Name | /FHIRSandbox/DaVinci/FHIR4-0-1-Formulary/Formulary-STU1-1-0/00-SMART-on-FHIR/01-SMART-Discovery/smart-on-fhir-discovery |
Description | Security - FHIR R4 (v4.0.1) - SMART on FHIR Discovery Tests - Retrieve and verify the FHIR Server's CapabilityStatement and SMART on FHIR Well-Known Uniform Resource Identifiers JSON document. |
Version | 1 | Latest | 1 |
<?xml version="1.0" encoding="UTF-8"?>
<TestScript xmlns="http://hl7.org/fhir">
<id value="security-fhir-r4-smart-on-fhir-discovery"/>
<meta>
<profile value="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript"/>
</meta>
<text>
<status value="generated"/>
<div xmlns="http://www.w3.org/1999/xhtml">
<p>Security - FHIR R4 (v4.0.1) - SMART on FHIR Discovery</p>
</div>
</text>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-rule">
<extension url="ruleId">
<valueId value="AssertBodyExists"/>
</extension>
<extension url="path">
<valueString value="/FHIRCommon/_reference/rule/AssertBodyExists.groovy"/>
</extension>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-rule">
<extension url="ruleId">
<valueId value="RuleSMARTonFHIRCheckCapabilities"/>
</extension>
<extension url="path">
<valueString value="/FHIRCommon/_reference/rule/RuleSMARTonFHIRCheckCap-SA-PAT.groovy"/>
</extension>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-rule">
<extension url="ruleId">
<valueId value="RuleSMARTonFHIROAuthGetEndpoints"/>
</extension>
<extension url="path">
<valueString value="/FHIRCommon/_reference/rule/RuleSMARTonFHIROAuthGetEndpoints.groovy"/>
</extension>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-rule">
<extension url="ruleId">
<valueId value="RuleSMARTonFHIROAuthConpareValues"/>
</extension>
<extension url="path">
<valueString value="/FHIRCommon/_reference/rule/RuleSMARTonFHIROAuthConpareValues.groovy"/>
</extension>
</extension>
<url value="http://wildfhir.aegis.net/fhir4-0-1/TestScript/security-fhir-r4-smart-on-fhir-discovery"/>
<name value="SecurityFHIRR401SMARTonFHIRDiscovery"/>
<title value="Security - FHIR R4 (v4.0.1) - SMART on FHIR Discovery"/>
<status value="active"/>
<date value="2020-09-04"/>
<publisher value="AEGIS.net, Inc."/>
<contact>
<name value="Touchstone Support"/>
<telecom>
<system value="email"/>
<value value="Touchstone_Support@aegis.net"/>
<use value="work"/>
</telecom>
</contact>
<description value="Security - FHIR R4 (v4.0.1) - SMART on FHIR Discovery Tests - Retrieve and verify the FHIR Server's CapabilityStatement and SMART on FHIR Well-Known Uniform Resource Identifiers JSON document."/>
<copyright value="This FHIR Test Script is licensed under Creative Commons (CC0) 'No Rights Reserved'. Learn more at https://creativecommons.org/licenses"/>
<profile id="capabilities-profile">
<reference value="http://hl7.org/fhir/StructureDefinition/CapabilityStatement"/>
</profile>
<variable>
<name value="smartRequiredAuthorizeEndpoint"/>
<path value=".authorization_endpoint"/>
<sourceId value="dest1SMARTOnFHIRWellKnown"/>
</variable>
<variable>
<name value="smartRequiredCapabilities"/>
<path value=".capabilities"/>
<sourceId value="dest1SMARTOnFHIRWellKnown"/>
</variable>
<variable>
<name value="smartRequiredTokenEndpoint"/>
<path value=".token_endpoint"/>
<sourceId value="dest1SMARTOnFHIRWellKnown"/>
</variable>
<variable>
<name value="smartRecommendedRegistrationEndpoint"/>
<path value=".registration_endpoint"/>
<sourceId value="dest1SMARTOnFHIRWellKnown"/>
</variable>
<variable>
<name value="smartRecommendedScopesSupported"/>
<path value=".scopes_supported"/>
<sourceId value="dest1SMARTOnFHIRWellKnown"/>
</variable>
<variable>
<name value="smartRecommendedResponseTypesSupported"/>
<path value=".response_types_supported"/>
<sourceId value="dest1SMARTOnFHIRWellKnown"/>
</variable>
<variable>
<name value="smartRecommendedManagementEndpoint"/>
<path value=".management_endpoint"/>
<sourceId value="dest1SMARTOnFHIRWellKnown"/>
</variable>
<variable>
<name value="smartRecommendedIntrospectionEndpoint"/>
<path value=".introspection_endpoint"/>
<sourceId value="dest1SMARTOnFHIRWellKnown"/>
</variable>
<variable>
<name value="smartRecommendedRevocationEndpoint"/>
<path value=".revocation_endpoint"/>
<sourceId value="dest1SMARTOnFHIRWellKnown"/>
</variable>
<variable>
<name value="capStmtRequiredAuthorizeEndpoint"/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('authorize').value"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
</variable>
<variable>
<name value="capStmtRequiredTokenEndpoint"/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('token').value"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
</variable>
<variable>
<name value="capStmtRecommendedRegistrationEndpoint"/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('register').value"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
</variable>
<variable>
<name value="capStmtRecommendedManagementEndpoint"/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('manage').value"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
</variable>
<variable>
<name value="capStmtRecommendedIntrospectionEndpoint"/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('introspect').value"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
</variable>
<variable>
<name value="capStmtRecommendedRevocationEndpoint"/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('revoke').value"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
</variable>
<test id="01-SMARTWellKnownConfigurationExists">
<name value="01-SMARTWellKnownConfigurationExists"/>
<description value="Get and verify the FHIR Server's SMART on FHIR Well-Known Uniform Resource Identifiers JSON document exists."/>
<action>
<operation>
<type>
<system value="http://touchstone.com/fhir/testscript-operation-codes-extended"/>
<code value="metadata"/>
</type>
<description value="01: GET the SMART on FHIR Well-Known Uniform Resource Identifiers JSON document"/>
<encodeRequestUrl value="true"/>
<params value=".well-known/smart-configuration"/>
<requestHeader>
<field value="Accept"/>
<value value="application/json"/>
</requestHeader>
<requestHeader>
<field value="Authorization"/>
<value value="none"/>
</requestHeader>
<responseId value="dest1SMARTOnFHIRWellKnown"/>
</operation>
</action>
<action>
<assert>
<description value="01: Confirm that the returned HTTP status is 200(OK)."/>
<direction value="response"/>
<responseCode value="200"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="01: Confirm that the returned HTTP Header Content-Type is present."/>
<direction value="response"/>
<headerField value="Content-Type"/>
<operator value="notEmpty"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="01: Confirm that the returned HTTP Header Content-Type contains the JSON mime-type 'application/json'."/>
<direction value="response"/>
<headerField value="Content-Type"/>
<operator value="contains"/>
<value value="application/json"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-rule">
<extension url="ruleId">
<valueId value="AssertBodyExists"/>
</extension>
<extension url="param">
<extension url="name">
<valueString value="errorMessage"/>
</extension>
<extension url="value">
<valueString value="No .well-known/smart-configuration body"/>
</extension>
</extension>
</extension>
<description value="01: Confirm that the response body is not empty."/>
<direction value="response"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-rule">
<extension url="ruleId">
<valueId value="RuleSMARTonFHIRCheckCapabilities"/>
</extension>
</extension>
<description value="06: Verify the FHIR Server's SMART on FHIR Well-Known Uniform Resource Identifiers JSON document defines required capabilities."/>
<sourceId value="dest1SMARTOnFHIRWellKnown"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-rule">
<extension url="ruleId">
<valueId value="RuleSMARTonFHIROAuthGetEndpoints"/>
</extension>
<extension url="param">
<extension url="name">
<valueString value="outputPrefix"/>
</extension>
<extension url="value">
<valueString value="rule-smart"/>
</extension>
</extension>
<extension url="output">
<extension url="name">
<valueString value="rule-smartRecommendedRevocationEndpoint"/>
</extension>
</extension>
<extension url="output">
<extension url="name">
<valueString value="rule-smartRecommendedIntrospectionEndpoint"/>
</extension>
</extension>
<extension url="output">
<extension url="name">
<valueString value="rule-smartRecommendedManagementEndpoint"/>
</extension>
</extension>
<extension url="output">
<extension url="name">
<valueString value="rule-smartRecommendedRegistrationEndpoint"/>
</extension>
</extension>
</extension>
<warningOnly value="false"/>
</assert>
</action>
</test>
<test id="02-SMARTWellKnownConfigurationRequired">
<name value="02-SMARTWellKnownConfigurationRequired"/>
<description value="Validate and verify a FHIR Server's SMART on FHIR Well-Known Uniform Resource Identifiers JSON document required settings."/>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="smartRequiredAuthorizeEndpoint"/>
</extension>
<description value="02: Confirm that the required authorization_endpoint attribute is present."/>
<operator value="notEmpty"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="smartRequiredCapabilities"/>
</extension>
<description value="02: Confirm that the required capabilities attribute is present."/>
<operator value="notEmpty"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="smartRequiredTokenEndpoint"/>
</extension>
<description value="02: Confirm that the required token_endpoint attribute is present."/>
<operator value="notEmpty"/>
<warningOnly value="false"/>
</assert>
</action>
</test>
<test id="03-SMARTWellKnownConfigurationRecommended">
<name value="03-SMARTWellKnownConfigurationRecommended"/>
<description value="Validate and verify a FHIR Server's SMART on FHIR Well-Known Uniform Resource Identifiers JSON document recommended settings."/>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="smartRecommendedRegistrationEndpoint"/>
</extension>
<description value="Confirm that the recommended registration_endpoint attribute is present."/>
<operator value="notEmpty"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="smartRecommendedScopesSupported"/>
</extension>
<description value="Confirm that the recommended scopes_supported attribute is present."/>
<operator value="notEmpty"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="smartRecommendedResponseTypesSupported"/>
</extension>
<description value="Confirm that the recommended response_types_supported attribute is present."/>
<operator value="notEmpty"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="smartRecommendedManagementEndpoint"/>
</extension>
<description value="Confirm that the recommended management_endpoint attribute is present."/>
<operator value="notEmpty"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="smartRecommendedIntrospectionEndpoint"/>
</extension>
<description value="Confirm that the recommended introspection_endpoint attribute is present."/>
<operator value="notEmpty"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="smartRecommendedRevocationEndpoint"/>
</extension>
<description value="Confirm that the recommended revocation_endpoint attribute is present."/>
<operator value="notEmpty"/>
<warningOnly value="true"/>
</assert>
</action>
</test>
<test id="04-CapabilitiesOAuthRequiredRecommended">
<name value="04-CapabilitiesOAuthRequiredRecommended"/>
<description value="GET and validate the FHIR Server's CapabilityStatement resource in JSON format. Verify the CapabilityStatement SMART on FHIR Declared Support for required and recommended OAuth2 Endpoints."/>
<action>
<operation>
<type>
<system value="http://touchstone.com/fhir/testscript-operation-codes-extended"/>
<code value="metadata"/>
</type>
<description value="04: GET CapabilityStatement resource in JSON format"/>
<accept value="json"/>
<encodeRequestUrl value="true"/>
<params value="metadata"/>
<requestHeader>
<field value="Authorization"/>
<value value="none"/>
</requestHeader>
<responseId value="dest1CapabilityStatementOAuth"/>
</operation>
</action>
<action>
<assert>
<description value="04: Confirm that the returned HTTP status is 200(OK)."/>
<direction value="response"/>
<responseCode value="200"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="04: Confirm that the returned HTTP Header Content-Type is present."/>
<direction value="response"/>
<headerField value="Content-Type"/>
<operator value="notEmpty"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="04: Confirm that the returned HTTP Header Content-Type contains the FHIR mime-type 'application/fhir+json'."/>
<direction value="response"/>
<contentType value="json"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="Confirm that the returned HTTP Header ETag is present. Warning only as FHIR servers SHOULD return this header."/>
<direction value="response"/>
<headerField value="ETag"/>
<operator value="notEmpty"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="04: Confirm that the returned resource type is CapabilityStatement."/>
<direction value="response"/>
<resource value="CapabilityStatement"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="04: Confirm that the returned CapabilityStatement conforms to the base FHIR specification."/>
<direction value="response"/>
<validateProfileId value="capabilities-profile"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="04: Confirm that the returned CapabilityStatement resource minimally contains the declaration of the SMART security required OAuth Endpoint authorize."/>
<direction value="response"/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('authorize').value.exists()"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="04: Confirm that the returned CapabilityStatement resource minimally contains a valid uri value in the declaration of the SMART security required OAuth Endpoint authorize."/>
<direction value="response"/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('authorize').value.startsWith('http') or CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('authorize').value.startsWith('https')"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="04: Confirm that the returned CapabilityStatement resource minimally contains the declaration of the SMART security required OAuth Endpoint token."/>
<direction value="response"/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('token').value.exists()"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="04: Confirm that the returned CapabilityStatement resource minimally contains a valid uri value in the declaration of the SMART security required OAuth Endpoint token."/>
<direction value="response"/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('token').value.startsWith('http') or CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('token').value.startsWith('https')"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<description value="04: Confirm that the returned CapabilityStatement resource minimally contains the declaration of the SMART security optional OAuth Endpoint register."/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('register').value.exists()"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="04: Confirm that the returned CapabilityStatement resource minimally contains a valid uri value in the declaration of the SMART security optional OAuth Endpoint register."/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('register').value.startsWith('http') or CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('register').value.startsWith('https')"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="04: Confirm that the returned CapabilityStatement resource minimally contains the declaration of the SMART security optional OAuth Endpoint manage."/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('manage').value.exists()"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="04: Confirm that the returned CapabilityStatement resource minimally contains a valid uri value in the declaration of the SMART security optional OAuth Endpoint manage."/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('manage').value.startsWith('http') or CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('manage').value.startsWith('https')"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="04: Confirm that the returned CapabilityStatement resource minimally contains the declaration of the SMART security optional OAuth Endpoint introspect."/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('introspect').value.exists()"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="04: Confirm that the returned CapabilityStatement resource minimally contains a valid uri value in the declaration of the SMART security optional OAuth Endpoint introspect."/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('introspect').value.startsWith('http') or CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('introspect').value.startsWith('https')"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="04: Confirm that the returned CapabilityStatement resource minimally contains the declaration of the SMART security optional OAuth Endpoint revoke."/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('revoke').value.exists()"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<description value="04: Confirm that the returned CapabilityStatement resource minimally contains a valid uri value in the declaration of the SMART security optional OAuth Endpoint revoke."/>
<expression value="CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('revoke').value.startsWith('http') or CapabilityStatement.rest.where(mode = 'server').security.extension('http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris').extension('revoke').value.startsWith('https')"/>
<sourceId value="dest1CapabilityStatementOAuth"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-rule">
<extension url="ruleId">
<valueId value="RuleSMARTonFHIROAuthGetEndpoints"/>
</extension>
<extension url="param">
<extension url="name">
<valueString value="outputPrefix"/>
</extension>
<extension url="value">
<valueString value="rule-capStmt"/>
</extension>
</extension>
<extension url="output">
<extension url="name">
<valueString value="rule-capStmtRecommendedRevocationEndpoint"/>
</extension>
</extension>
<extension url="output">
<extension url="name">
<valueString value="rule-capStmtRecommendedIntrospectionEndpoint"/>
</extension>
</extension>
<extension url="output">
<extension url="name">
<valueString value="rule-capStmtRecommendedManagementEndpoint"/>
</extension>
</extension>
<extension url="output">
<extension url="name">
<valueString value="rule-capStmtRecommendedRegistrationEndpoint"/>
</extension>
</extension>
</extension>
<warningOnly value="false"/>
</assert>
</action>
</test>
<test id="05a-CapabilitySMARTMatchRequired">
<name value="05a-CapabilitySMARTMatchRequired"/>
<description value="Verify that the required CapabilityStatement SMART security OAuth endpoint values match the required SMART on FHIR Well-Known endpoint attributes."/>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="capStmtRequiredAuthorizeEndpoint"/>
</extension>
<description value="05: Verify that the required CapabilityStatement SMART security OAuth endpoint authorize value matches the required SMART on FHIR Well-Known authorization_endpoint attribute."/>
<operator value="equals"/>
<sourceId value="dest1SMARTOnFHIRWellKnown"/>
<value value="${smartRequiredAuthorizeEndpoint}"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="capStmtRequiredTokenEndpoint"/>
</extension>
<description value="05: Verify that the required CapabilityStatement SMART security OAuth endpoint token value matches the required SMART on FHIR Well-Known token_endpoint attribute."/>
<operator value="equals"/>
<sourceId value="dest1SMARTOnFHIRWellKnown"/>
<value value="${smartRequiredTokenEndpoint}"/>
<warningOnly value="false"/>
</assert>
</action>
</test>
<test id="05b-CapabilitySMARTMatchRecommended">
<name value="05b-CapabilitySMARTMatchRecommended"/>
<description value="Verify that the optional CapabilityStatement SMART security OAuth endpoint values match the recommended SMART on FHIR Well-Known endpoint attributes."/>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-rule">
<extension url="ruleId">
<valueId value="RuleSMARTonFHIROAuthConpareValues"/>
</extension>
<extension url="param">
<extension url="name">
<valueString value="inputOne"/>
</extension>
<extension url="value">
<valueString value="${rule-capStmtRecommendedRegistrationEndpoint}"/>
</extension>
</extension>
<extension url="param">
<extension url="name">
<valueString value="inputTwo"/>
</extension>
<extension url="value">
<valueString value="${rule-smartRecommendedRegistrationEndpoint}"/>
</extension>
</extension>
</extension>
<description value="05: Verify that the optional CapabilityStatement SMART security OAuth endpoint register value matches the recommended SMART on FHIR Well-Known registration_endpoint attribute."/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-rule">
<extension url="ruleId">
<valueId value="RuleSMARTonFHIROAuthConpareValues"/>
</extension>
<extension url="param">
<extension url="name">
<valueString value="inputOne"/>
</extension>
<extension url="value">
<valueString value="${rule-capStmtRecommendedManagementEndpoint}"/>
</extension>
</extension>
<extension url="param">
<extension url="name">
<valueString value="inputTwo"/>
</extension>
<extension url="value">
<valueString value="${rule-smartRecommendedManagementEndpoint}"/>
</extension>
</extension>
</extension>
<description value="05: Verify that the optional CapabilityStatement SMART security OAuth endpoint manage value matches the recommended SMART on FHIR Well-Known management_endpoint attribute."/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-rule">
<extension url="ruleId">
<valueId value="RuleSMARTonFHIROAuthConpareValues"/>
</extension>
<extension url="param">
<extension url="name">
<valueString value="inputOne"/>
</extension>
<extension url="value">
<valueString value="${rule-capStmtRecommendedIntrospectionEndpoint}"/>
</extension>
</extension>
<extension url="param">
<extension url="name">
<valueString value="inputTwo"/>
</extension>
<extension url="value">
<valueString value="${rule-smartRecommendedIntrospectionEndpoint}"/>
</extension>
</extension>
</extension>
<description value="05: Verify that the optional CapabilityStatement SMART security OAuth endpoint introspect value matches the recommended SMART on FHIR Well-Known introspection_endpoint attribute."/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-rule">
<extension url="ruleId">
<valueId value="RuleSMARTonFHIROAuthConpareValues"/>
</extension>
<extension url="param">
<extension url="name">
<valueString value="inputOne"/>
</extension>
<extension url="value">
<valueString value="${rule-capStmtRecommendedRevocationEndpoint}"/>
</extension>
</extension>
<extension url="param">
<extension url="name">
<valueString value="inputTwo"/>
</extension>
<extension url="value">
<valueString value="${rule-smartRecommendedRevocationEndpoint}"/>
</extension>
</extension>
</extension>
<description value="05: Verify that the optional CapabilityStatement SMART security OAuth endpoint revoke value matches the recommended SMART on FHIR Well-Known revocation_endpoint attribute."/>
<warningOnly value="true"/>
</assert>
</action>
</test>
</TestScript>