| Criterion | Status | Description | Data Received | Comment | Date/Time |
|---|
| Overall | SUBTEST FAILED | Overall Test Result | | First test: 2023-02-01 13:37:00-0800 Last test: 2023-02-01 13:37:11-0800 | |
| IIB | SUBTEST FAILED | Client Authentication | | | |
| IIB1 | PASS | metadata is discoverable | | | |
| IIB1a | PASS | retrievable with GET at well known URL | | | |
| IIB1a1 | PASS | Content-Type is application/json | | | 2023-02-01 13:37:00-0800 |
| IIB1a2 | PASS | returns JSON Object | {
"udap_versions_supported": [
"1"
],
"udap_profiles_supported": [
"udap_dcr",
"udap_authn",
"udap_authz"
],
"udap_authorization_extensions_supported": [
"hl7-b2b"
],
"udap_authorization_extensions_required": [
"hl7-b2b"
],
"udap_certifications_supported": [... | | 2023-02-01 13:37:00-0800 |
| IIB1b | PASS | FHIR CapabilityStatement optionally identifies UDAP support | | optional UDAP security service code is not present | 2023-02-01 13:37:00-0800 |
| INFO | | {
"resourceType": "CapabilityStatement",
"meta": {
"lastUpdated": "2023-02-01T21:37:00.5159475+00:00"
},
"url": "https://fhirlabs.net/fhir/r4/metadata",
"version": "1.0.0.0",
"name": "demoCapStmt",
"status": "active",
"experimental": true,
"date": "2017-04-30",
"description":... | FHIR metadata retrieved | 2023-02-01 13:37:00-0800 |
| IIB2 | INCOMPLETE | UDAP metadata contains authz and token endpoints | | | |
| IIB2a | PASS | authorization_endpoint is valid https URL | https://securedcontrols.net/connect/authorize | | 2023-02-01 13:37:00-0800 |
| IIB2b | PASS | FHIR CapabilityStatement optionally includes matching authorize URL | | authorization endpoint not present in CapabilityStatement | 2023-02-01 13:37:00-0800 |
| IIB2c | PASS | authorization endpoint accepts GET requests | | | 2023-02-01 13:37:10-0800 |
| IIB2d | PASS | token_endpoint is valid https URL | https://securedcontrols.net/connect/token | | 2023-02-01 13:37:00-0800 |
| IIB2e | NOT TESTED | FHIR CapabilityStatement optionally includes matching token URL | | token endpoint not present in CapabilityStatement | 2023-02-01 13:37:00-0800 |
| IIB2f | PASS | token endpoint accepts POST requests | | | 2023-02-01 13:37:11-0800 |
| IIB3 | SUBTEST FAILED | authorization code flow supported | | | |
| IIB3a | SUBTEST FAILED | validate parameters and return errors | | | |
| IIB3a1 | FAIL | client_id and redirection_uri errors return HTTP error response | | see INFO entries | 2023-02-01 13:37:02-0800 |
| INFO | | 200 | Missing client_id parameter: expected an HTTP error code (400-599). Note: Authorization Server should also report this unexpected client behavior to the end user. | 2023-02-01 13:37:02-0800 |
| INFO | | 200 | Invalid client_id value: expected an HTTP error code (400-599). Note: Authorization Server should also report this unexpected client behavior to the end user. | 2023-02-01 13:37:02-0800 |
| INFO | | 200 | Missing redirect_uri parameter: expected an HTTP error code (400-599). Note: Authorization Server should also report this unexpected client behavior to the end user. | 2023-02-01 13:37:02-0800 |
| INFO | | 200 | redirect_uri value is not the same in the registration request and uses http scheme: expected an HTTP error code (400-599). Note: Authorization Server should also report this unexpected client behavior to the end user. | 2023-02-01 13:37:02-0800 |
| IIB3a2 | FAIL | other errors are communicated via the redirection URI | | see INFO entries | 2023-02-01 13:37:02-0800 |
| INFO | | 200 | Missing response_type parameter: not redirected; expected redirection to redirect URI with an error in the URL query string | 2023-02-01 13:37:01-0800 |
| INFO | | 200 | Invalid response_type value: not redirected; expected redirection to redirect URI with an error in the URL query string | 2023-02-01 13:37:01-0800 |
| INFO | | 200 | Missing state parameter: not redirected; expected redirection to redirect URI with an error in the URL query string | 2023-02-01 13:37:01-0800 |
| IIB3a2a | NOT TESTED | error parameter is populated | | | |
| IIB3a2b | NOT TESTED | state matches value provided by client | | | |
| IIB3b | PASS | user agent is redirected to redirection URI | | | 2023-02-01 13:37:10-0800 |
| IIB3c | PASS | expected query parameters are included | code=F0C2D7FB456FD46AA77E9D840647C4DFD33EE315D21FA58482FF72B1A66480D4-1&scope=udap&state=6xmc3J1RRHuJQbpE-NheDA&iss=https%3A%2F%2Fsecuredcontrols.net | received query string via redirection URI | 2023-02-01 13:37:10-0800 |
| IIB3c1 | PASS | code is present | F0C2D7FB456FD46AA77E9D840647C4DFD33EE315D21FA58482FF72B1A66480D4-1 | | 2023-02-01 13:37:10-0800 |
| IIB3c2 | PASS | state matches value provided by client | 6xmc3J1RRHuJQbpE-NheDA | | 2023-02-01 13:37:10-0800 |
| IIB4 | NOT APPLICABLE | validate token request | | | |
| IIB5 | PASS | validate token response | | | |
| IIB5a | PASS | validate response headers | | | |
| IIB5a1 | PASS | returns status 200 | 200 | | 2023-02-01 13:37:11-0800 |
| IIB5a2 | PASS | Content-Type is application/json | application/json | | 2023-02-01 13:37:11-0800 |
| IIB5b | PASS | validate response body | | | |
| IIB5b1 | PASS | returns JSON Object | {"access_token":"eyJhbGciOiJSUzI1NiIsImtpZCI6IjA3QTdERjA3NUYzQ0VCOTk4MDVFMkMzMTYwM0E0QjY0IiwidHlwIjoiYXQrand0In0.eyJpc3MiOiJodHRwczovL3NlY3VyZWRjb250cm9scy5uZXQiLCJuYmYiOjE2NzUyODc0MzEsImlhdCI6MTY3NTI4NzQzMSwiZXhwIjoxNjc1MjkxMDMxLCJhdWQiOiJodHRwczovL3NlY3VyZWRjb250cm9scy5uZXQvcmVzb3VyY2VzIiwic2NvcGU... | | 2023-02-01 13:37:11-0800 |
| IIB5b2 | PASS | includes access token | eyJhbGciOiJSUzI1NiIsImtpZCI6IjA3QTdERjA3NUYzQ0VCOTk4MDVFMkMzMTYwM0E0QjY0IiwidHlwIjoiYXQrand0In0.eyJpc3MiOiJodHRwczovL3NlY3VyZWRjb250cm9scy5uZXQiLCJuYmYiOjE2NzUyODc0MzEsImlhdCI6MTY3NTI4NzQzMSwiZXhwIjoxNjc1MjkxMDMxLCJhdWQiOiJodHRwczovL3NlY3VyZWRjb250cm9scy5uZXQvcmVzb3VyY2VzIiwic2NvcGUiOlsidWRhcCJdLCJh... | | 2023-02-01 13:37:11-0800 |
| IIB5b3 | PASS | token is Bearer type | Bearer | | 2023-02-01 13:37:11-0800 |
| IIB5b4 | PASS | includes expire time | 3600 | token expires in 3600 seconds | 2023-02-01 13:37:11-0800 |
| IIB5b5 | PASS | refresh token | | optional refresh_token is absent | 2023-02-01 13:37:11-0800 |
