnown"/>
</variable>
<variable>
<name value="smartRecommendedRevocationEndpoint"/>
<path value=".revocation_endpoint"/>
<sourceId value="dest1SMARTOnFHIRWellKnown"/>
</variable>
<variable>
<name value="capStmtRequiredAuthorizeEndpoint"/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('authorize').value"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
</variable>
<variable>
<name value="capStmtRequiredTokenEndpoint"/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('token').value"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
</variable>
<variable>
<name value="capStmtRecommendedRegistrationEndpoint"/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('register').value"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
</variable>
<variable>
<name value="capStmtRecommendedManagementEndpoint"/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('manage').value"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
</variable>
<variable>
<name value="capStmtRecommendedIntrospectionEndpoint"/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('introspect').value"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
</variable>
<variable>
<name value="capStmtRecommendedRevocationEndpoint"/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('revoke').value"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
</variable>
<test id="01-RetrieveSMARTWellKnownConfiguration">
<name value="01-RetrieveSMARTWellKnownConfiguration"/>
<description value="Retrieve and verify the FHIR Server's SMART on FHIR Well-Known Uniform Resource Identifiers JSON document exists. FHIR endpoints requiring authorization SHALL serve a JSON document at the location formed by appending /.well-known/smart-configuration to their base URL."/>
<action>
<operation>
<type>
<system value="http://touchstone.com/fhir/testscript-operation-codes-extended"/>
<code value="metadata"/>
</type>
<description value="GET the SMART on FHIR Well-Known Uniform Resource Identifiers JSON document"/>
<encodeRequestUrl value="true"/>
<params value=".well-known/smart-configuration"/>
<requestHeader>
<field value="Accept"/>
<value value="application/json"/>
</requestHeader>
<requestHeader>
<field value="Authorization"/>
<value value="none"/>
</requestHeader>
<responseId value="dest1SMARTOnFHIRWellKnown"/>
</operation>
</action>
<action>
<assert>
<description value="Confirm that the returned HTTP status is 200(OK)."/>
<direction value="response"/>
<responseCode value="200"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="Confirm that the returned HTTP Header Content-Type is present."/>
<direction value="response"/>
<headerField value="Content-Type"/>
<operator value="notEmpty"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="Confirm that the returned HTTP Header Content-Type contains the JSON mime-type 'application/json'."/>
<direction value="response"/>
<headerField value="Content-Type"/>
<operator value="contains"/>
<value value="application/json"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-rule">
<extension url="ruleId">
<valueId value="AssertBodyExists"/>
</extension>
<extension url="param">
<extension url="name">
<valueString value="errorMessage"/>
</extension>
<extension url="value">
<valueString value="No .well-known/smart-configuration body"/>
</extension>
</extension>
</extension>
<description value="Confirm that the response body is not empty."/>
<direction value="response"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-rule">
<extension url="ruleId">
<valueId value="RuleSMARTonFHIRCheckCapabilities"/>
</extension>
</extension>
<description value="Verify the FHIR Server's SMART on FHIR Well-Known Uniform Resource Identifiers JSON document defines required capabilities."/>
<sourceId value="dest1SMARTOnFHIRWellKnown"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-rule">
<extension url="ruleId">
<valueId value="RuleSMARTonFHIROAuthGetEndpoints"/>
</extension>
<extension url="param">
<extension url="name">
<valueString value="outputPrefix"/>
</extension>
<extension url="value">
<valueString value="rule-smart"/>
</extension>
</extension>
<extension url="output">
<extension url="name">
<valueString value="rule-smartRecommendedRevocationEndpoint"/>
</extension>
</extension>
<extension url="output">
<extension url="name">
<valueString value="rule-smartRecommendedIntrospectionEndpoint"/>
</extension>
</extension>
<extension url="output">
<extension url="name">
<valueString value="rule-smartRecommendedManagementEndpoint"/>
</extension>
</extension>
<extension url="output">
<extension url="name">
<valueString value="rule-smartRecommendedRegistrationEndpoint"/>
</extension>
</extension>
</extension>
<warningOnly value="false"/>
</assert>
</action>
</test>
<test id="02-SMARTWellKnownConfigurationReqMetadata">
<name value="02-SMARTWellKnownConfigurationRequired"/>
<description value="Validate and verify a FHIR Server's SMART on FHIR Well-Known Uniform Resource Identifiers JSON document contains required elements: authorization_endpoint: REQUIRED, URL to the OAuth2 authorization endpoint - token_endpoint: REQUIRED, URL to the OAuth2 token endpoint - capabilities: REQUIRED, array of strings representing SMART capabilities (e.g., single-sign-on or launch-standalone) that the server supports."/>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="smartRequiredAuthorizeEndpoint"/>
</extension>
<description value="Confirm that the required authorization_endpoint attribute is present."/>
<operator value="notEmpty"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="smartRequiredCapabilities"/>
</extension>
<description value="Confirm that the required capabilities attribute is present."/>
<operator value="notEmpty"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="smartRequiredTokenEndpoint"/>
</extension>
<description value="Confirm that the required token_endpoint attribute is present."/>
<operator value="notEmpty"/>
<warningOnly value="false"/>
</assert>
</action>
</test>
<test id="03-SMARTWellKnownConfigurationRecMetadata">
<name value="03-SMARTWellKnownConfigurationRecommended"/>
<description value="Validate and verify a FHIR Server's SMART on FHIR Well-Known Uniform Resource Identifiers JSON document contains recommended metadata: scopes_supported: RECOMMENDED, array of scopes a client may request - response_types_supported: RECOMMENDED, array of OAuth2 response_type values that are supported - management_endpoint: RECOMMENDED, URL where an end-user can view which applications currently have access to data and can make adjustments to these access rights - introspection_endpoint : RECOMMENDED, URL to a server�s introspection endpoint that can be used to validate a token - revocation_endpoint : RECOMMENDED, URL to a server�s revoke endpoint that can be used to revoke a token. If missing, the test will only throw a warning as these are recommended but not required."/>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="smartRecommendedRegistrationEndpoint"/>
</extension>
<description value="Confirm that the recommended registration_endpoint attribute is present."/>
<operator value="notEmpty"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="smartRecommendedScopesSupported"/>
</extension>
<description value="Confirm that the recommended scopes_supported attribute is present."/>
<operator value="notEmpty"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="smartRecommendedResponseTypesSupported"/>
</extension>
<description value="Confirm that the recommended response_types_supported attribute is present."/>
<operator value="notEmpty"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="smartRecommendedManagementEndpoint"/>
</extension>
<description value="Confirm that the recommended management_endpoint attribute is present."/>
<operator value="notEmpty"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="smartRecommendedIntrospectionEndpoint"/>
</extension>
<description value="Confirm that the recommended introspection_endpoint attribute is present."/>
<operator value="notEmpty"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="smartRecommendedRevocationEndpoint"/>
</extension>
<description value="Confirm that the recommended revocation_endpoint attribute is present."/>
<operator value="notEmpty"/>
<warningOnly value="true"/>
</assert>
</action>
</test>
<test id="04-CapabilitiesOAuthRequiredandRecEndpoints">
<name value="04-CapabilitiesOAuthRequiredRecommended"/>
<description value="GET and validate the FHIR Server's CapabilityStatement resource in JSON format. Verify the CapabilityStatement SMART on FHIR Declared Support for required and recommended OAuth2 Endpoints. If a server supports SMART on FHIR authorization for access, it declares support for automated discovery of OAuth2 endpoints in its CapabilityStatement using the OAuth Uri extension on the rest.security element. Any time a client sees this extension, it must be prepared to authorize using SMART�s OAuth2-based protocol. If missing, the test will only throw a warning when the element is recommended (should) but not required (shall)."/>
<action>
<operation>
<type>
<system value="http://touchstone.com/fhir/testscript-operation-codes-extended"/>
<code value="metadata"/>
</type>
<description value="GET CapabilityStatement resource in JSON format"/>
<accept value="json"/>
<encodeRequestUrl value="true"/>
<params value="metadata"/>
<requestHeader>
<field value="Authorization"/>
<value value="none"/>
</requestHeader>
<responseId value="dest1CapabilityStatementOAuth"/>
</operation>
</action>
<action>
<assert>
<description value="Confirm that the returned HTTP status is 200(OK)."/>
<direction value="response"/>
<responseCode value="200"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="Confirm that the returned HTTP Header Content-Type is present."/>
<direction value="response"/>
<headerField value="Content-Type"/>
<operator value="notEmpty"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="Confirm that the returned HTTP Header Content-Type contains the FHIR mime-type 'application/fhir+json'."/>
<direction value="response"/>
<contentType value="json"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="Confirm that the returned HTTP Header ETag is present. Warning only as FHIR servers SHOULD return this header."/>
<direction value="response"/>
<headerField value="ETag"/>
<operator value="notEmpty"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="Confirm that the returned resource type is CapabilityStatement."/>
<direction value="response"/>
<resource value="CapabilityStatement"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="Confirm that the returned CapabilityStatement conforms to the base FHIR specification."/>
<direction value="response"/>
<validateProfileId value="capabilities-profile"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="Confirm that the returned CapabilityStatement resource minimally contains the declaration of the SMART security required OAuth Endpoint authorize."/>
<direction value="response"/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('authorize').value.exists()"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="Confirm that the returned CapabilityStatement resource minimally contains a valid uri value in the declaration of the SMART security required OAuth Endpoint authorize."/>
<direction value="response"/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('authorize').value.startsWith('http') or CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('authorize').value.startsWith('https')"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="Confirm that the returned CapabilityStatement resource minimally contains the declaration of the SMART security required OAuth Endpoint token."/>
<direction value="response"/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('token').value.exists()"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="Confirm that the returned CapabilityStatement resource minimally contains a valid uri value in the declaration of the SMART security required OAuth Endpoint token."/>
<direction value="response"/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('token').value.startsWith('http') or CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('token').value.startsWith('https')"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<description value="Confirm that the returned CapabilityStatement resource minimally contains the declaration of the SMART security optional OAuth Endpoint register."/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('register').value.exists()"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="Confirm that the returned CapabilityStatement resource minimally contains a valid uri value in the declaration of the SMART security optional OAuth Endpoint register."/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('register').value.startsWith('http') or CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('register').value.startsWith('https')"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="Confirm that the returned CapabilityStatement resource minimally contains the declaration of the SMART security optional OAuth Endpoint manage."/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('manage').value.exists()"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="Confirm that the returned CapabilityStatement resource minimally contains a valid uri value in the declaration of the SMART security optional OAuth Endpoint manage."/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('manage').value.startsWith('http') or CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('manage').value.startsWith('https')"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="Confirm that the returned CapabilityStatement resource minimally contains the declaration of the SMART security optional OAuth Endpoint introspect."/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('introspect').value.exists()"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="Confirm that the returned CapabilityStatement resource minimally contains a valid uri value in the declaration of the SMART security optional OAuth Endpoint introspect."/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('introspect').value.startsWith('http') or CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('introspect').value.startsWith('https')"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="Confirm that the returned CapabilityStatement resource minimally contains the declaration of the SMART security optional OAuth Endpoint revoke."/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('revoke').value.exists()"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="Confirm that the returned CapabilityStatement resource minimally contains a valid uri value in the declaration of the SMART security optional OAuth Endpoint revoke."/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('revoke').value.startsWith('http') or CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('revoke').value.startsWith('https')"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-rule">
<extension url="ruleId">
<valueId value="RuleSMARTonFHIROAuthGetEndpoints"/>
</extension>
<extension url="param">
<extension url="name">
<valueString value="outputPrefix"/>
</extension>
<extension url="value">
<valueString value="rule-capStmt"/>
</extension>
</extension>
<extension url="output">
<extension url="name">
<valueString value="rule-capStmtRecommendedRevocationEndpoint"/>
</extension>
</extension>
<extension url="output">
<extension url="name">
<valueString value="rule-capStmtRecommendedIntrospectionEndpoint"/>
</extension>
</extension>
<extension url="output">
<extension url="name">
<valueString value="rule-capStmtRecommendedManagementEndpoint"/>
</extension>
</extension>
<extension url="output">
<extension url="name">
<valueString value="rule-capStmtRecommendedRegistrationEndpoint"/>
</extension>
</extension>
</extension>
<warningOnly value="false"/>
</assert>
</action>
</test>
<test id="05-CapabilitySMARTMatchRequired">
<name value="05-CapabilitySMARTMatchRequired"/>
<description value="Verify that the required CapabilityStatement SMART security OAuth endpoint values match the required SMART on FHIR Well-Known endpoint attributes."/>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="capStmtRequiredAuthorizeEndpoint"/>
</extension>
<description value="Verify that the required CapabilityStatement SMART security OAuth endpoint authorize value matches the required SMART on FHIR Well-Known authorization_endpoint attribute."/>
<operator value="equals"/>
<sourceId value="dest1SMARTOnFHIRWellKnown"/>
<value value="${smartRequiredAuthorizeEndpoint}"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="capStmtRequiredTokenEndpoint"/>
</extension>
<description value="Verify that the required CapabilityStatement SMART security OAuth endpoint token value matches the required SMART on FHIR Well-Known token_endpoint attribute."/>
<operator value="equals"/>
<sourceId value="dest1SMARTOnFHIRWellKnown"/>
<value value="${smartRequiredTokenEndpoint}"/>
<warningOnly value="false"/>
</assert>
</action>
</test>
<test id="06-CapabilitySMARTMatchRecommended">
<name value="06-CapabilitySMARTMatchRecommended"/>
<description value="Verify that the optional CapabilityStatement SMART security OAuth endpoint values match the recommended SMART on FHIR Well-Known endpoint attributes. If missing, the test will only throw a warning as these are recommended but not required."/>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-rule">
<extension url="ruleId">
<valueId value="RuleSMARTonFHIROAuthConpareValues"/>
</extension>
<extension url="param">
<extension url="name">
<valueString value="inputOne"/>
</extension>
<extension url="value">
<valueString value="${rule-capStmtRecommendedRegistrationEndpoint}"/>
</extension>
</extension>
<extension url="param">
<extension url="name">
<valueString value="inputTwo"/>
</extension>
<extension url="value">
<valueString value="${rule-smartRecommendedRegistrationEndpoint}"/>
</extension>
</extension>
</extension>
<description value="Verify that the optional CapabilityStatement SMART security OAuth endpoint register value matches the recommended SMART on FHIR Well-Known registration_endpoint attribute."/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-rule">
<extension url="ruleId">
<valueId value="RuleSMARTonFHIROAuthConpareValues"/>
</extension>
<extension url="param">
<extension url="name">
<valueString value="inputOne"/>
</extension>
<extension url="value">
<valueString value="${rule-capStmtRecommendedManagementEndpoint}"/>
</extension>
</extension>
<extension url="param">
<extension url="name">
<valueString value="inputTwo"/>
</extension>
<extension url="value">
<valueString value="${rule-smartRecommendedManagementEndpoint}"/>
</extension>
</extension>
</extension>
<description value="Verify that the optional CapabilityStatement SMART security OAuth endpoint manage value matches the recommended SMART on FHIR Well-Known management_endpoint attribute."/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-rule">
<extension url="ruleId">
<valueId value="RuleSMARTonFHIROAuthConpareValues"/>
</extension>
<extension url="param">
<extension url="name">
<valueString value="inputOne"/>
</extension>
<extension url="value">
<valueString value="${rule-capStmtRecommendedIntrospectionEndpoint}"/>
</extension>
</extension>
<extension url="param">
<extension url="name">
<valueString value="inputTwo"/>
</extension>
<extension url="value">
<valueString value="${rule-smartRecommendedIntrospectionEndpoint}"/>
</extension>
</extension>
</extension>
<description value="Verify that the optional CapabilityStatement SMART security OAuth endpoint introspect value matches the recommended SMART on FHIR Well-Known introspection_endpoint attribute."/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-rule">
<extension url="ruleId">
<valueId value="RuleSMARTonFHIROAuthConpareValues"/>
</extension>
<extension url="param">
<extension url="name">
<valueString value="inputOne"/>
</extension>
<extension url="value">
<valueString value="${rule-capStmtRecommendedRevocationEndpoint}"/>
</extension>
</extension>
<extension url="param">
<extension url="name">
<valueString value="inputTwo"/>
</extension>
<extension url="value">
<valueString value="${rule-smartRecommendedRevocationEndpoint}"/>
</extension>
</extension>
</extension>
<description value="Verify that the optional CapabilityStatement SMART security OAuth endpoint revoke value matches the recommended SMART on FHIR Well-Known revocation_endpoint attribute."/>
<warningOnly value="true"/>
</assert>
</action>
</test>
</TestScript>