| Name | /FHIRSandbox/DaVinci/FHIR4-0-1-Formulary/Formulary-STU1-1-0/00-SMART-on-FHIR/02-Public-Client-Test/public-launch-patient |
|---|
| Description | SMART on FHIR Public Launch with Patient Scope Tests - Perform Public SMART launch sequence and test OpenID Connect and token refresh functionality. Select to run this test IF your SMART on FHIR server supports a PUBLIC Client. See other tests in this testset for Confidential Client testing. |
|---|
| Version | 1 | Latest | 1 |
|---|
<?xml version="1.0" encoding="UTF-8"?>
<TestScript xmlns="http://hl7.org/fhir">
<id value="Public-launch-patient"/>
<meta>
<profile value="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript"/>
</meta>
<text>
<status value="generated"/>
<div xmlns="http://www.w3.org/1999/xhtml">
<p>Public Launch with Patient Scope</p>
</div>
</text>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-rule">
<extension url="ruleId">
<valueId value="rule-verifyScopes"/>
</extension>
<extension url="path">
<valueString value="/FHIRCommon/_reference/rule/VerifyOAuth2Scopes.groovy"/>
</extension>
</extension>
<url value="http://wildfhir.aegis.net/fhir4-0-1/TestScript/security-fhir-r4-Public-launch-patient"/>
<name value="PublicLaunchWithPatientScope"/>
<title value="Public Launch with Patient Scope"/>
<status value="active"/>
<date value="2021-01-15"/>
<publisher value="AEGIS.net, Inc."/>
<contact>
<name value="Touchstone Support"/>
<telecom>
<system value="email"/>
<value value="Touchstone_Support@aegis.net"/>
<use value="work"/>
</telecom>
</contact>
<description value="SMART on FHIR Public Launch with Patient Scope Tests - Perform Public SMART launch sequence and test OpenID Connect and token refresh functionality. Select to run this test IF your SMART on FHIR server supports a PUBLIC Client. See other tests in this testset for Confidential Client testing."/>
<copyright value="This FHIR Test Script is licensed under Creative Commons (CC0) 'No Rights Reserved'. Learn more at https://creativecommons.org/licenses"/>
<fixture id="get-token">
<autocreate value="false"/>
<autodelete value="false"/>
<resource>
<reference value="../_reference/public-oauth2-get-token.frm"/>
</resource>
</fixture>
<variable>
<name value="authorizeEndpoint"/>
<path value=".authorization_endpoint"/>
<sourceId value="dest1SmartConfig"/>
</variable>
<variable>
<name value="tokenEndpoint"/>
<path value=".token_endpoint"/>
<sourceId value="dest1SmartConfig"/>
</variable>
<variable>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-variable-paramField">
<valueString value="state"/>
</extension>
<name value="oauth2AuthzRequest1StateParam"/>
<sourceId value="oauth2AuthzRequest1"/>
</variable>
<variable>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-variable-paramField">
<valueString value="redirect_uri"/>
</extension>
<name value="oauth2AuthzRequest1RedirectUri"/>
<sourceId value="oauth2AuthzRequest1"/>
</variable>
<variable>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-variable-paramField">
<valueString value="code"/>
</extension>
<name value="oauth2AuthzRedirect1AuthCode"/>
<sourceId value="oauth2AuthzRedirect1"/>
</variable>
<variable>
<name value="oauth2RequiredScopes"/>
<defaultValue value="launch/patient openid fhirUser offline_access patient/List.read patient/MedicationKnowledge.read"/>
</variable>
<variable>
<name value="oauth2GetTokenResponsePatientId"/>
<path value=".patient"/>
<sourceId value="oauth2GetTokenResponse1"/>
</variable>
<variable>
<name value="oauth2GetTokenResponseAccessToken"/>
<path value=".access_token"/>
<sourceId value="oauth2GetTokenResponse1"/>
</variable>
<variable>
<name value="oauth2GetTokenResponseRefreshToken"/>
<path value=".refresh_token"/>
<sourceId value="oauth2GetTokenResponse1"/>
</variable>
<variable>
<name value="oauth2GetTokenResponseGrantedScopes"/>
<path value=".scope"/>
<sourceId value="oauth2GetTokenResponse1"/>
</variable>
<variable>
<name value="oauth2GetTokenResponse1IdToken"/>
<path value=".id_token"/>
<sourceId value="oauth2GetTokenResponse1"/>
</variable>
<test id="01-PublicLaunchWithPatientScope">
<name value="01 - Public Launch With Patient Scope"/>
<description value="Perform Standalone SMART launch sequence and test OpenID Connect and token refresh functionality."/>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="true"/>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="authorizeEndpoint"/>
</extension>
<description value="Verify that OAuth2 Authorize endpoint has been defined in Smart configuration before using it in next operation"/>
<operator value="notEmpty"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<operation>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-operation-oauth2AuthzRequestId">
<valueId value="oauth2AuthzRequest1"/>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-operation-oauth2AuthzRedirectId">
<valueId value="oauth2AuthzRedirect1"/>
</extension>
<type>
<system value="http://touchstone.aegis.net/touchstone/fhir/testing/CodeSystem/codesystem-testscript-operation-codes"/>
<code value="oauth2-authorize"/>
</type>
<description value="Redirect user to the authorize endpoint for target test system specified in smart configuration"/>
<encodeRequestUrl value="true"/>
<url value="${authorizeEndpoint}?client_id=${dest1SystemConfig.clientId}&scope=${oauth2RequiredScopes}&aud=${dest1SystemConfig.baseUrl}"/>
</operation>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="02: OAuth server redirects client browser to app redirect URI. Client browser redirected from OAuth server to redirect URI of client app as described in SMART authorization sequence."/>
<direction value="request"/>
<operator value="contains"/>
<requestURL value="/oauth2/authcode/redirect"/>
<sourceId value="oauth2AuthzRedirect1"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="03: Client app receives code parameter. Code and state are required querystring parameters."/>
<operator value="notEmpty"/>
<requestURL value="queryParam: ?code"/>
<sourceId value="oauth2AuthzRedirect1"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="03: Touchstone Client app receives correct state parameter from OAuth server at redirect URI. State must be the exact value received from the client."/>
<operator value="equals"/>
<requestURL value="queryParam: ?state=${oauth2AuthzRequest1StateParam}"/>
<sourceId value="oauth2AuthzRedirect1"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="true"/>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="tokenEndpoint"/>
</extension>
<description value="Verify that OAuth2 Token endpoint has been defined in Smart configuration before using it in next operation"/>
<operator value="notEmpty"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<operation>
<type>
<system value="http://touchstone.aegis.net/touchstone/fhir/testing/CodeSystem/codesystem-testscript-operation-codes"/>
<code value="oauth2-get-token"/>
</type>
<description value="07: OAuth token exchange request succeeds when supplied correct information. After obtaining an authorization code, the app trades the code for an access token via HTTP POST to the EHR authorization server’s token endpoint URL, using content-type application/x-www-form-urlencoded"/>
<encodeRequestUrl value="true"/>
<requestHeader>
<field value="Accept"/>
<value value="application/json"/>
</requestHeader>
<requestHeader>
<field value="Authorization"/>
<value value="none"/>
</requestHeader>
<responseId value="oauth2GetTokenResponse1"/>
<sourceId value="get-token"/>
<url value="${tokenEndpoint}"/>
</operation>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="07: OAuth token exchange request succeeds when supplied correct information"/>
<operator value="in"/>
<responseCode value="200,201"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="08: OAuth token exchange response body contains access_token."/>
<operator value="notEmpty"/>
<path value=".access_token"/>
<sourceId value="oauth2GetTokenResponse1"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="08: OAuth token exchange response body contains scope."/>
<operator value="notEmpty"/>
<path value=".scope"/>
<sourceId value="oauth2GetTokenResponse1"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="08: OAuth token exchange response body contains token_type value of Bearer."/>
<operator value="in"/>
<path value=".token_type"/>
<sourceId value="oauth2GetTokenResponse1"/>
<value value="Bearer,bearer"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="08: OAuth token exchange response body contains expires_in which is required for token refreshes."/>
<operator value="notEmpty"/>
<path value=".expires_in"/>
<sourceId value="oauth2GetTokenResponse1"/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="08: OAuth token exchange response body contains id_token which is required for public clients."/>
<operator value="notEmpty"/>
<path value=".id_token"/>
<sourceId value="oauth2GetTokenResponse1"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-rule">
<extension url="ruleId">
<valueId value="rule-verifyScopes"/>
</extension>
<extension url="param">
<extension url="name">
<valueString value="expectedScopes"/>
</extension>
<extension url="value">
<valueString value="${oauth2RequiredScopes}"/>
</extension>
</extension>
<extension url="param">
<extension url="name">
<valueString value="grantedScopes"/>
</extension>
<extension url="value">
<valueString value="${oauth2GetTokenResponseGrantedScopes}"/>
</extension>
</extension>
</extension>
<description value="08: OAuth token exchange response body contains required information encoded in JSON. The EHR authorization server shall return a JSON structure that includes an access token or a message indicating that the authorization request has been denied. access_token, token_type, and scope are required. token_type must be Bearer. expires_in is required for token refreshes."/>
<warningOnly value="true"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="09: OAuth token exchange response includes correct HTTP Cache-Control header. The authorization servers response must include the HTTP Cache-Control response header field with a value of no-store."/>
<headerField value="Cache-Control"/>
<operator value="equals"/>
<sourceId value="oauth2GetTokenResponse1"/>
<value value="no-store"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="09: OAuth token exchange response includes correct HTTP Pragma header. The authorization servers response must include the HTTP Pragma response header field with a value of no-cache."/>
<headerField value="Pragma"/>
<operator value="equals"/>
<sourceId value="oauth2GetTokenResponse1"/>
<value value="no-cache"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="12: OAuth token exchange response body contains patient context"/>
<operator value="notEmpty"/>
<path value=".patient"/>
<sourceId value="oauth2GetTokenResponse1"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<operation>
<type>
<system value="http://terminology.hl7.org/CodeSystem/testscript-operation-codes"/>
<code value="read"/>
</type>
<resource value="Patient"/>
<description value="12: Patient resource can be retrieved with the right credentials."/>
<accept value="json"/>
<encodeRequestUrl value="true"/>
<params value="/${oauth2GetTokenResponsePatientId}"/>
<requestHeader>
<field value="Authorization"/>
<value value="Bearer ${oauth2GetTokenResponseAccessToken}"/>
</requestHeader>
</operation>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="12: Patient resource can be retrieved with the right credentials."/>
<operator value="equals"/>
<responseCode value="200"/>
<warningOnly value="false"/>
</assert>
</action>
</test>
</TestScript>