Skip to content

Commit f8467dd

Browse files
feordinfeordin
authored
Match .well-known/smart-configuration capabilities section to capabilities endpoint (#5427)
Refs AB#185285
1 parent e526922 commit f8467dd

2 files changed

Lines changed: 34 additions & 27 deletions

File tree

src/Microsoft.Health.Fhir.Core/Features/Conformance/GetSmartConfigurationHandler.cs

Lines changed: 11 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55

66
using System;
77
using System.Collections.Generic;
8+
using System.Linq;
89
using System.Net;
910
using System.Threading;
1011
using System.Threading.Tasks;
@@ -62,13 +63,17 @@ public async Task<GetSmartConfigurationResponse> Handle(GetSmartConfigurationReq
6263
(authorizationEndpoint, tokenEndpoint) = await _oidcDiscoveryService.ResolveEndpointsAsync(baseEndpoint, cancellationToken);
6364
}
6465

65-
ICollection<string> capabilities = new List<string>
66+
ICollection<string> capabilities = new List<string>(
67+
Constants.SmartCapabilityClients
68+
.Concat(Constants.SmartCapabilityAdditional)
69+
.Concat(Constants.SmartCapabilityLaunches)
70+
.Concat(Constants.SmartCapabilityPermissions)
71+
.Concat(Constants.SmartCapabilitySSOs));
72+
73+
if (!string.IsNullOrEmpty(_smartIdentityProviderConfiguration.Authority))
6674
{
67-
"sso-openid-connect",
68-
"permission-offline",
69-
"permission-patient",
70-
"permission-user",
71-
};
75+
((List<string>)capabilities).AddRange(Constants.SmartCapabilityThirdPartyContexts);
76+
}
7277

7378
// Add SMART v2 scope support - these are the core scopes supported natively by the FHIR service
7479
ICollection<string> scopesSupported = new List<string>

src/Microsoft.Health.Fhir.Shared.Core.UnitTests/Features/Conformance/GetSmartConfigurationHandlerTests.cs

Lines changed: 23 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55

66
using System;
77
using System.Collections.Generic;
8+
using System.Linq;
89
using System.Net;
910
using System.Threading;
1011
using System.Threading.Tasks;
@@ -26,6 +27,16 @@ namespace Microsoft.Health.Fhir.Core.UnitTests.Features.Conformance
2627
[Trait(Traits.Category, Categories.Conformance)]
2728
public class GetSmartConfigurationHandlerTests
2829
{
30+
private static readonly List<string> ExpectedBaseCapabilities = new List<string>(
31+
Constants.SmartCapabilityClients
32+
.Concat(Constants.SmartCapabilityAdditional)
33+
.Concat(Constants.SmartCapabilityLaunches)
34+
.Concat(Constants.SmartCapabilityPermissions)
35+
.Concat(Constants.SmartCapabilitySSOs));
36+
37+
private static readonly List<string> ExpectedThirdPartyCapabilities = new List<string>(
38+
ExpectedBaseCapabilities.Concat(Constants.SmartCapabilityThirdPartyContexts));
39+
2940
private static GetSmartConfigurationHandler CreateHandler(
3041
SecurityConfiguration securityConfiguration,
3142
SmartIdentityProviderConfiguration smartIdpConfig = null,
@@ -80,13 +91,7 @@ public async Task GivenASmartConfigurationHandler_WhenSecurityConfigurationEnabl
8091

8192
Assert.Equal(baseEndpoint + "/oauth2/v2.0/authorize", response.AuthorizationEndpoint.ToString());
8293
Assert.Equal(baseEndpoint + "/oauth2/v2.0/token", response.TokenEndpoint.ToString());
83-
Assert.Equal(response.Capabilities, new List<string>
84-
{
85-
"sso-openid-connect",
86-
"permission-offline",
87-
"permission-patient",
88-
"permission-user",
89-
});
94+
Assert.Equal(ExpectedBaseCapabilities, response.Capabilities);
9095

9196
// Verify SMART v2 scopes are included
9297
Assert.NotNull(response.ScopesSupported);
@@ -172,13 +177,7 @@ public async Task GivenASmartConfigurationHandler_WhenAadSmartOnFhirProxyEnabled
172177

173178
Assert.Equal("https://fhir.example.com/AadSmartOnFhirProxy/authorize", response.AuthorizationEndpoint.ToString());
174179
Assert.Equal("https://fhir.example.com/AadSmartOnFhirProxy/token", response.TokenEndpoint.ToString());
175-
Assert.Equal(response.Capabilities, new List<string>
176-
{
177-
"sso-openid-connect",
178-
"permission-offline",
179-
"permission-patient",
180-
"permission-user",
181-
});
180+
Assert.Equal(ExpectedBaseCapabilities, response.Capabilities);
182181

183182
// Verify SMART v2 scopes are included
184183
Assert.NotNull(response.ScopesSupported);
@@ -206,13 +205,7 @@ public async Task GivenASmartConfigurationHandler_WhenAadSmartOnFhirProxyDisable
206205

207206
Assert.Equal(authority + "/oauth2/v2.0/authorize", response.AuthorizationEndpoint.ToString());
208207
Assert.Equal(authority + "/oauth2/v2.0/token", response.TokenEndpoint.ToString());
209-
Assert.Equal(response.Capabilities, new List<string>
210-
{
211-
"sso-openid-connect",
212-
"permission-offline",
213-
"permission-patient",
214-
"permission-user",
215-
});
208+
Assert.Equal(ExpectedBaseCapabilities, response.Capabilities);
216209

217210
// Verify SMART v2 scopes are included
218211
Assert.NotNull(response.ScopesSupported);
@@ -245,6 +238,15 @@ public async Task GivenASmartConfigurationHandler_When3rdPartyIdpSpecified_ThenC
245238
var expectedAuthority = !string.IsNullOrEmpty(authority) ? authority.TrimEnd('/') : baseUri;
246239
Assert.Equal(expectedAuthority + "/oauth2/v2.0/authorize", response.AuthorizationEndpoint.ToString());
247240
Assert.Equal(expectedAuthority + "/oauth2/v2.0/token", response.TokenEndpoint.ToString());
241+
242+
if (!string.IsNullOrEmpty(authority))
243+
{
244+
Assert.Equal(ExpectedThirdPartyCapabilities, response.Capabilities);
245+
}
246+
else
247+
{
248+
Assert.Equal(ExpectedBaseCapabilities, response.Capabilities);
249+
}
248250
}
249251
}
250252
}

0 commit comments

Comments
 (0)