-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SMART Launch Refresh Token Bug? #522
Comments
This title is misleading. According to the spec:
So, I believe the test behavior is correct in passing even though the patient context parameters are not present, and accessing the patient resource is done here to verify that the new access token works. We will update the test's title to match the behavior. |
I think that's incorrect. This section of the Inferno test suite is the 'Standalone Patient App' section, and you fail in the preceding test 1.4.06 if the "patient" doesn't come back. You're using the refresh token from the earlier request, but you get different information. In other words, you've already established that you have a patient context associated with the token information you have. But you're judging the exchange of refresh token for access token without acknowledging that. I'd agree if you were changing the scopes that you were asking for in the refresh token => access token exchange. But you're not. The test is still trying to obtain 'launch/patient', which it was successfully able to obtain in the earlier request in the collection. |
In 1.4.06 it is necessary for the patient context to be sent with the initial access token request.
I don't understand what you're getting at here.
Regardless of whether |
Test 1.6.05 indicates "OAuth token exchange response body contains patient context and patient resource can be retrieved." I'm testing an issue where we're not producing patient context in the refresh token exchange, however Inferno indicated everything was all good. If you look at the request (and response) associated with that test, you see that the token omits the "patient" property. Is this correct? The examples in the STU documentation that the test links to also show the "patient" coming back in refresh token exchanges.
Session: https://inferno.healthit.gov/suites/g10_certification/iySRv3EHCy7#1
The text was updated successfully, but these errors were encountered: