Broken LinksNotebooks
# Table of contents
Aidbox FHIR platform documentation
Getting Started
Tutorials
CRUD, Search Tutorials
Bulk API Tutorials
Security & Access Control Tutorials
RBAC
Terminology Tutorials
Validation Tutorials
Upload FHIR Implementation Guide
Aidbox UI
Integration Toolkit Tutorials
Other tutorials
## Overview
Aidbox user portal
Aidbox UI
## Configuration
## API
REST API
CRUD
Search
Custom Search Parameter
SearchParameter types
Search parameters list
Other
Other
Bulk API
Other APIs
Plan API
Provider Directory API
Archive/Restore API
## Modules
Profiling and validation
FHIR Schema Validator
Security & Access Control
Authentication
Access to AidboxUI
External identity providers
Authentication Flows
Access Control
Attribute-based Access Control (ABAC)
Label-based Access Control
SMART on FHIR
SMART Client Authorization
SMART Client Authentication
SMART (deprecated)
SMART on FHIR
Multitenancy
Patient data access API
Audit
Technical reference
Observability
Getting started
Logs
How-to guides
Tutorials
Technical reference
Metrics
How-to guides
Technical reference
Traces
Subscriptions
Aidbox topic-based subscriptions
Aidbox Forms
Aidbox UI Builder
Form creation
How-to guides
Printing forms
Embedding
Aidbox Code Editor (deprecated)
Define extensions
Custom Resources
Migrate to FHIR Schema
Aidbox terminology module
Concept
ValueSet
CodeSystem
Import external terminologies
SQL on FHIR
Integration toolkit
C-CDA / FHIR Converter
List of supported templates
HL7 v2 Integration
Analytics
Email Providers integration
SMARTbox | FHIR API for EHRs
Get started
The B11 Decision Support Interventions
How-to guides
Background information
Other modules
MDM
## Storage
AidboxDB
Other
S3-compatible storages
## Deployment and maintenance
Deploy Aidbox
Run Aidbox on Kubernetes
Backup and Restore
Indexes
## App development
Aidbox SDK
## Reference
Settings reference
Environment variables
Email Providers reference
Aidbox Forms reference
## Deprecated
Deprecated
Zen-related
RPC reference
aidbox
mdm
Aidbox configuration project
Aidbox Configuration project reference
US Core IG
Workflow Engine
Task
Workflow
FHIR conformance Deprecated guides
How to enable US Core IG
Terminology Deprecated Tutorials
zen-lang validator
FHIR topic-based subscriptions
API Reference
🏗️ FHIR Terminology Repository
Create an FTR instance
Entity / Attribute
Other
App Development Deprecated Tutorials
Receive logs from your app
Other Deprecated Tutorials

Pass Inferno tests with Smartbox

The article has be reviewed for next Inferno framework v0.3.12 and test suite

  • ONC Certification (g)(10) Standardized API v3.2.0
  • US Core 3.1.1 / USCDI v1, SMART App Launch 1.0.0, Bulk Data 1.0.1

Prerequisites

Smartbox must be publicly available from the Internet in order to Inferno could reach Smartbox and run tests.

Once you have your Smartbox instance Set up Smartbox locally you need to register a FHIR server by creating Tenant resource and upload necessary resources for Inferno.

  • Patient record with all USCDIv1 data elements in uscore format,
  • User resource, associated with the patient record
  • Client resource for smart launch flows
  • Client resource for bulk api

Create Tenant

yaml
PUT /Tenant/my-clinic
Content-Type: text/yaml

name: My Clinic

Prepare fixtures

Demo patient record with all USCDI elements for Inferno test is available on Google Storage and maintained by Health Samurai team. You can upload with /$load endpoint:

yaml
POST /$load
Content-Type: text/yaml

source: 'https://storage.googleapis.com/aidbox-public/smartbox/rows.ndjson.gz'
merge:
  meta:
    tenant:
      id: my-clinic
      resourceType: Tenant

It contains at least two patients test-pt-1 and test-pt-2. Second patient will be required for Multi-Patient API test.

Let's created then User resource for test-pt-1:

yaml
POST /User
Content-Type: text/yaml

email: example@mail.com
password: password
name:
  givenName: Amy
  familyName: Shaw
active: true
fhirUser:
  id: test-pt-1
  resourceType: Patient
roles:
- type: patient
meta:
  tenant:
    id: my-clinic
    resourceType: Tenant

Now you can login to My Clinic patient portal with example@mail.com / password.

Create client resources for Inferno

Inferno will act as smart app/bulk client app. Let's register inferno's apps as Client resources in Smartbox.

yaml
PUT /
Content-Type: text/yaml

- id: inferno-confidential-patient-smart-app
  resourceType: Client
  type: patient-facing-smart-app
  active: true
  secret: inferno-confidential-patient-smart-app-secret
  grant_types:
  - authorization_code
  auth:
    authorization_code:
      pkce: false
      redirect_uri: 'https://inferno.healthit.gov/suites/custom/smart/redirect'
      refresh_token: true
      secret_required: true
      access_token_expiration: 300
  smart:
    launch_uri: 'https://inferno.healthit.gov/suites/custom/smart/launch'
- id: inferno-public-patient-smart-app
  resourceType: Client
  type: patient-facing-smart-app
  active: true
  grant_types:
  - authorization_code
  auth:
    authorization_code:
      pkce: true
      redirect_uri: 'https://inferno.healthit.gov/suites/custom/smart/redirect'
      refresh_token: true
      secret_required: false
      access_token_expiration: 300
  smart:
    launch_uri: 'https://inferno.healthit.gov/suites/custom/smart/launch'
- id: inferno-my-clinic-bulk-client
  resourceType: Client
  type: bulk-api-client
  active: true
  auth:
    client_credentials:
      client_assertion_types: ['urn:ietf:params:oauth:client-assertion-type:jwt-bearer']
      access_token_expiration: 300
  scope: [system/*.read]
  jwks_uri: https://inferno.healthit.gov/suites/custom/g10_certification/.well-known/jwks.json
  grant_types:
  - client_credentials
  meta:
    tenant:
      id: my-clinic
      resourceType: Tenant

Create Inferno test session

Create Inferno test session by following the link https://inferno.healthit.gov/onc-certification-g10-test-kit.

  1. To pass the EHR Practitioner App inferno sequence see the guide Perform EHR launch
  2. 2. See Revoke granted access to pass the Token Revocation Inferno test

Run all Inferno tests

Press the Run all tests button then provide require parameters for the tests:

  • FHIR Endpoint:\
  • [aidboxurl]/tenant/myclinic/patient/smartapi
  • Standalone Client ID: infernoconfidentialpatientsmartapp
  • Standalone Client Secret: infernoconfidentialpatientsmartappsecret
  • EHR Launch Client ID: infernoconfidentialpatientsmartapp
  • EHR Launch Client Secret: infernoconfidentialpatientsmartappsecret
  • Bulk Data FHIR URL:\
  • [aidboxurl]/tenant/myclinic/bulkapi
  • Backend Services Token Endpoint:\
  • [aidboxurl]/auth/token
  • Bulk Data Client ID: infernomyclinicbulkclient
  • Encryption method RS384
  • Group ID: testgroup1
  • Patient IDs in exported Group: testpt1,testpt2
  • Public Launch Client ID: infernopublicpatientsmartapp
  • EHR Launch Client ID: infernoconfidentialpatientsmartapp
  • EHR Launch Client Secret: infernoconfidentialpatientsmartappsecret

Once you run all tests, follow Inferno instructions.

Run Inferno tests one by one

1 Standalone Patient App - Full Access

  1. Click the Standalone Patient App link in the left sidebar
  2. 2. Click the Run tests button
  3. 3. Provide require parameters for tests
  4. * FHIR Endpoint:\
  5. [aidbox-url]/tenant/my-clinic/patient/smart-api
  6. * Standalone Client ID: inferno-confidential-patient-smart-app
  7. * Standalone Client Secret: inferno-confidential-patient-smart-app-secret
  8. 4. Click the Submit button

Once you run tests, follow the Inferno instructions.

2 Standalone Patient App - Limited Access

This test depends on the Standalone Patient App test. Pass the first sequence then continue that one

  1. Click the 2 Limited Access App link in the left sidebar
  2. 2. Click the Run tests button
  3. 3. Click the Submit button

Once you run tests, follow the Inferno instructions.

By default the test expects to not get accees to all the resources but Patient, Condition, Observation.

To pass the test you should:

  1. Uncheck all the resources but those ones on the Consent screen
  2. 2. Keep following checkboxes checked Launch Patient, Open ID, FHIR User and Offline Access

3 EHR Practitioner App

  1. Click the EHR Practitioner App link in the left sidebar
  2. 2. Click the Run tests button
  3. 3. Provide require parameters for tests
  4. * FHIR Endpoint:\
  5. [aidbox-url]/tenant/my-clinic/patient/smart-api
  6. * EHR Launch Client ID: inferno-confidential-patient-smart-app
  7. * EHR Launch Client Secret: inferno-confidential-patient-smart-app-secret
  8. 4. Click the Submit button
  9. 5. Open the patient portal UI [aidbox-url]/tenant/my-clinic/patient/portal
  10. 6. Login to the portal using credentials we created before example@mail.com / password
  11. 7. Find the inferno-confidential-patient-smart-app application
  12. 8. Click the Launch button

Once you perform EHR launch, follow the Inferno instructions.

4 Single Patient API

This test depends on the Standalone Patient App test. Pass the first sequence then continue that one

  1. Click the 4 Single Patient API link in the left sidebar
  2. 2. Click the Run tests button
  3. 3. Click the Submit button

Once you run tests, follow the Inferno instructions.

7 Multi-Patient Authorization and API

  1. Click the 7 Multi-Patient API link in the left sidebar
  2. 2. Click the Run tests button
  3. 3. Provide require parameters for tests
  4. * Bulk Data FHIR URL:\
  5. [aidbox-url]/tenant/my-clinic/bulk-api
  6. * Backend Services Token Endpoint:\
  7. [aidbox-url]/auth/token
  8. * Bulk Data Client ID: inferno-my-clinic-bulk-client
  9. * Encryption method RS384
  10. * Group ID: test-group-1
  11. * Patient IDs in exported Group: test-pt-1,test-pt-2
  12. 4. Click the Submit button

9.1 Public Client Standalone Launch with OpenID Connect

  1. Click the 9.1 SMART Public Client Launch link in the left sidebar
  2. 2. Click the Run tests button
  3. 3. Provide require parameters for tests
  4. * Bulk Data FHIR URL:\
  5. [aidbox-url]/tenant/my-clinic/patient/smart-api
  6. * Public Launch Client ID: inferno-public-patient-smart-app
  7. * Proof Key for Code Exchange (PKCE): Enabled
  8. * OAuth 2.0 Authorize Endpoint: [aidbox-url]/tenant/my-clinic/patient/auth/authorize
  9. * OAuth 2.0 Token Endpoint: [aidbox-url]/auth/token
  10. 4. Click the Submit button

9.3 Token Revocation

This test depends on the Standalone Patient App test. Pass the first sequence then continue that one

Before you launch the test you should:

  1. Open the patient portal UI [aidbox-url]/tenant/my-clinic/patient/portal
  2. 2. Login to the portal using credentials we created before example@mail.com / password
  3. 3. Find the inferno-confidential-patient-smart-app
  4. 4. Click the Revoke access button
  1. Click the 9.3 Token Revocation link in the left sidebar
  2. 2. Click the Run tests button
  3. 3. Provide require parameters for tests
  4. * Prior to executing test, Health IT developer demonstrated revoking tokens provided during patient standalone launch.: Yes
  5. * Keep other parameters unchanged
  6. 4. Wait up to 30 seconds
  7. 5. Click the Submit button

9.4 SMART App Launch Error: Invalid AUD Parameter

  1. Click the 9.4 SMART Invalid AUD Launch link in the left sidebar
  2. 2. Click the Run tests button
  3. 3. Provide require parameters for tests
  4. * FHIR Endpoint:\
  5. [aidbox-url]/tenant/my-clinic/patient/smart-api
  6. * Standalone Client ID: inferno-confidential-patient-smart-app
  7. * Standalone Client Secret: inferno-confidential-patient-smart-app-secret
  8. * Proof Key for Code Exchange (PKCE): Disabled
  9. * OAuth 2.0 Authorize Endpoint: [aidbox-url]/tenant/my-clinic/patient/auth/authorize
  10. 4. Click the Submit button
  11. 5. Click the Perform Invalid Launch link

9.5 SMART App Launch Error: Invalid Access Token Request

  1. Click the 9.5 SMART Invalid Token Request link in the left sidebar
  2. 2. Click the Run tests button
  3. 3. Provide require parameters for tests
  4. * FHIR Endpoint:\
  5. [aidbox-url]/tenant/my-clinic/patient/smart-api
  6. * Standalone Client ID: inferno-confidential-patient-smart-app
  7. * Standalone Client Secret: inferno-confidential-patient-smart-app-secret
  8. * OAuth 2.0 Authorize Endpoint: [aidbox-url]/tenant/my-clinic/patient/auth/authorize
  9. * OAuth 2.0 Token Endpoint: [aidbox-url]/auth/token
  10. 4. Click the Submit button
  11. 5. Click the Follow this link to authorize with the SMART server link
  12. 6. Press the Allow button on the consent screen

9.8 EHR Launch with Patient Scopes

  1. Click the 9.8 EHR Launch with Patient Scopes link in the left sidebar
  2. 2. Click the Run tests button
  3. 3. Provide require parameters for tests
  4. * EHR launch FHIR Endpoint:\
  5. [aidbox-url]/tenant/my-clinic/patient/smart-api
  6. * EHR Launch Client ID: inferno-confidential-patient-smart-app
  7. * EHR Launch Client Secret: inferno-confidential-patient-smart-app-secret
  8. * OAuth 2.0 Authorize Endpoint: [aidbox-url]/tenant/my-clinic/patient/auth/authorize
  9. * OAuth 2.0 Token Endpoint: [aidbox-url]/auth/token
  10. 4. Click the Submit button
  11. 5. Open the patient portal UI [aidbox-url]/tenant/my-clinic/patient/portal
  12. 6. Login to the portal using credentials we created before example@mail.com / password
  13. 7. Find the inferno-confidential-patient-smart-app application
  14. 8. Click the Launch button
  15. 9. Click the Follow this link to authorize with the SMART server link
  16. 10. Press the Allow button on the consent screen

9.10 Visual Inspection and Attestation

To pass the visual inspection see the Pass Inferno Visual Inspection and Attestation guide.