Pass Inferno Visual Inspection and Attestation
This guide explains how to pass the Inferno Visual Inspection and Attestation sequence
Last updated
Was this helpful?
This guide explains how to pass the Inferno Visual Inspection and Attestation sequence
Last updated
Was this helpful?
Provided by certification buddy Tests steps require demonstrating the process of application registration for single patients. You should switch to the Yes option.
Provided by certification buddy Tests steps require demonstrating the process of application registration for multiple patients. You should switch to the Yes option.
During the test sessions, Smartbox shows users the Consent screen. The Consent screen is the graphical user interface.
During the test sessions, Smartbox shows users the Consent screen. There is the Offline access option on the Consent screen.
Default refresh_token lifespan is unlimited.
Smartbox allowed to fetch Patient resource with the access_token it issued.
Switch to the Yes option. If something is lost, the tester says it.
To demonstrate that behavior
Add a Client with narrow pre-authorized scope
Launch the Multi-Patient Authorization and API sequence with wide scope
Mind the scope property. It holds the system/Patient.read value only. Access to the other resources is forbidden.
Start new Inferno session (it's important)
Switch to the Multi-Patient Authorization and API sequence
Press the Run tests button
Set up the test:
Bulk Data FHIR URL: [aidbox-url]/tenant/my-clinic/bulk-api
Backend Services Token Endpoint: [aidbox-url]/auth/token
Bulk Data Client ID: inferno-my-clinic-bulk-client
Bulk Data Scopes: system/Patient.read
Encryption method: RS384
Group ID: test-group-1
Patient IDs in exported Group: test-pt-1,test-pt-2
Press the Submit button
You should receive a lot of errors as Smartbox doesn't issue the access token.
Smartbox has a documentation page. The address of the page is https://example.com/documentation
It is an attestation. You should state Smartbox (Aidbox) caches JWK sets it receives during the token validations. Cached JWK lives for 5 minutes then it is deleted.
To demonstrate supporting of the Suffix
Open the result of the 1.7.02 Access to Patient resources granted test case
Press the Details button
Scroll down to the name array of the fetched Patient resource
See the Suffix property inside one name element
To demonstrate supporting of the Previous Name
Open the result of the 1.7.02 Access to Patient resources granted test case
Press the Details button
Scroll down to the name property of the fetched Patient resource
There are two items in the name array
First name has period.end property. It means that name is the previous one
Second name has no period.end property. That name is current one
Native applications can register custom URL schemas. Instead of the usual http://, the prefix the URL of the native application can start with anything else. For example, my-awesome-smart-app:// is a legal custom URL schema.
In terms of SMART App launch supporting native applications stands for allowing custom schemas in the redirect_uri property.
To demonstrate native applications support
It is a good idea to perform this flow in the Incognito mode (Chrome) or Private Window (Firefox)
Register an application with a custom URL schema
Build the authorization request URL
Open the URL in the browser
Authenticate in the Smartbox (enter login and password)
Authorize the launch (allow on the Consent screen)
Receive the code from Smartbox
Get Postman collection installed
Exchange the code to the access_token and refresh_token
Use access_token to fetch resources from Smartbox
Use refresh_token to get a new access_token
Use updated access_token to fetch resources from Smartbox
The link should look like this https://example.com/tenant/my-clinic/patient/auth/authorize?client_id=for-refresh-token&scope=launch/patient%20patient/Patient.read%20patient/Condition.read%20offline_access&state=my-state&response_type=code&redirect_uri=custom://redirect&aud=https://example.com/tenant/my-clinic/patient/smart-api
Instead of https://example.com use your Smartbox base url.
In your web browser:
Open a new private tab in the browser
Open developer console to be able to see all the http requests the browser does
Put the link to the URL bar and press enter
Still on the browser enter your pateint login and password credentials
Still on the browser press the Allow button
After press the Allow button Smartbox redirects user back to the Consent screen.
In the list of the https requests find the latest one GET request with the code 302. The location header should start with the custom://redirect? string.
Fetch the code parameter from the location. Mind there are other parameters in that link. You do not need them.
Open Postman
Update the host variable with your Smartbox base url
In the Postman
Open Exchange code for access_token request
Put the code to the code parameter
Press the Send button
The result of the request is a JSON-object containing access_token and refresh_token properties.
Smartbox allows to exchange code to token in no more than 5 minutes after the code was issued
Still in postman:
Open the Get Patient Resource request
Copy the access_token to the token input
Press the Send button
The result of the request is a JSON-object of the Patient resource. Access token works.
Still in postman:
Open the Refresh access token request
Copy the refresh_token to the refresh_token parameter
Press the Send button
The result of the request is a JSON-object containing the access_token.
Still in postman:
Open the Get Patient Resource request
Copy the freshly issued access_token to the token input
Press the Send button
The result of the request is the JSON-object of the Patient resource. Updated access_token works
Smartbox generates the list of the base URLs. The address of the list is https://example.com/service-base-urls
That behavior is not related to the Smartbox settings. Setting the TLS versions and enforcement to the wanted versions is out of the Smartbox setup scope
It is an attestation. You should state Smartbox is capable of issuing refresh tokens valid for a new period of no shorter than three months.
To reduce the refresh_token lifespan use
Follow the guide of the guide till the end
Import the