Class: Inferno::DSL::AuthInfo

Inherits:
Object
  • Object
show all
Defined in:
lib/inferno/dsl/auth_info.rb

Overview

AuthInfo provides a user with a single input which contains the information needed for a FHIR client to perform authorization and refresh an access token when necessary.

AuthInfo supports the following auth_type:

  • public - Client id only
  • symmetric - Confidential symmetric (i.e., with a static client id and secret)
  • asymmetric - Confidential asymmetric (i.e., a client id with a signed JWT rather than a client secret)
  • backend_services

When configuring an AuthInfo input, the invdidual fields are exposed as components in the input’s options, and can be configured there similar to normal inputs.

The AuthInfo input type supports two different modes in the UI. Different fields will be presented to the user depending on which mode is selected:

  • auth - This presents the inputs needed to perform authorization, and is appropriate to use as an input to test groups which perform authorization.
  • access - This presents the inputs needed to access resources assuming that authorization has already happened, and is appropriate to use as an input to test groups which access resources using previously granted authorization.

Examples:

class AuthInfoExampleSuite < Inferno::TestSuite
  input :url,
        title: 'Base FHIR url'

  group do
    title 'Perform public authorization'
    input :fhir_auth,
          type: :auth_info,
          options: {
            mode: 'auth',
            components: [
              {
                name: :auth_type,
                default: 'public',
                locked: true
              }
            ]
          }

    # Some tests here to perform authorization
  end

  group do
    title 'FHIR API Tests'
    input :fhir_auth,
          type: :auth_info,
          options: {
            mode: 'access'
          }

    fhir_client do
      url :url
      auth_info :fhir_auth
    end

    # Some tests here to access FHIR API
  end
end

Constant Summary collapse

ATTRIBUTES = 
[
  :auth_type,
  :use_discovery,
  :token_url,
  :auth_url,
  :requested_scopes,
  :client_id,
  :client_secret,
  :redirect_url, # TODO: does this belong here?
  :pkce_support,
  :pkce_code_challenge_method,
  :auth_request_method,
  :encryption_algorithm,
  :kid,
  :jwks,
  :access_token,
  :refresh_token,
  :issue_time,
  :expires_in,
  :name
].freeze

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#access_tokenObject 




# File 'lib/inferno/dsl/auth_info.rb', line 100

#auth_request_methodObject

The http method which will be used to perform the request to the authorization endpoint. Either get (default) or post




# File 'lib/inferno/dsl/auth_info.rb', line 100

#auth_typeObject

The type of authorization to be performed. One of public, symmetric, asymmetric, or backend_services




# File 'lib/inferno/dsl/auth_info.rb', line 100

#auth_urlObject

The url of the authorization endpoint




# File 'lib/inferno/dsl/auth_info.rb', line 100

#clientObject

Returns the value of attribute client.



98
99
100
 
# File 'lib/inferno/dsl/auth_info.rb', line 98

def client
  @client
end

#client_idObject 




# File 'lib/inferno/dsl/auth_info.rb', line 100

#client_secretObject 




# File 'lib/inferno/dsl/auth_info.rb', line 100

#encryption_algorithmObject

The encryption algorithm which will be used to sign the JWT client credentials. Either es384 (default) or rs384




# File 'lib/inferno/dsl/auth_info.rb', line 100

#expires_inObject

The lifetime of the access token in seconds




# File 'lib/inferno/dsl/auth_info.rb', line 100

#issue_timeObject

An iso8601 formatted string representing the time the access token was issued




# File 'lib/inferno/dsl/auth_info.rb', line 100

#jwksObject

A JWKS (including private keys) which will be used instead of Inferno’s default JWKS if provided




# File 'lib/inferno/dsl/auth_info.rb', line 100

#kidObject

The key id for the keys to be used to sign the JWT client credentials. When blank, the first key for the selected encryption algorithm will be used




# File 'lib/inferno/dsl/auth_info.rb', line 100

#nameObject 




# File 'lib/inferno/dsl/auth_info.rb', line 100

#pkce_code_challenge_methodObject

Either S256 (default) or plain




# File 'lib/inferno/dsl/auth_info.rb', line 100

#pkce_supportObject

Whether PKCE will be used during authorization. Either enabled or disabled.




# File 'lib/inferno/dsl/auth_info.rb', line 100

#redirect_urlObject 




# File 'lib/inferno/dsl/auth_info.rb', line 100

#refresh_tokenObject 




# File 'lib/inferno/dsl/auth_info.rb', line 100

#requested_scopesObject

The scopes which will be requested during authorization




# File 'lib/inferno/dsl/auth_info.rb', line 100

#token_urlObject

The url of the auth server’s token endpoint




# File 'lib/inferno/dsl/auth_info.rb', line 100

Class Method Details

.default_auth_type_componentHash

Returns the default configuration for the “auth_type” component

Returns:

  • (Hash) 


316
317
318
319
320
321
322
323
324
325
326
327
328
 
# File 'lib/inferno/dsl/auth_info.rb', line 316

def self.default_auth_type_component
  {
    name: :auth_type,
    options: {
      list_options: [
        { label: 'Public', value: 'public' },
        { label: 'Confidential Symmetric', value: 'symmetric' },
        { label: 'Confidential Asymmetric', value: 'asymmetric' },
        { label: 'Backend Services', value: 'backend_services' }
      ]
    }
  }
end

.default_auth_type_component_without_backend_servicesHash

Returns the default configuration for the “auth_type” component without the option for backend services auth

Returns:

  • (Hash) 


333
334
335
336
337
338
339
340
341
342
343
344
 
# File 'lib/inferno/dsl/auth_info.rb', line 333

def self.default_auth_type_component_without_backend_services
  {
    name: :auth_type,
    options: {
      list_options: [
        { label: 'Public', value: 'public' },
        { label: 'Confidential Symmetric', value: 'symmetric' },
        { label: 'Confidential Asymmetric', value: 'asymmetric' }
      ]
    }
  }
end

Instance Method Details

#asymmetric_auth?Boolean

Returns true when using confidential asymmetric auth

Returns:

  • (Boolean) 


360
361
362
 
# File 'lib/inferno/dsl/auth_info.rb', line 360

def asymmetric_auth?
  auth_type&.casecmp? 'asymmetric'
end

#backend_services_auth?Boolean

Returns true when using backend services auth

Returns:

  • (Boolean) 


366
367
368
 
# File 'lib/inferno/dsl/auth_info.rb', line 366

def backend_services_auth?
  auth_type&.casecmp? 'backend_services'
end

#get_auth_request?Boolean

Returns true when using GET as the authorization request method

Returns:

  • (Boolean) 


372
373
374
 
# File 'lib/inferno/dsl/auth_info.rb', line 372

def get_auth_request?
  auth_request_method&.casecmp? 'get'
end

#pkce_enabled?Boolean

Returns true when pkce is enabled

Returns:

  • (Boolean) 


384
385
386
 
# File 'lib/inferno/dsl/auth_info.rb', line 384

def pkce_enabled?
  pkce_support&.casecmp? 'enabled'
end

#plain_code_challenge_method?Boolean

Returns true when using the palin pkce code challenge method

Returns:

  • (Boolean) 


396
397
398
 
# File 'lib/inferno/dsl/auth_info.rb', line 396

def plain_code_challenge_method?
  pkce_code_challenge_method&.casecmp? 'plain'
end

#post_auth_request?Boolean

Returns true when using POST as the authorization request method

Returns:

  • (Boolean) 


378
379
380
 
# File 'lib/inferno/dsl/auth_info.rb', line 378

def post_auth_request?
  auth_request_method&.casecmp? 'post'
end

#public_auth?Boolean

Returns true when using public auth

Returns:

  • (Boolean) 


348
349
350
 
# File 'lib/inferno/dsl/auth_info.rb', line 348

def public_auth?
  auth_type&.casecmp? 'public'
end

#s256_code_challenge_method?Boolean

Returns true when using the S256 pkce code challenge method

Returns:

  • (Boolean) 


390
391
392
 
# File 'lib/inferno/dsl/auth_info.rb', line 390

def s256_code_challenge_method?
  pkce_code_challenge_method&.casecmp? 'S256'
end

#symmetric_auth?Boolean

Returns true when using confidential symmetric auth

Returns:

  • (Boolean) 


354
355
356
 
# File 'lib/inferno/dsl/auth_info.rb', line 354

def symmetric_auth?
  auth_type&.casecmp? 'symmetric'
end