Class: Inferno::DSL::AuthInfo

Inherits:
Object
  • Object
show all
Defined in:
lib/inferno/dsl/auth_info.rb

Overview

AuthInfo provides a user with a single input which contains the information needed for a FHIR client to perform authorization and refresh an access token when necessary.

AuthInfo supports the following auth_type:

  • public - Client id only
  • symmetric - Confidential symmetric (i.e., with a static client id and secret)
  • asymmetric - Confidential asymmetric (i.e., a client id with a signed JWT rather than a client secret)
  • backend_services

When configuring an AuthInfo input, the invdidual fields are exposed as components in the input’s options, and can be configured there similar to normal inputs.

The AuthInfo input type supports two different modes in the UI. Different fields will be presented to the user depending on which mode is selected:

  • auth - This presents the inputs needed to perform authorization, and is appropriate to use as an input to test groups which perform authorization.
  • access - This presents the inputs needed to access resources assuming that authorization has already happened, and is appropriate to use as an input to test groups which access resources using previously granted authorization.

Examples:

class AuthInfoExampleSuite < Inferno::TestSuite
  input :url,
        title: 'Base FHIR url'

  group do
    title 'Perform public authorization'
    input :fhir_auth,
          type: :auth_info,
          options: {
            mode: 'auth',
            components: [
              {
                name: :auth_type,
                default: 'public',
                locked: true
              }
            ]
          }

    # Some tests here to perform authorization
  end

  group do
    title 'FHIR API Tests'
    input :fhir_auth,
          type: :auth_info,
          options: {
            mode: 'access'
          }

    fhir_client do
      url :url
      auth_info :fhir_auth
    end

    # Some tests here to access FHIR API
  end
end

Constant Summary collapse

ATTRIBUTES = 
[
  :auth_type,
  :use_discovery,
  :token_url,
  :auth_url,
  :requested_scopes,
  :client_id,
  :client_secret,
  :redirect_url, # TODO: does this belong here?
  :pkce_support,
  :pkce_code_challenge_method,
  :auth_request_method,
  :encryption_algorithm,
  :kid,
  :jwks,
  :access_token,
  :refresh_token,
  :issue_time,
  :expires_in,
  :name
].freeze

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#access_tokenObject 




# File 'lib/inferno/dsl/auth_info.rb', line 100

#auth_request_methodObject

The http method which will be used to perform the request to the authorization endpoint. Either get (default) or post




# File 'lib/inferno/dsl/auth_info.rb', line 100

#auth_typeObject

The type of authorization to be performed. One of public, symmetric, asymmetric, or backend_services




# File 'lib/inferno/dsl/auth_info.rb', line 100

#auth_urlObject

The url of the authorization endpoint




# File 'lib/inferno/dsl/auth_info.rb', line 100

#clientObject

Returns the value of attribute client.



98
99
100
 
# File 'lib/inferno/dsl/auth_info.rb', line 98

def client
  @client
end

#client_idObject 




# File 'lib/inferno/dsl/auth_info.rb', line 100

#client_secretObject 




# File 'lib/inferno/dsl/auth_info.rb', line 100

#encryption_algorithmObject

The encryption algorithm which will be used to sign the JWT client credentials. Either es384 (default) or rs384




# File 'lib/inferno/dsl/auth_info.rb', line 100

#expires_inObject

The lifetime of the access token in seconds




# File 'lib/inferno/dsl/auth_info.rb', line 100

#issue_timeObject

An iso8601 formatted string representing the time the access token was issued




# File 'lib/inferno/dsl/auth_info.rb', line 100

#jwksObject

A JWKS (including private keys) which will be used instead of Inferno’s default JWKS if provided




# File 'lib/inferno/dsl/auth_info.rb', line 100

#kidObject

The key id for the keys to be used to sign the JWT client credentials. When blank, the first key for the selected encryption algorithm will be used




# File 'lib/inferno/dsl/auth_info.rb', line 100

#nameObject 




# File 'lib/inferno/dsl/auth_info.rb', line 100

#pkce_code_challenge_methodObject

Either S256 (default) or plain




# File 'lib/inferno/dsl/auth_info.rb', line 100

#pkce_supportObject

Whether PKCE will be used during authorization. Either enabled or disabled.




# File 'lib/inferno/dsl/auth_info.rb', line 100

#redirect_urlObject 




# File 'lib/inferno/dsl/auth_info.rb', line 100

#refresh_tokenObject 




# File 'lib/inferno/dsl/auth_info.rb', line 100

#requested_scopesObject

The scopes which will be requested during authorization




# File 'lib/inferno/dsl/auth_info.rb', line 100

#token_urlObject

The url of the auth server’s token endpoint




# File 'lib/inferno/dsl/auth_info.rb', line 100

Class Method Details

.default_auth_type_componentHash

Returns the default configuration for the “auth_type” component

Returns:

  • (Hash) 


318
319
320
321
322
323
324
325
326
327
328
329
330
 
# File 'lib/inferno/dsl/auth_info.rb', line 318

def self.default_auth_type_component
  {
    name: :auth_type,
    options: {
      list_options: [
        { label: 'Public', value: 'public' },
        { label: 'Confidential Symmetric', value: 'symmetric' },
        { label: 'Confidential Asymmetric', value: 'asymmetric' },
        { label: 'Backend Services', value: 'backend_services' }
      ]
    }
  }
end

.default_auth_type_component_without_backend_servicesHash

Returns the default configuration for the “auth_type” component without the option for backend services auth

Returns:

  • (Hash) 


335
336
337
338
339
340
341
342
343
344
345
346
 
# File 'lib/inferno/dsl/auth_info.rb', line 335

def self.default_auth_type_component_without_backend_services
  {
    name: :auth_type,
    options: {
      list_options: [
        { label: 'Public', value: 'public' },
        { label: 'Confidential Symmetric', value: 'symmetric' },
        { label: 'Confidential Asymmetric', value: 'asymmetric' }
      ]
    }
  }
end

Instance Method Details

#asymmetric_auth?Boolean

Returns true when using confidential asymmetric auth

Returns:

  • (Boolean) 


362
363
364
 
# File 'lib/inferno/dsl/auth_info.rb', line 362

def asymmetric_auth?
  auth_type&.casecmp? 'asymmetric'
end

#backend_services_auth?Boolean

Returns true when using backend services auth

Returns:

  • (Boolean) 


368
369
370
 
# File 'lib/inferno/dsl/auth_info.rb', line 368

def backend_services_auth?
  auth_type&.casecmp? 'backend_services'
end

#get_auth_request?Boolean

Returns true when using GET as the authorization request method

Returns:

  • (Boolean) 


374
375
376
 
# File 'lib/inferno/dsl/auth_info.rb', line 374

def get_auth_request?
  auth_request_method&.casecmp? 'get'
end

#pkce_enabled?Boolean

Returns true when pkce is enabled

Returns:

  • (Boolean) 


386
387
388
 
# File 'lib/inferno/dsl/auth_info.rb', line 386

def pkce_enabled?
  pkce_support&.casecmp? 'enabled'
end

#plain_code_challenge_method?Boolean

Returns true when using the palin pkce code challenge method

Returns:

  • (Boolean) 


398
399
400
 
# File 'lib/inferno/dsl/auth_info.rb', line 398

def plain_code_challenge_method?
  pkce_code_challenge_method&.casecmp? 'plain'
end

#post_auth_request?Boolean

Returns true when using POST as the authorization request method

Returns:

  • (Boolean) 


380
381
382
 
# File 'lib/inferno/dsl/auth_info.rb', line 380

def post_auth_request?
  auth_request_method&.casecmp? 'post'
end

#public_auth?Boolean

Returns true when using public auth

Returns:

  • (Boolean) 


350
351
352
 
# File 'lib/inferno/dsl/auth_info.rb', line 350

def public_auth?
  auth_type&.casecmp? 'public'
end

#s256_code_challenge_method?Boolean

Returns true when using the S256 pkce code challenge method

Returns:

  • (Boolean) 


392
393
394
 
# File 'lib/inferno/dsl/auth_info.rb', line 392

def s256_code_challenge_method?
  pkce_code_challenge_method&.casecmp? 'S256'
end

#symmetric_auth?Boolean

Returns true when using confidential symmetric auth

Returns:

  • (Boolean) 


356
357
358
 
# File 'lib/inferno/dsl/auth_info.rb', line 356

def symmetric_auth?
  auth_type&.casecmp? 'symmetric'
end