smart-on-fhir / bdt Goto Github PK
View Code? Open in Web Editor NEWBulk Data Test Suite and Test Runner
License: Other
Bulk Data Test Suite and Test Runner
License: Other
Per https://datatracker.ietf.org/doc/html/rfc6750#section-2.1, the Bearer token is expected to be capitalized Bearer.
b64token = 1*( ALPHA / DIGIT /
"-" / "." / "_" / "~" / "+" / "/" ) *"="
credentials = "Bearer" 1*SP b64token
Verify that this is the case in all requests sent by the built-in bulk data client.
This is regarding test Auth-14 - Supports wildcard action scopes
.
The test could be modified to request system/*.read
instead of system/Patient.*
. That would make the test itself correct enough, but in my opinion it is better to remove the test altogether. Turns out a server might reject system/*.read
without violating any spec, so we just cannot test for this reliably.
Test Auth-01 - Requires authorization header
verifies that the server replies with an error if authorization
header is not sent. However, it also expects that the server will reply with an error as an OperationOutcome
.
The OperationOutcome
part should be optional though. If the server replies with JSON, then the payload must be an OperationOutcome. Otherwise, the server should also be able to respond with text or even an empty body (as long as it sends an error HTTP status code).
According to the spec:
A client MAY repeat kick-off parameters that accept comma delimited values multiple times in a kick-off request. The server SHALL treat the values provided as if they were comma delimited values within a single instance of the parameter.
Currently this is done via special check that decorates the test as not supported, but tat forces the tests to use various if
, else
or return
statements. Instead, it should be done by throwing a dedicated type of Error which is later caught and handled appropriately.
The prefer header used to be set as ["respond-async", "handling=lenient"]
which is internally converted to comma-separated list. Should switch to a string, which is safer and library-independent.
The current architecture uses a single instance, which works fine in CLI but is very inconvenient if BDT needs to be used on the server side where multiple clients could use it at the same time.
Hi Vladimir. I was looking at the part of BDT that checks the capabilities statement for security
specifically https://github.com/smart-on-fhir/bdt/blob/master/testSuite/metadata.test.js
line 70-100
I think there might be an error here
when I run BDT on my server, I get: Includes the token endpoint in the CapabilityStatement
! Unable to find security extensions at "https://sandbox.bcda.cms.gov/api/v1/metadata"
rest.security does not have an extensions object in r4
https://www.hl7.org/fhir/capabilitystatement-definitions.html#CapabilityStatement.rest.security
in fact it hasn't since stu2.
the metadata test should be changed to address the r4 spec for Capability Stmt.
According to Mozilla the user-agent should have the following structure:
User-Agent: <product> / <product-version> <comment>
It currently is BDT (https://github.com/smart-on-fhir/bdt)
and should be modified to match the spec. The "product-version" can be extracted from the package.json
file.
While using the latest bdt, I got an warning for test 0.3.0
{
"type": "testEnd",
"data": {
"id": "Auth-02",
"name": "Requires \"application/x-www-form-urlencoded\" POSTs",
"description": "After generating an authentication JWT, the client requests a new access token via HTTP POST to the FHIR authorization server's token endpoint URL, using content-type `application/x-www-form-urlencoded`.",
"type": "test",
"path": "0.3.0",
"startedAt": 1597949641886,
"status": "not-supported",
"decorations": {},
"warnings": [
"This test is only applicable for servers that support SMART Backend Services authorization"
],
"error": null,
"endedAt": 1597949641886
}
}
Here is settings for bdt runner
{
"baseURL": "https://bulk-data.smarthealthit.org/eyJlcnIiOiIiLCJwYWdlIjoxMDAwMCwiZHVyIjoxMCwidGx0IjoxNSwibSI6MSwic3R1IjozfQ/fhir",
"tokenEndpoint": "https://bulk-data.smarthealthit.org/auth/token",
"clientId": "...",
"systemExportEndpoint": "",
"patientExportEndpoint": "/Patient/$export",
"groupExportEndpoint": "",
"fastestResource": "",
"requiresAuth": false,
"sinceParam": "_since",
"jwksUrlAuth": true,
"jwksAuth": true,
"jwksUrl": "",
"strictSSL": false,
"publicKey": {...},
"privateKey": {... }
}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.