Run Aidbox locally Run Aidbox in Sandbox Talk to us Ask community

Pass Inferno tests with Smartbox

This article will guide you through passing ONC Certification (g)(10) Standardized API on Inferno framework.

PreviousHow-to guides NextPerform EHR launch

Last updated 2 years ago

Was this helpful?

#2416:

Change request updated 2 years ago

Pass Inferno tests with Smartbox

This article will guide you through passing ONC Certification (g)(10) Standardized API on Inferno framework.

The article has be reviewed for next Inferno framework v0.3.12 and test suite

ONC Certification (g)(10) Standardized API v3.2.0
US Core 3.1.1 / USCDI v1, SMART App Launch 1.0.0, Bulk Data 1.0.1

Prerequisites

Once you have your Smartbox instance you need to register a FHIR server by creating Tenant resource and upload necessary resources for Inferno.

Patient record with all USCDIv1 data elements in us-core format,
User resource, associated with the patient record
Client resource for smart launch flows
Client resource for bulk api

Create Tenant

PUT /Tenant/my-clinic
Content-Type: text/yaml

name: My Clinic

Patient record

Demo patient record with all USCDI elements for Inferno test is available on Google Storage and maintained by Health Samurai team. You can upload with /$load endpoint:

POST /$load
Content-Type: text/yaml

source: 'https://storage.googleapis.com/aidbox-public/smartbox/rows.ndjson.gz'
merge:
  meta:
    tenant:
      id: my-clinic
      resourceType: Tenant

It contains at least two patients test-pt-1 and test-pt-2. Second patient will be required for Multi-Patient API test.

Let's created then User resource for test-pt-1:

POST /User
Content-Type: text/yaml

email: example@mail.com
name:
  givenName: Amy
  familyName: Shaw
active: true
fhirUser:
  id: test-pt-1
  resourceType: Patient
roles:
- type: patient
password: password
meta:
  tenant:
    id: my-clinic
    resourceType: Tenant

Now you can login to My Clinic patient portal with example@mail.com / password.

Client resources

inferno-confidential-patient-smart-app

PUT /Client/inferno-confidential-patient-smart-app
Content-Type: text/yaml

type: patient-facing-smart-app
active: true
secret: inferno-confidential-patient-smart-app-secret
grant_types:
- authorization_code
auth:
  authorization_code:
    pkce: false
    redirect_uri: 'https://inferno.healthit.gov/suites/custom/smart/redirect'
    refresh_token: true
    secret_required: true
    access_token_expiration: 300
smart:
  launch_uri: 'https://inferno.healthit.gov/suites/custom/smart/launch'

inferno-my-clinic-bulk-client

PUT /Client/inferno-my-clinic-bulk-client
Content-Type: text/yaml

type: bulk-api-client
active: true
auth:
  client_credentials:
    client_assertion_types: ['urn:ietf:params:oauth:client-assertion-type:jwt-bearer']
    access_token_expiration: 300
scope: [system/*.read]
jwks_uri: https://inferno.healthit.gov/suites/custom/g10_certification/.well-known/jwks.json
grant_types:
- client_credentials
meta:
  tenant:
    id: my-clinic
    resourceType: Tenant

inferno-public-patient-smart-app

PUT /Client/inferno-public-patient-smart-app
Content-Type: text/yaml

type: patient-facing-smart-app
active: true
grant_types:
- authorization_code
auth:
  authorization_code:
    pkce: false
    redirect_uri: 'https://inferno.healthit.gov/suites/custom/smart/redirect'
    refresh_token: true
    secret_required: false
    access_token_expiration: 300
smart:
  launch_uri: 'https://inferno.healthit.gov/suites/custom/smart/launch'

Create Inferno test session

Run all Inferno tests

Press the Run all tests button then provide require parameters for the tests:

FHIR Endpoint: [aidbox-url]/tenant/my-clinic/patient/smart-api
Standalone Client ID: inferno-confidential-patient-smart-app
Standalone Client Secret: inferno-confidential-patient-smart-app-secret
EHR Launch Client ID: inferno-confidential-patient-smart-app
EHR Launch Client Secret: inferno-confidential-patient-smart-app-secret
Bulk Data FHIR URL: [aidbox-url]/tenant/my-clinic/bulk-api
Backend Services Token Endpoint: [aidbox-url]/auth/token
Bulk Data Client ID: inferno-my-clinic-bulk-client
Encryption method RS384
Group ID: test-group-1
Patient IDs in exported Group: test-pt-1,test-pt-2
Public Launch Client ID: inferno-public-patient-smart-app
EHR Launch Client ID: inferno-confidential-patient-smart-app
EHR Launch Client Secret: inferno-confidential-patient-smart-app-secret

Once you run all tests, follow Inferno instructions.

Run Inferno tests one by one

1 Standalone Patient App - Full Access

Click the Standalone Patient App link in the left sidebar
Click the Run tests button
Provide require parameters for tests
- FHIR Endpoint: [aidbox-url]/tenant/my-clinic/patient/smart-api
- Standalone Client ID: inferno-confidential-patient-smart-app
- Standalone Client Secret: inferno-confidential-patient-smart-app-secret
Click the Submit button

Once you run tests, follow the Inferno instructions.

2 Standalone Patient App - Limited Access

This test depends on the Standalone Patient App test. Pass the first sequence then continue that one

Click the 2 Limited Access App link in the left sidebar
Click the Run tests button
Click the Submit button

Once you run tests, follow the Inferno instructions.

By default the test expects to not get accees to all the resources but Patient, Condition, Observation.

To pass the test you should:

Uncheck all the resources but those ones on the Consent screen
Keep following checkboxes checked Launch Patient, Open ID, FHIR User and Offline Access

3 EHR Practitioner App

Click the EHR Practitioner App link in the left sidebar
Click the Run tests button
Provide require parameters for tests
- FHIR Endpoint: [aidbox-url]/tenant/my-clinic/patient/smart-api
- EHR Launch Client ID: inferno-confidential-patient-smart-app
- EHR Launch Client Secret: inferno-confidential-patient-smart-app-secret
Click the Submit button
Open the patient portal UI [aidbox-url]/tenant/my-clinic/patient/portal
Login to the portal using credentials we created before example@mail.com / password
Find the inferno-confidential-patient-smart-app application
Click the Launch button

Once you perform EHR launch, follow the Inferno instructions.

4 Single Patient API

This test depends on the Standalone Patient App test. Pass the first sequence then continue that one

Click the 4 Single Patient API link in the left sidebar
Click the Run tests button
Click the Submit button

Once you run tests, follow the Inferno instructions.

7 Multi-Patient Authorization and API

Click the 7 Multi-Patient API link in the left sidebar
Click the Run tests button
Provide require parameters for tests
- Bulk Data FHIR URL: [aidbox-url]/tenant/my-clinic/bulk-api
- Backend Services Token Endpoint: [aidbox-url]/auth/token
- Bulk Data Client ID: inferno-my-clinic-bulk-client
- Encryption method RS384
- Group ID: test-group-1
- Patient IDs in exported Group: test-pt-1,test-pt-2
Click the Submit button

9.1 Public Client Standalone Launch with OpenID Connect

Click the 9.1 SMART Public Client Launch link in the left sidebar
Click the Run tests button
Provide require parameters for tests
- Bulk Data FHIR URL: [aidbox-url]/tenant/my-clinic/patient/smart-api
- Public Launch Client ID: inferno-public-patient-smart-app
- OAuth 2.0 Authorize Endpoint: [aidbox-url]/tenant/my-clinic/patient/auth/authorize
- OAuth 2.0 Token Endpoint: [aidbox-url]/auth/token
Click the Submit button

9.3 Token Revocation

This test depends on the Standalone Patient App test. Pass the first sequence then continue that one

Before you launch the test you should:

Open the patient portal UI [aidbox-url]/tenant/my-clinic/patient/portal
Login to the portal using credentials we created before example@mail.com / password
Find the inferno-confidential-patient-smart-app
Click the Revoke access button

Click the 9.3 Token Revocation link in the left sidebar
Click the Run tests button
Provide require parameters for tests
- Prior to executing test, Health IT developer demonstrated revoking tokens provided during patient standalone launch.: Yes
- Keep other parameters unchanged
Wait up to 30 seconds
Click the Submit button

9.4 SMART App Launch Error: Invalid AUD Parameter

Click the 9.4 SMART Invalid AUD Launch link in the left sidebar
Click the Run tests button
Provide require parameters for tests
- FHIR Endpoint: [aidbox-url]/tenant/my-clinic/patient/smart-api
- Standalone Client ID: inferno-confidential-patient-smart-app
- Standalone Client Secret: inferno-confidential-patient-smart-app-secret
- OAuth 2.0 Authorize Endpoint: [aidbox-url]/tenant/my-clinic/patient/auth/authorize
Click the Submit button
Click the Perform Invalid Launch link

9.5 SMART App Launch Error: Invalid Access Token Request

Click the 9.5 SMART Invalid Token Request link in the left sidebar
Click the Run tests button
Provide require parameters for tests
- FHIR Endpoint: [aidbox-url]/tenant/my-clinic/patient/smart-api
- Standalone Client ID: inferno-confidential-patient-smart-app
- Standalone Client Secret: inferno-confidential-patient-smart-app-secret
- OAuth 2.0 Authorize Endpoint: [aidbox-url]/tenant/my-clinic/patient/auth/authorize
- OAuth 2.0 Token Endpoint: [aidbox-url]/auth/token
Click the Submit button
Click the Follow this link to authorize with the SMART server link
Press the Allow button on the consent screen

9.8 EHR Launch with Patient Scopes

Click the 9.8 EHR Launch with Patient Scopes link in the left sidebar
Click the Run tests button
Provide require parameters for tests
- EHR launch FHIR Endpoint: [aidbox-url]/tenant/my-clinic/patient/smart-api
- EHR Launch Client ID: inferno-confidential-patient-smart-app
- EHR Launch Client Secret: inferno-confidential-patient-smart-app-secret
- OAuth 2.0 Authorize Endpoint: [aidbox-url]/tenant/my-clinic/patient/auth/authorize
- OAuth 2.0 Token Endpoint: [aidbox-url]/auth/token
Click the Submit button
Open the patient portal UI [aidbox-url]/tenant/my-clinic/patient/portal
Login to the portal using credentials we created before example@mail.com / password
Find the inferno-confidential-patient-smart-app application
Click the Launch button
Click the Follow this link to authorize with the SMART server link
Press the Allow button on the consent screen

9.10 Visual Inspection and Attestation

PreviousHow-to guides NextPerform EHR launch

Last updated 2 years ago

Was this helpful?

The article has be reviewed for next Inferno framework v0.3.12 and test suite

ONC Certification (g)(10) Standardized API v3.2.0
US Core 3.1.1 / USCDI v1, SMART App Launch 1.0.0, Bulk Data 1.0.1

Prerequisites

Once you have your Smartbox instance you need to register a FHIR server by creating Tenant resource and upload necessary resources for Inferno.

Patient record with all USCDIv1 data elements in us-core format,
User resource, associated with the patient record
Client resource for smart launch flows
Client resource for bulk api

Create Tenant

PUT /Tenant/my-clinic
Content-Type: text/yaml

name: My Clinic

Patient record

Demo patient record with all USCDI elements for Inferno test is available on Google Storage and maintained by Health Samurai team. You can upload with /$load endpoint:

POST /$load
Content-Type: text/yaml

source: 'https://storage.googleapis.com/aidbox-public/smartbox/rows.ndjson.gz'
merge:
  meta:
    tenant:
      id: my-clinic
      resourceType: Tenant

It contains at least two patients test-pt-1 and test-pt-2. Second patient will be required for Multi-Patient API test.

Let's created then User resource for test-pt-1:

POST /User
Content-Type: text/yaml

email: example@mail.com
name:
  givenName: Amy
  familyName: Shaw
active: true
fhirUser:
  id: test-pt-1
  resourceType: Patient
roles:
- type: patient
password: password
meta:
  tenant:
    id: my-clinic
    resourceType: Tenant

Now you can login to My Clinic patient portal with example@mail.com / password.

Client resources

In the requests below the simples way of adding Clients is shown. In some cases it's important to create Client resources without predefined secret and id (see for more details).

inferno-confidential-patient-smart-app

PUT /Client/inferno-confidential-patient-smart-app
Content-Type: text/yaml

type: patient-facing-smart-app
active: true
secret: inferno-confidential-patient-smart-app-secret
grant_types:
- authorization_code
auth:
  authorization_code:
    pkce: false
    redirect_uri: 'https://inferno.healthit.gov/suites/custom/smart/redirect'
    refresh_token: true
    secret_required: true
    access_token_expiration: 300
smart:
  launch_uri: 'https://inferno.healthit.gov/suites/custom/smart/launch'

inferno-my-clinic-bulk-client

PUT /Client/inferno-my-clinic-bulk-client
Content-Type: text/yaml

type: bulk-api-client
active: true
auth:
  client_credentials:
    client_assertion_types: ['urn:ietf:params:oauth:client-assertion-type:jwt-bearer']
    access_token_expiration: 300
scope: [system/*.read]
jwks_uri: https://inferno.healthit.gov/suites/custom/g10_certification/.well-known/jwks.json
grant_types:
- client_credentials
meta:
  tenant:
    id: my-clinic
    resourceType: Tenant

inferno-public-patient-smart-app

PUT /Client/inferno-public-patient-smart-app
Content-Type: text/yaml

type: patient-facing-smart-app
active: true
grant_types:
- authorization_code
auth:
  authorization_code:
    pkce: false
    redirect_uri: 'https://inferno.healthit.gov/suites/custom/smart/redirect'
    refresh_token: true
    secret_required: false
    access_token_expiration: 300
smart:
  launch_uri: 'https://inferno.healthit.gov/suites/custom/smart/launch'

Create Inferno test session

Create Inferno test session by following the link .

To pass the EHR Practitioner App inferno sequence see the guide
See to pass the Token Revocation Inferno test

Run all Inferno tests

Press the Run all tests button then provide require parameters for the tests:

FHIR Endpoint: [aidbox-url]/tenant/my-clinic/patient/smart-api
Standalone Client ID: inferno-confidential-patient-smart-app
Standalone Client Secret: inferno-confidential-patient-smart-app-secret
EHR Launch Client ID: inferno-confidential-patient-smart-app
EHR Launch Client Secret: inferno-confidential-patient-smart-app-secret
Bulk Data FHIR URL: [aidbox-url]/tenant/my-clinic/bulk-api
Backend Services Token Endpoint: [aidbox-url]/auth/token
Bulk Data Client ID: inferno-my-clinic-bulk-client
Encryption method RS384
Group ID: test-group-1
Patient IDs in exported Group: test-pt-1,test-pt-2
Public Launch Client ID: inferno-public-patient-smart-app
EHR Launch Client ID: inferno-confidential-patient-smart-app
EHR Launch Client Secret: inferno-confidential-patient-smart-app-secret

Once you run all tests, follow Inferno instructions.

Run Inferno tests one by one

1 Standalone Patient App - Full Access

Click the Standalone Patient App link in the left sidebar
Click the Run tests button
Provide require parameters for tests
- FHIR Endpoint: [aidbox-url]/tenant/my-clinic/patient/smart-api
- Standalone Client ID: inferno-confidential-patient-smart-app
- Standalone Client Secret: inferno-confidential-patient-smart-app-secret
Click the Submit button

Once you run tests, follow the Inferno instructions.

2 Standalone Patient App - Limited Access

This test depends on the Standalone Patient App test. Pass the first sequence then continue that one

Click the 2 Limited Access App link in the left sidebar
Click the Run tests button
Click the Submit button

Once you run tests, follow the Inferno instructions.

By default the test expects to not get accees to all the resources but Patient, Condition, Observation.

To pass the test you should:

Uncheck all the resources but those ones on the Consent screen
Keep following checkboxes checked Launch Patient, Open ID, FHIR User and Offline Access

3 EHR Practitioner App

Click the EHR Practitioner App link in the left sidebar
Click the Run tests button
Provide require parameters for tests
- FHIR Endpoint: [aidbox-url]/tenant/my-clinic/patient/smart-api
- EHR Launch Client ID: inferno-confidential-patient-smart-app
- EHR Launch Client Secret: inferno-confidential-patient-smart-app-secret
Click the Submit button
Open the patient portal UI [aidbox-url]/tenant/my-clinic/patient/portal
Login to the portal using credentials we created before example@mail.com / password
Find the inferno-confidential-patient-smart-app application
Click the Launch button

Once you perform EHR launch, follow the Inferno instructions.

4 Single Patient API

This test depends on the Standalone Patient App test. Pass the first sequence then continue that one

Click the 4 Single Patient API link in the left sidebar
Click the Run tests button
Click the Submit button

Once you run tests, follow the Inferno instructions.

7 Multi-Patient Authorization and API

Click the 7 Multi-Patient API link in the left sidebar
Click the Run tests button
Provide require parameters for tests
- Bulk Data FHIR URL: [aidbox-url]/tenant/my-clinic/bulk-api
- Backend Services Token Endpoint: [aidbox-url]/auth/token
- Bulk Data Client ID: inferno-my-clinic-bulk-client
- Encryption method RS384
- Group ID: test-group-1
- Patient IDs in exported Group: test-pt-1,test-pt-2
Click the Submit button

9.1 Public Client Standalone Launch with OpenID Connect

Click the 9.1 SMART Public Client Launch link in the left sidebar
Click the Run tests button
Provide require parameters for tests
- Bulk Data FHIR URL: [aidbox-url]/tenant/my-clinic/patient/smart-api
- Public Launch Client ID: inferno-public-patient-smart-app
- OAuth 2.0 Authorize Endpoint: [aidbox-url]/tenant/my-clinic/patient/auth/authorize
- OAuth 2.0 Token Endpoint: [aidbox-url]/auth/token
Click the Submit button

9.3 Token Revocation

This test depends on the Standalone Patient App test. Pass the first sequence then continue that one

Before you launch the test you should:

Open the patient portal UI [aidbox-url]/tenant/my-clinic/patient/portal
Login to the portal using credentials we created before example@mail.com / password
Find the inferno-confidential-patient-smart-app
Click the Revoke access button

Click the 9.3 Token Revocation link in the left sidebar
Click the Run tests button
Provide require parameters for tests
- Prior to executing test, Health IT developer demonstrated revoking tokens provided during patient standalone launch.: Yes
- Keep other parameters unchanged
Wait up to 30 seconds
Click the Submit button

9.4 SMART App Launch Error: Invalid AUD Parameter

Click the 9.4 SMART Invalid AUD Launch link in the left sidebar
Click the Run tests button
Provide require parameters for tests
- FHIR Endpoint: [aidbox-url]/tenant/my-clinic/patient/smart-api
- Standalone Client ID: inferno-confidential-patient-smart-app
- Standalone Client Secret: inferno-confidential-patient-smart-app-secret
- OAuth 2.0 Authorize Endpoint: [aidbox-url]/tenant/my-clinic/patient/auth/authorize
Click the Submit button
Click the Perform Invalid Launch link

9.5 SMART App Launch Error: Invalid Access Token Request

Click the 9.5 SMART Invalid Token Request link in the left sidebar
Click the Run tests button
Provide require parameters for tests
- FHIR Endpoint: [aidbox-url]/tenant/my-clinic/patient/smart-api
- Standalone Client ID: inferno-confidential-patient-smart-app
- Standalone Client Secret: inferno-confidential-patient-smart-app-secret
- OAuth 2.0 Authorize Endpoint: [aidbox-url]/tenant/my-clinic/patient/auth/authorize
- OAuth 2.0 Token Endpoint: [aidbox-url]/auth/token
Click the Submit button
Click the Follow this link to authorize with the SMART server link
Press the Allow button on the consent screen

9.8 EHR Launch with Patient Scopes

Click the 9.8 EHR Launch with Patient Scopes link in the left sidebar
Click the Run tests button
Provide require parameters for tests
- EHR launch FHIR Endpoint: [aidbox-url]/tenant/my-clinic/patient/smart-api
- EHR Launch Client ID: inferno-confidential-patient-smart-app
- EHR Launch Client Secret: inferno-confidential-patient-smart-app-secret
- OAuth 2.0 Authorize Endpoint: [aidbox-url]/tenant/my-clinic/patient/auth/authorize
- OAuth 2.0 Token Endpoint: [aidbox-url]/auth/token
Click the Submit button
Open the patient portal UI [aidbox-url]/tenant/my-clinic/patient/portal
Login to the portal using credentials we created before example@mail.com / password
Find the inferno-confidential-patient-smart-app application
Click the Launch button
Click the Follow this link to authorize with the SMART server link
Press the Allow button on the consent screen

9.10 Visual Inspection and Attestation

To pass the visual inspection see the guide.