Name | /FHIRSandbox/DaVinci/FHIR4-0-1-Formulary/Formulary-BulkData/01-SMART-Backend-Auth/01-Formulary-BulkData-Authorization |
Description | Formulary SMART Backend Authorization. This series of tests does basic Authorization verification for Formulary bulk data servers. Servers must support JSON Web Token a per the SMART Backend Services: Authorization Guide, and be properly configured via Touchstone Test System Setup prior to running this set of tests. |
Version | 1 | Latest | 1 |
<?xml version="1.0" encoding="UTF-8"?>
<TestScript xmlns="http://hl7.org/fhir">
<id value="FHIR4-0-1-FormularyBulkDataAuthorization"/>
<meta>
<profile value="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript"/>
</meta>
<text>
<status value="generated"/>
<div xmlns="http://www.w3.org/1999/xhtml">
<p>FHIR4-0-1-FormularyBulkDataAuthorization</p>
</div>
</text>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-rule">
<extension url="ruleId">
<valueId value="rule-verifyTLS"/>
</extension>
<extension url="path">
<valueString value="/FHIRCommon/_reference/rule/VerifyTLS.groovy"/>
</extension>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-rule">
<extension url="ruleId">
<valueId value="rule-getSignedJwt"/>
</extension>
<extension url="path">
<valueString value="/FHIRCommon/_reference/rule/GetSignedJwt.groovy"/>
</extension>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-rule">
<extension url="ruleId">
<valueId value="rule-verifyAccessToken"/>
</extension>
<extension url="path">
<valueString value="/FHIRCommon/_reference/rule/VerifyAccessToken.groovy"/>
</extension>
</extension>
<url value="http://wildfhir.aegis.net/fhir4-0-1/TestScript/bulk-data-auth-json"/>
<name value="FHIR4-0-1-FormularyBulkDataAuthorization"/>
<title value="FHIR4-0-1-FormularyBulkDataAuthorization"/>
<status value="active"/>
<date value="2023-01-30"/>
<publisher value="AEGIS.net, Inc."/>
<contact>
<name value="Touchstone Support"/>
<telecom>
<system value="email"/>
<value value="Touchstone_Support@aegis.net"/>
<use value="work"/>
</telecom>
</contact>
<description value="Formulary SMART Backend Authorization. This series of tests does basic Authorization verification for Formulary bulk data servers. Servers must support JSON Web Token a per the SMART Backend Services: Authorization Guide, and be properly configured via Touchstone Test System Setup prior to running this set of tests."/>
<copyright value="This FHIR Test Script is licensed under Creative Commons (CC0) 'No Rights Reserved'. Learn more at https://creativecommons.org/licenses"/>
<destination id="Server">
<index value="1"/>
<profile>
<system value="http://terminology.hl7.org/CodeSystem/testscript-profile-destination-types"/>
<code value="FHIR-Server"/>
</profile>
</destination>
<fixture id="get-token">
<autocreate value="false"/>
<autodelete value="false"/>
<resource>
<reference value="/FHIR4-0-1-BulkData/_reference/oauth2-get-token.frm"/>
</resource>
</fixture>
<test id="01-Auth-Endpoint-Secured-by-TLS">
<name value="01-Auth-Endpoint-Secured-by-TLS"/>
<description value="01: Authorization service token endpoint secured by transport layer security"/>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-rule">
<extension url="ruleId">
<valueId value="rule-verifyTLS"/>
</extension>
<extension url="param">
<extension url="name">
<valueString value="endpointName"/>
</extension>
<extension url="value">
<valueString value="OAuth2 Token Endpoint"/>
</extension>
</extension>
<extension url="param">
<extension url="name">
<valueString value="endpointURL"/>
</extension>
<extension url="value">
<valueString value="${dest1SystemConfig.tokenEndpoint}"/>
</extension>
</extension>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="Authorization service token endpoint secured by transport layer security."/>
<warningOnly value="false"/>
</assert>
</action>
</test>
<test id="02-Auth-Succeeds">
<name value="02-Auth-Succeeds"/>
<description value="02: Authorization request succeeds when supplied correct information"/>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-rule">
<extension url="ruleId">
<valueId value="rule-getSignedJwt"/>
</extension>
<extension url="param">
<extension url="name">
<valueString value="testSystemName"/>
</extension>
<extension url="value">
<valueString value="${dest1SystemConfig.fullName}"/>
</extension>
</extension>
<extension url="param">
<extension url="name">
<valueString value="dest"/>
</extension>
<extension url="value">
<valueString value="1"/>
</extension>
</extension>
<extension url="output">
<extension url="name">
<valueString value="signed-JWT-dest1"/>
</extension>
</extension>
</extension>
<description value="Get Signed-JWT for the target test system."/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<operation>
<type>
<system value="http://touchstone.aegis.net/touchstone/fhir/testing/CodeSystem/codesystem-testscript-operation-codes"/>
<code value="post"/>
</type>
<description value="Submit request with correct headers and body"/>
<encodeRequestUrl value="true"/>
<requestHeader>
<field value="Authorization"/>
<value value="none"/>
</requestHeader>
<requestHeader>
<field value="Accept"/>
<value value="application/json"/>
</requestHeader>
<requestHeader>
<field value="Content-Type"/>
<value value="application/x-www-form-urlencoded"/>
</requestHeader>
<responseId value="oauth2GetTokenResponse1"/>
<sourceId value="get-token"/>
<url value="${dest1SystemConfig.tokenEndpoint}"/>
</operation>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="Authorization request succeeds when supplied correct information"/>
<operator value="in"/>
<responseCode value="200,201"/>
<warningOnly value="false"/>
</assert>
</action>
</test>
<test id="03-Auth-Resp-Reqd-Info-Check">
<name value="03-Auth-Resp-Reqd-Info-Check"/>
<description value="03: Authorization request response body contains required information encoded in JSON"/>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-rule">
<extension url="ruleId">
<valueId value="rule-verifyAccessToken"/>
</extension>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="Authorization request response body contains required information encoded in JSON"/>
<sourceId value="oauth2GetTokenResponse1"/>
<warningOnly value="false"/>
</assert>
</action>
</test>
</TestScript>