inferno-framework · vanessuniq · Nov 13, 2024 · Nov 21, 2024 · Dec 3, 2024 · Dec 4, 2024
diff --git a/.env b/.env
@@ -1 +1 @@
-JS_HOST=""
+JS_HOST=""
diff --git a/config/presets/inferno_reference_server_preset.json b/config/presets/inferno_reference_server_preset.json
@@ -9,95 +9,14 @@
       "value": "https://inferno.healthit.gov/reference-server/r4"
     },
     {
-      "name": "standalone_client_id",
-      "type": "text",
-      "value": "SAMPLE_PUBLIC_CLIENT_ID"
-    },
-    {
-      "name": "standalone_requested_scopes",
-      "type": "text",
-      "value": "launch/patient openid fhirUser offline_access patient/*.read"
-    },
-    {
-      "name": "use_pkce",
-      "type": "radio",
-      "title": "Proof Key for Code Exchange (PKCE)",
-      "options": {
-        "list_options": [
-          {
-            "label": "Enabled",
-            "value": "true"
-          },
-          {
-            "label": "Disabled",
-            "value": "false"
-          }
-        ]
-      },
-      "value": "false"
-    },
-    {
-      "name": "pkce_code_challenge_method",
-      "type": "radio",
-      "optional": true,
-      "title": "PKCE Code Challenge Method",
-      "options": {
-        "list_options": [
-          {
-            "label": "S256",
-            "value": "S256"
-          },
-          {
-            "label": "plain",
-            "value": "plain"
-          }
-        ]
-      },
-      "value": "S256"
-    },
-    {
-      "name": "client_auth_type",
-      "value": "public",
-      "_title": "Client Authentication Method",
-      "_type": "radio",
-      "_options": {
-        "list_options": [
-          {
-            "label": "Public",
-            "value": "public"
-          },
-          {
-            "label": "Confidential Symmetric",
-            "value": "confidential_symmetric"
-          },
-          {
-            "label": "Confidential Asymmetric",
-            "value": "confidential_asymmetric"
-          }
-        ]
-      }
+      "name": "standalone_smart_auth_info",
+      "type": "auth_info",
+      "value": "{\"auth_type\":\"public\",\"use_discovery\":\"true\",\"requested_scopes\":\"launch/patient openid fhirUser offline_access patient/*.read\",\"client_id\":\"SAMPLE_PUBLIC_CLIENT_ID\",\"pkce_support\":\"disabled\",\"auth_request_method\":\"GET\"}"
     },
     {
-      "name": "standalone_client_secret",
-      "type": "text",
-      "optional": true,
-      "value": null
-    },
-    {
-      "name": "ehr_client_id",
-      "type": "text",
-      "value": "SAMPLE_PUBLIC_CLIENT_ID"
-    },
-    {
-      "name": "ehr_requested_scopes",
-      "type": "text",
-      "value": "launch openid fhirUser offline_access user/*.read"
-    },
-    {
-      "name": "ehr_client_secret",
-      "type": "text",
-      "optional": true,
-      "value": null
+      "name": "ehr_smart_auth_info",
+      "type": "auth_info",
+      "value": "{\"auth_type\":\"public\",\"use_discovery\":\"true\",\"requested_scopes\":\"launch openid fhirUser offline_access user/*.read\",\"client_id\":\"SAMPLE_PUBLIC_CLIENT_ID\",\"pkce_support\":\"disabled\",\"auth_request_method\":\"GET\"}"
     }
   ]
 }
diff --git a/config/presets/inferno_reference_server_stu2_2_preset.json b/config/presets/inferno_reference_server_stu2_2_preset.json
@@ -9,81 +9,19 @@
       "value": "https://inferno.healthit.gov/reference-server/r4"
     },
     {
-      "name": "standalone_client_id",
-      "type": "text",
-      "value": "SAMPLE_PUBLIC_CLIENT_ID"
-    },
-    {
-      "name": "standalone_requested_scopes",
-      "type": "text",
-      "value": "launch/patient openid fhirUser offline_access patient/*.read"
-    },
-    {
-      "name": "standalone_client_secret",
-      "type": "text",
-      "optional": true,
-      "value": null
+      "name": "standalone_smart_auth_info",
+      "type": "auth_info",
+      "value": "{\"auth_type\":\"public\",\"use_discovery\":\"true\",\"requested_scopes\":\"launch/patient openid fhirUser offline_access patient/*.rs\",\"client_id\":\"SAMPLE_PUBLIC_CLIENT_ID\",\"pkce_support\":\"enabled\",\"pkce_code_challenge_method\":\"S256\",\"auth_request_method\":\"GET\"}"
     },
     {
-      "name": "ehr_client_id",
-      "type": "text",
-      "value": "SAMPLE_PUBLIC_CLIENT_ID"
+      "name": "ehr_smart_auth_info",
+      "type": "auth_info",
+      "value": "{\"auth_type\":\"public\",\"use_discovery\":\"true\",\"requested_scopes\":\"launch openid fhirUser offline_access user/*.rs\",\"client_id\":\"SAMPLE_PUBLIC_CLIENT_ID\",\"pkce_support\":\"enabled\",\"pkce_code_challenge_method\":\"S256\",\"auth_request_method\":\"GET\"}"
     },
     {
-      "name": "ehr_requested_scopes",
-      "type": "text",
-      "value": "launch openid fhirUser offline_access user/*.read"
-    },
-    {
-      "name": "ehr_client_secret",
-      "type": "text",
-      "optional": true,
-      "value": null
-    },
-    {
-      "name": "client_auth_encryption_method",
-      "value": "ES384",
-      "_title": "Encryption Method (Confidential Asymmetric Client Auth Only)",
-      "_type": "radio",
-      "_options": {
-        "list_options": [
-          {
-            "label": "ES384",
-            "value": "ES384"
-          },
-          {
-            "label": "RS384",
-            "value": "RS384"
-          }
-        ]
-      }
-    },
-    {
-      "name": "client_auth_type",
-      "value": "public",
-      "_title": "Client Authentication Method",
-      "_type": "radio",
-      "_options": {
-        "list_options": [
-          {
-            "label": "Public",
-            "value": "public"
-          },
-          {
-            "label": "Confidential Symmetric",
-            "value": "confidential_symmetric"
-          },
-          {
-            "label": "Confidential Asymmetric",
-            "value": "confidential_asymmetric"
-          }
-        ]
-      }
-    },
-    {
-      "name": "backend_services_client_id",
-      "type": "text",
-      "value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InJlZ2lzdHJhdGlvbi10b2tlbiJ9.eyJqd2tzX3VybCI6Imh0dHA6Ly8xMC4xNS4yNTIuNzMvaW5mZXJuby8ud2VsbC1rbm93bi9qd2tzLmpzb24iLCJhY2Nlc3NUb2tlbnNFeHBpcmVJbiI6MTUsImlhdCI6MTU5NzQxMzE5NX0.q4v4Msc74kN506KTZ0q_minyapJw0gwlT6M_uiL73S4"
+      "name": "backend_services_smart_auth_info",
+      "type": "auth_info",
+      "value": "{\"auth_type\":\"backend_services\",\"use_discovery\":\"true\",\"requested_scopes\":\"system/*.read\",\"client_id\":\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InJlZ2lzdHJhdGlvbi10b2tlbiJ9.eyJqd2tzX3VybCI6Imh0dHA6Ly8xMC4xNS4yNTIuNzMvaW5mZXJuby8ud2VsbC1rbm93bi9qd2tzLmpzb24iLCJhY2Nlc3NUb2tlbnNFeHBpcmVJbiI6MTUsImlhdCI6MTU5NzQxMzE5NX0.q4v4Msc74kN506KTZ0q_minyapJw0gwlT6M_uiL73S4\",\"encryption_algorithm\":\"ES384\"}"
     }
   ]
 }
diff --git a/config/presets/inferno_reference_server_stu2_preset.json b/config/presets/inferno_reference_server_stu2_preset.json
@@ -9,81 +9,19 @@
       "value": "https://inferno.healthit.gov/reference-server/r4"
     },
     {
-      "name": "standalone_client_id",
-      "type": "text",
-      "value": "SAMPLE_PUBLIC_CLIENT_ID"
-    },
-    {
-      "name": "standalone_requested_scopes",
-      "type": "text",
-      "value": "launch/patient openid fhirUser offline_access patient/*.read"
-    },
-    {
-      "name": "standalone_client_secret",
-      "type": "text",
-      "optional": true,
-      "value": null
+      "name": "standalone_smart_auth_info",
+      "type": "auth_info",
+      "value": "{\"auth_type\":\"public\",\"use_discovery\":\"true\",\"requested_scopes\":\"launch/patient openid fhirUser offline_access patient/*.rs\",\"client_id\":\"SAMPLE_PUBLIC_CLIENT_ID\",\"pkce_support\":\"enabled\",\"pkce_code_challenge_method\":\"S256\",\"auth_request_method\":\"GET\"}"
     },
     {
-      "name": "ehr_client_id",
-      "type": "text",
-      "value": "SAMPLE_PUBLIC_CLIENT_ID"
+      "name": "ehr_smart_auth_info",
+      "type": "auth_info",
+      "value": "{\"auth_type\":\"public\",\"use_discovery\":\"true\",\"requested_scopes\":\"launch openid fhirUser offline_access user/*.rs\",\"client_id\":\"SAMPLE_PUBLIC_CLIENT_ID\",\"pkce_support\":\"enabled\",\"pkce_code_challenge_method\":\"S256\",\"auth_request_method\":\"GET\"}"
     },
     {
-      "name": "ehr_requested_scopes",
-      "type": "text",
-      "value": "launch openid fhirUser offline_access user/*.read"
-    },
-    {
-      "name": "ehr_client_secret",
-      "type": "text",
-      "optional": true,
-      "value": null
-    },
-    {
-      "name": "client_auth_encryption_method",
-      "value": "ES384",
-      "_title": "Encryption Method (Confidential Asymmetric Client Auth Only)",
-      "_type": "radio",
-      "_options": {
-        "list_options": [
-          {
-            "label": "ES384",
-            "value": "ES384"
-          },
-          {
-            "label": "RS384",
-            "value": "RS384"
-          }
-        ]
-      }
-    },
-    {
-      "name": "client_auth_type",
-      "value": "public",
-      "_title": "Client Authentication Method",
-      "_type": "radio",
-      "_options": {
-        "list_options": [
-          {
-            "label": "Public",
-            "value": "public"
-          },
-          {
-            "label": "Confidential Symmetric",
-            "value": "confidential_symmetric"
-          },
-          {
-            "label": "Confidential Asymmetric",
-            "value": "confidential_asymmetric"
-          }
-        ]
-      }
-    },
-    {
-      "name": "backend_services_client_id",
-      "type": "text",
-      "value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InJlZ2lzdHJhdGlvbi10b2tlbiJ9.eyJqd2tzX3VybCI6Imh0dHA6Ly8xMC4xNS4yNTIuNzMvaW5mZXJuby8ud2VsbC1rbm93bi9qd2tzLmpzb24iLCJhY2Nlc3NUb2tlbnNFeHBpcmVJbiI6MTUsImlhdCI6MTU5NzQxMzE5NX0.q4v4Msc74kN506KTZ0q_minyapJw0gwlT6M_uiL73S4"
+      "name": "backend_services_smart_auth_info",
+      "type": "auth_info",
+      "value": "{\"auth_type\":\"backend_services\",\"use_discovery\":\"true\",\"requested_scopes\":\"system/*.read\",\"client_id\":\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InJlZ2lzdHJhdGlvbi10b2tlbiJ9.eyJqd2tzX3VybCI6Imh0dHA6Ly8xMC4xNS4yNTIuNzMvaW5mZXJuby8ud2VsbC1rbm93bi9qd2tzLmpzb24iLCJhY2Nlc3NUb2tlbnNFeHBpcmVJbiI6MTUsImlhdCI6MTU5NzQxMzE5NX0.q4v4Msc74kN506KTZ0q_minyapJw0gwlT6M_uiL73S4\",\"encryption_algorithm\":\"ES384\"}"
     }
   ]
 }
diff --git a/lib/smart_app_launch/app_redirect_test.rb b/lib/smart_app_launch/app_redirect_test.rb
@@ -9,41 +9,8 @@ class AppRedirectTest < Inferno::Test
     )
     id :smart_app_redirect
 
-    input :client_id, :requested_scopes, :url, :smart_authorization_url
-    input :use_pkce,
-          title: 'Proof Key for Code Exchange (PKCE)',
-          type: 'radio',
-          default: 'false',
-          options: {
-            list_options: [
-              {
-                label: 'Enabled',
-                value: 'true'
-              },
-              {
-                label: 'Disabled',
-                value: 'false'
-              }
-            ]
-          }
-    input :pkce_code_challenge_method,
-          optional: true,
-          title: 'PKCE Code Challenge Method',
-          type: 'radio',
-          default: 'S256',
-          options: {
-            list_options: [
-              {
-                label: 'S256',
-                value: 'S256'
-              },
-              {
-                label: 'plain',
-                value: 'plain'
-              }
-            ]
-          }
-
+    input :url
+    input :smart_auth_info, type: :auth_info, options: { mode: 'auth' }
     output :state, :pkce_code_challenge, :pkce_code_verifier
     receives_request :redirect
 
@@ -85,17 +52,17 @@ def authorization_url_builder(url, params)
 
     run do
       assert_valid_http_uri(
-        smart_authorization_url,
-        "OAuth2 Authorization Endpoint '#{smart_authorization_url}' is not a valid URI"
+        smart_auth_info.auth_url,
+        "OAuth2 Authorization Endpoint '#{smart_auth_info.auth_url}' is not a valid URI"
       )
 
       output state: SecureRandom.uuid
 
       oauth2_params = {
         'response_type' => 'code',
-        'client_id' => client_id,
+        'client_id' => smart_auth_info.client_id,
         'redirect_uri' => config.options[:redirect_uri],
-        'scope' => requested_scopes,
+        'scope' => smart_auth_info.requested_scopes,
         'state' => state,
         'aud' => aud
       }
@@ -106,23 +73,24 @@ def authorization_url_builder(url, params)
         oauth2_params['launch'] = launch
       end
 
-      if use_pkce == 'true'
+      if smart_auth_info.pkce_support == 'enabled'
         # code verifier must be between 43 and 128 characters
-        code_verifier = SecureRandom.uuid + '-' + SecureRandom.uuid
+        code_verifier = "#{SecureRandom.uuid}-#{SecureRandom.uuid}"
         code_challenge =
-          if pkce_code_challenge_method == 'S256'
+          if smart_auth_info.pkce_code_challenge_method == 'S256'
             self.class.calculate_s256_challenge(code_verifier)
           else
             code_verifier
           end
 
         output pkce_code_verifier: code_verifier, pkce_code_challenge: code_challenge
 
-        oauth2_params.merge!('code_challenge' => code_challenge, 'code_challenge_method' => pkce_code_challenge_method)
+        oauth2_params.merge!('code_challenge' => code_challenge,
+                             'code_challenge_method' => smart_auth_info.pkce_code_challenge_method)
       end
 
       authorization_url = authorization_url_builder(
-        smart_authorization_url,
+        smart_auth_info.auth_url,
         oauth2_params
       )