FI 3093: Transition to use auth info (WIP) #84
Conversation
…s mode Signed-off-by: Vanessa Fotso <[email protected]>
Signed-off-by: Vanessa Fotso <[email protected]>
Signed-off-by: Vanessa Fotso <[email protected]>
Signed-off-by: Vanessa Fotso <[email protected]>
Signed-off-by: Vanessa Fotso <[email protected]>
Signed-off-by: Vanessa Fotso <[email protected]>
Signed-off-by: Vanessa Fotso <[email protected]>
There was a problem hiding this comment.
I really don't like all of the linting changes in this branch. The real changes in this PR are already large, and all the linting fixes make it harder to focus on what matters. This branch is also likely to be open for some time, so there's a lot of potential for conflicts due to these changes which are unrelated to the substance of this PR.
The token url is still defined as a separate input in a lot of places. Is this due to an http client relying on it? If so, I think it's worth just ditching those http clients which are doing very little and making requests using the full url.
| title: 'Proof Key for Code Exchange (PKCE)', | ||
| type: 'radio', | ||
| default: 'false', | ||
| input :url, :smart_authorization_url |
There was a problem hiding this comment.
The authorization url is one of the auth_info fields.
| } | ||
| ] | ||
| } | ||
|
|
||
| input :smart_token_url, |
There was a problem hiding this comment.
This is an auth_info field.
| :smart_token_url | ||
| input :backend_services_jwks_kid, | ||
| optional: true | ||
| input :smart_token_url |
There was a problem hiding this comment.
This is an auth_info field.
| @@ -30,11 +30,11 @@ class BackendServicesAuthorizationResponseBodyTest < Inferno::Test | |||
|
|
|||
| output bearer_token: access_token | |||
|
|
|||
| required_keys = ['token_type', 'expires_in', 'scope'] | |||
| required_keys = %w[token_type expires_in scope] | |||
There was a problem hiding this comment.
Let's not use the %whatever array forms.
| :smart_token_url | ||
| input :backend_services_jwks_kid, | ||
| optional: true | ||
| input :smart_token_url |
There was a problem hiding this comment.
This is an auth_info field.
| :smart_token_url | ||
| input :backend_services_jwks_kid, | ||
| optional: true | ||
| input :smart_token_url |
There was a problem hiding this comment.
This is an auth_info field.
| :smart_token_url | ||
| input :backend_services_jwks_kid, | ||
| optional: true | ||
| input :smart_token_url |
There was a problem hiding this comment.
This is an auth_info field.
| end | ||
|
|
||
| def jwt_payload | ||
| { iss:, sub:, aud:, exp:, jti: }.compact | ||
| end | ||
|
|
||
| def signing_key | ||
| private_key() | ||
| private_key |
There was a problem hiding this comment.
Get rid of this and just make the next line if private_key.nil?.
| } | ||
| ] | ||
| } | ||
| input :code, :smart_token_url |
There was a problem hiding this comment.
Token url is an auth_info field.
| @@ -16,17 +16,18 @@ class TokenRefreshTest < Inferno::Test | |||
| the Pragma response header field with a value of no-cache to be | |||
| consistent with the requirements of the inital access token exchange. | |||
| ) | |||
| input :smart_token_url, :refresh_token, :client_id, :received_scopes | |||
| input :client_secret, optional: true | |||
| input :smart_token_url, :refresh_token, :received_scopes | |||
There was a problem hiding this comment.
Token url and refresh token are auth_info fields. Received scopes isn't, but maybe it should be?
I'll disable the auto-lint from my editor. Regarding the other |
Aren't these tests also receiving an auth_info input, so the value could just be extracted from there? |
Signed-off-by: Vanessa Fotso <[email protected]>
Signed-off-by: Vanessa Fotso <[email protected]>
Signed-off-by: Vanessa Fotso <[email protected]>
Signed-off-by: Vanessa Fotso <[email protected]>
Signed-off-by: Vanessa Fotso <[email protected]>
Signed-off-by: Vanessa Fotso <[email protected]>
| input :standalone_access_token, | ||
| title: 'Access Token', | ||
| description: 'The access token to be introspected. MUST be active.' | ||
| input :standalone_smart_auth_info, type: :auth_info, options: { mode: 'auth' } |
There was a problem hiding this comment.
This should be access mode.
| components: [ | ||
| { | ||
| name: :auth_type, | ||
| type: 'select', |
There was a problem hiding this comment.
You shouldn't have to specify the type for these, right?
| @@ -16,22 +16,20 @@ class OpenIDTokenPayloadTest < Inferno::Test | |||
| - `sub` must be a non-blank string not exceeding 255 characters in length | |||
| ) | |||
|
|
|||
| REQUIRED_CLAIMS = ['iss', 'sub', 'aud', 'exp', 'iat'].freeze | |||
| REQUIRED_CLAIMS = %w[iss sub aud exp iat].freeze | |||
There was a problem hiding this comment.
Please revert this change.
Signed-off-by: Vanessa Fotso <[email protected]>
Signed-off-by: Vanessa Fotso <[email protected]>
Signed-off-by: Vanessa Fotso <[email protected]>
Signed-off-by: Vanessa Fotso <[email protected]>
Summary
This branch fully transitions all versions of the SMART App Launch (STU1, STU2, and STU2.2) to use the
auth_infofeature for collecting authentication credentials during tests, replacing the use ofoauth_credentials.Testing Instructions
Todo:
inferno_coregem to its repository'smainbranch (required to customize theauth_infoauthentication type options) and test theauth_typecustomization.inferno_coreversion.