| Name | /FHIRSandbox/DaVinci/FHIR4-0-1-Formulary/Formulary-STU1-1-0/00-SMART-on-FHIR/03-Confid-Client-Test/standalone-launch-patient-token-exception |
|---|
| Description | SMART on FHIR Stand-Alone Launch with Patient Scope Tests - Token Exception - Test failed states for Confidential SMART launch sequence. Select to run this test IF your SMART on FHIR server supports CONFIDENTIAL Client. See other tests in this testset for Public Client testing. |
|---|
| Version | 1 | Latest | 1 |
|---|
<?xml version="1.0" encoding="UTF-8"?>
<TestScript xmlns="http://hl7.org/fhir">
<id value="standalone-launch-patient-token-exception"/>
<meta>
<profile value="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript"/>
</meta>
<text>
<status value="generated"/>
<div xmlns="http://www.w3.org/1999/xhtml">
<p>Standalone Launch with Patient Scope - Token Exception</p>
</div>
</text>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-rule">
<extension url="ruleId">
<valueId value="rule-assertStringLiteralContains"/>
</extension>
<extension url="path">
<valueString value="/FHIRCommon/_reference/rule/AssertStringLiteralContains.groovy"/>
</extension>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-rule">
<extension url="ruleId">
<valueId value="rule-decodeIdToken"/>
</extension>
<extension url="path">
<valueString value="/FHIRCommon/_reference/rule/DecodeIdToken.groovy"/>
</extension>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-rule">
<extension url="ruleId">
<valueId value="rule-extractKeyBodyFromJwksAndValidateKid"/>
</extension>
<extension url="path">
<valueString value="/FHIRCommon/_reference/rule/ExtractKeyBodyFromJwksAndValidateKid.groovy"/>
</extension>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-rule">
<extension url="ruleId">
<valueId value="rule-verifyIdToken"/>
</extension>
<extension url="path">
<valueString value="/FHIRCommon/_reference/rule/VerifyIdTokenAgainstJwks.groovy"/>
</extension>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-rule">
<extension url="ruleId">
<valueId value="rule-verifyScopes"/>
</extension>
<extension url="path">
<valueString value="/FHIRCommon/_reference/rule/VerifyOAuth2Scopes.groovy"/>
</extension>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-rule">
<extension url="ruleId">
<valueId value="rule-verifyTLS"/>
</extension>
<extension url="path">
<valueString value="/FHIRCommon/_reference/rule/VerifyTLS.groovy"/>
</extension>
</extension>
<url value="http://wildfhir.aegis.net/fhir4-0-1/TestScript/standalone-launch-patient"/>
<name value="StandaloneLaunchWithPatientScopeTokenException"/>
<title value="Standalone Launch with Patient Scope - Token Exception"/>
<status value="active"/>
<date value="2021-12-20"/>
<publisher value="AEGIS.net, Inc."/>
<contact>
<name value="Touchstone Support"/>
<telecom>
<system value="email"/>
<value value="Touchstone_Support@aegis.net"/>
<use value="work"/>
</telecom>
</contact>
<description value="SMART on FHIR Stand-Alone Launch with Patient Scope Tests - Token Exception - Test failed states for Confidential SMART launch sequence. Select to run this test IF your SMART on FHIR server supports CONFIDENTIAL Client. See other tests in this testset for Public Client testing."/>
<copyright value="This FHIR Test Script is licensed under Creative Commons (CC0) 'No Rights Reserved'. Learn more at https://creativecommons.org/licenses"/>
<fixture id="get-token-bad-code">
<autocreate value="false"/>
<autodelete value="false"/>
<resource>
<reference value="../_reference/oauth2-get-token-bad-code.frm"/>
</resource>
</fixture>
<fixture id="get-token">
<autocreate value="false"/>
<autodelete value="false"/>
<resource>
<reference value="../_reference/oauth2-get-token.frm"/>
</resource>
</fixture>
<fixture id="refresh-token-valid-no-scope">
<autocreate value="false"/>
<autodelete value="false"/>
<resource>
<reference value="../_reference/oauth2-refresh-token-no-scope.frm"/>
</resource>
</fixture>
<fixture id="refresh-token-valid-with-scope">
<autocreate value="false"/>
<autodelete value="false"/>
<resource>
<reference value="../_reference/oauth2-refresh-token-with-scope.frm"/>
</resource>
</fixture>
<fixture id="refresh-token-with-invalid-refresh-token">
<autocreate value="false"/>
<autodelete value="false"/>
<resource>
<reference value="../_reference/oauth2-refresh-token-with-invalid-refresh-token.frm"/>
</resource>
</fixture>
<variable>
<name value="authorizeEndpoint"/>
<path value=".authorization_endpoint"/>
<sourceId value="dest1SmartConfig"/>
</variable>
<variable>
<name value="tokenEndpoint"/>
<path value=".token_endpoint"/>
<sourceId value="dest1SmartConfig"/>
</variable>
<variable>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-variable-paramField">
<valueString value="state"/>
</extension>
<name value="oauth2AuthzRequest1StateParam"/>
<sourceId value="oauth2AuthzRequest1"/>
</variable>
<variable>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-variable-paramField">
<valueString value="redirect_uri"/>
</extension>
<name value="oauth2AuthzRequest1RedirectUri"/>
<sourceId value="oauth2AuthzRequest1"/>
</variable>
<variable>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-variable-paramField">
<valueString value="code"/>
</extension>
<name value="oauth2AuthzRedirect1AuthCode"/>
<sourceId value="oauth2AuthzRedirect1"/>
</variable>
<variable>
<name value="oauth2RequiredScopes"/>
<defaultValue value="launch/patient openid fhirUser offline_access patient/List.read patient/MedicationKnowledge.read"/>
</variable>
<variable>
<name value="oauth2GetTokenResponsePatientId"/>
<path value=".patient"/>
<sourceId value="oauth2GetTokenResponse1"/>
</variable>
<variable>
<name value="oauth2GetTokenResponseAccessToken"/>
<path value=".access_token"/>
<sourceId value="oauth2GetTokenResponse1"/>
</variable>
<variable>
<name value="oauth2GetTokenResponseRefreshToken"/>
<path value=".refresh_token"/>
<sourceId value="oauth2GetTokenResponse1"/>
</variable>
<variable>
<name value="oauth2GetTokenResponseGrantedScopes"/>
<path value=".scope"/>
<sourceId value="oauth2GetTokenResponse1"/>
</variable>
<variable>
<name value="oauth2GetTokenResponse1IdToken"/>
<path value=".id_token"/>
<sourceId value="oauth2GetTokenResponse1"/>
</variable>
<variable>
<name value="oauth2RefreshTokenResponsePatientId"/>
<path value=".patient"/>
<sourceId value="oauth2RefreshTokenResponse4"/>
</variable>
<variable>
<name value="oauth2RefreshTokenResponseAccessToken"/>
<path value=".access_token"/>
<sourceId value="oauth2RefreshTokenResponse4"/>
</variable>
<variable>
<name value="jwksUriInOpenIdConfigResponse"/>
<path value=".jwks_uri"/>
<sourceId value="openIdConfigResponse"/>
</variable>
<variable>
<name value="issuerInOpenIdConfigResponse"/>
<path value=".issuer"/>
<sourceId value="openIdConfigResponse"/>
</variable>
<variable>
<name value="signingAlgValuesSupportedInOpenIdConfigResponse"/>
<path value=".id_token_signing_alg_values_supported"/>
<sourceId value="openIdConfigResponse"/>
</variable>
<test id="01-StandaloneLaunchWithPatientScope">
<name value="01 - Standalone Launch With Patient Scope"/>
<description value="Perform Standalone SMART launch sequence and test OpenID Connect and token refresh functionality."/>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="true"/>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="authorizeEndpoint"/>
</extension>
<description value="Verify that OAuth2 Authorize endpoint has been defined in Smart configuration before using it in next operation"/>
<operator value="notEmpty"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-rule">
<extension url="ruleId">
<valueId value="rule-verifyTLS"/>
</extension>
<extension url="param">
<extension url="name">
<valueString value="endpointName"/>
</extension>
<extension url="value">
<valueString value="OAuth2 Authorize Endpoint"/>
</extension>
</extension>
<extension url="param">
<extension url="name">
<valueString value="endpointURL"/>
</extension>
<extension url="value">
<valueString value="${authorizeEndpoint}"/>
</extension>
</extension>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="OAuth 2.0 authorize endpoint secured by transport layer security. Apps MUST assure that sensitive information (authentication secrets, authorization codes, tokens) is transmitted ONLY to authenticated servers, over TLS-secured channels."/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<operation>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-operation-oauth2AuthzRequestId">
<valueId value="oauth2AuthzRequest1"/>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-operation-oauth2AuthzRedirectId">
<valueId value="oauth2AuthzRedirect1"/>
</extension>
<type>
<system value="http://touchstone.aegis.net/touchstone/fhir/testing/CodeSystem/codesystem-testscript-operation-codes"/>
<code value="oauth2-authorize"/>
</type>
<description value="Redirect user to the authorize endpoint for target test system specified in smart configuration"/>
<encodeRequestUrl value="true"/>
<url value="${authorizeEndpoint}?client_id=${dest1SystemConfig.clientId}&scope=${oauth2RequiredScopes}&aud=${dest1SystemConfig.baseUrl}"/>
</operation>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="OAuth server redirects client browser to app redirect URI. Client browser redirected from OAuth server to redirect URI of client app as described in SMART authorization sequence."/>
<direction value="request"/>
<operator value="contains"/>
<requestURL value="/oauth2/authcode/redirect"/>
<sourceId value="oauth2AuthzRedirect1"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="Client app receives code parameter. Code and state are required querystring parameters."/>
<operator value="notEmpty"/>
<requestURL value="queryParam: ?code"/>
<sourceId value="oauth2AuthzRedirect1"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="Touchstone Client app receives correct state parameter from OAuth server at redirect URI. State must be the exact value received from the client."/>
<operator value="equals"/>
<requestURL value="queryParam: ?state=${oauth2AuthzRequest1StateParam}"/>
<sourceId value="oauth2AuthzRedirect1"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="true"/>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-variable">
<valueString value="tokenEndpoint"/>
</extension>
<description value="Verify that OAuth2 Token endpoint has been defined in Smart configuration before using it in next operation"/>
<operator value="notEmpty"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-rule">
<extension url="ruleId">
<valueId value="rule-verifyTLS"/>
</extension>
<extension url="param">
<extension url="name">
<valueString value="endpointName"/>
</extension>
<extension url="value">
<valueString value="OAuth2 Token Endpoint"/>
</extension>
</extension>
<extension url="param">
<extension url="name">
<valueString value="endpointURL"/>
</extension>
<extension url="value">
<valueString value="${tokenEndpoint}"/>
</extension>
</extension>
</extension>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="OAuth token exchange endpoint secured by transport layer security."/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<operation>
<type>
<system value="http://touchstone.aegis.net/touchstone/fhir/testing/CodeSystem/codesystem-testscript-operation-codes"/>
<code value="oauth2-get-token"/>
</type>
<description value="OAuth token exchange fails when supplied invalid code"/>
<encodeRequestUrl value="true"/>
<requestHeader>
<field value="Accept"/>
<value value="application/json"/>
</requestHeader>
<requestHeader>
<field value="Authorization"/>
<value value="Basic ${dest1SystemConfig.clientId}:${dest1SystemConfig.clientSecret}"/>
</requestHeader>
<sourceId value="get-token-bad-code"/>
<url value="${tokenEndpoint}"/>
</operation>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="OAuth token exchange fails when supplied invalid code"/>
<operator value="in"/>
<responseCode value="400,401"/>
<warningOnly value="false"/>
</assert>
</action>
<action>
<operation>
<type>
<system value="http://touchstone.aegis.net/touchstone/fhir/testing/CodeSystem/codesystem-testscript-operation-codes"/>
<code value="oauth2-get-token"/>
</type>
<description value="OAuth token exchange fails when supplied invalid client_id"/>
<encodeRequestUrl value="true"/>
<requestHeader>
<field value="Accept"/>
<value value="application/json"/>
</requestHeader>
<requestHeader>
<field value="Authorization"/>
<value value="Basic invalidClientId:${dest1SystemConfig.clientSecret}"/>
</requestHeader>
<sourceId value="get-token-bad-code"/>
<url value="${tokenEndpoint}"/>
</operation>
</action>
<action>
<assert>
<extension url="http://touchstone.aegis.net/touchstone/fhir/testing/StructureDefinition/testscript-assert-stopTestOnFail">
<valueBoolean value="false"/>
</extension>
<description value="OAuth token exchange fails when supplied invalid client_id"/>
<operator value="in"/>
<responseCode value="400,401"/>
<warningOnly value="false"/>
</assert>
</action>
</test>
</TestScript>