Test requires proper format/values for optional claims that are present

lib/bulk_data_test_kit/v1.0.1/bulk_data_smart_discovery_v101_contents_test.rb

@@ -1,3 +1,4 @@
+require 'pry'
 module BulkDataTestKit
   module BulkDataV101
     class BulkDataSmartDiscoveryV101ContentsTest < Inferno::Test
@@ -13,15 +14,16 @@ class BulkDataSmartDiscoveryV101ContentsTest < Inferno::Test
         > token_endpoint_auth_signing_alg_values_supported (with values that include at least one of RS384, ES384)
         > attributes for backend services. The response is a JSON document using the application/json mime type.
 
-        This test requires a valid `token_endpoint` claim to pass but issue a warning for all other claims.
+        This test requires a valid `token_endpoint` claim to pass but issue a warning for any other recommended claims
+        that are not present.
+        However, any included claim must have the proper format and/or values indicated by the IG.
       )
 
       input :well_known_configuration
 
       output :smart_token_url
 
       def test_key(config, key, type)
-        assert config.key?(key), "Well-known configuration does not include `#{key}`"
         assert config[key].present?, "Well-known configuration field `#{key}` is blank"
         assert config[key].is_a?(type), "Well-known `#{key}` must be type: #{type.to_s.downcase}"
       end
@@ -30,6 +32,7 @@ def test_key(config, key, type)
         config = JSON.parse(well_known_configuration)
 
         # token_endpoint must be output for downstream tests to work
+        assert config.key?('token_endpoint'), 'Well-known configuration does not include `token_endpoint`'
         test_key(config, 'token_endpoint', String)
         token_endpoint = config['token_endpoint']
         assert_valid_http_uri(token_endpoint, "`#{token_endpoint}` is not a valid URI")
@@ -42,19 +45,31 @@ def test_key(config, key, type)
           'scopes_supported'
         ]
 
-        warning do
-          recommended_capabilities.each do |key|
-            test_key(config, key, Array)
+        present_capabilities = []
+        recommended_capabilities.each do |key|
+          if config.key?(key) then present_capabilities.append(key)
+          else
+            warning do
+              assert config.key?(key), "Well-known configuration does not include `#{key}`"
+            end
           end
+        end
+
+        present_capabilities.each do |key|
+          test_key(config, key, Array)
+        end
 
+        if present_capabilities.include?('token_endpoint_auth_methods_supported')
           assert config['token_endpoint_auth_methods_supported'].include?('private_key_jwt'),
                 '`token_endpoint_auth_methods_supported` does not include the value `private_key_jwt`'
+        end
 
-          supports_RS384 = config['token_endpoint_auth_signing_alg_values_supported'].include? 'RS384'
+        if present_capabilities.include?('token_endpoint_auth_methods_supported')
+            supports_RS384 = config['token_endpoint_auth_signing_alg_values_supported'].include? 'RS384'
           supports_ES384 = config['token_endpoint_auth_signing_alg_values_supported'].include? 'ES384'
 
-          err_msg = '`token_endpoint_auth_signing_alg_values_supported` does not include values for `RS384` or `ES384`'
-          assert (supports_RS384 || supports_ES384), err_msg
+          assert (supports_RS384 || supports_ES384),
+          '`token_endpoint_auth_signing_alg_values_supported` does not include values for `RS384` or `ES384`'
         end
       end
     end

spec/bulk_data_test_kit/bulk_data_smart_discovery_v101_contents_test_spec.rb

@@ -9,15 +9,15 @@
   let(:correct_metadata) {
     {
       'token_endpoint' => 'https://example.org/auth/token',
-      'token_endpont_auth_methods_supported' => ['private_key_jwt'],
+      'token_endpoint_auth_methods_supported' => ['private_key_jwt'],
       'token_endpoint_auth_signing_alg_values_supported' => [ 'RS384', 'ES384' ],
       'scopes_supported' => ['system/*.read']
     }
   }
 
   let(:recommended_capabilities) {
     [
-      'token_endpont_auth_methods_supported',
+      'token_endpoint_auth_methods_supported',
       'token_endpoint_auth_signing_alg_values_supported',
       'scopes_supported'
     ]
@@ -81,4 +81,29 @@ def run(runnable, inputs = {})
       expect(result.result_message).to match(value)
     end
   end
+
+  it 'fails when recommended claims are present but have improper format' do
+    recommended_capabilities.each do |key|
+      metadata = correct_metadata.clone
+      # should be an array for all
+      metadata[key] = ''
+      result = run(runnable, well_known_configuration: JSON.generate(metadata))
+      expect(result.result).to eq('fail')
+      expect(result.result_message).to match(key)
+    end
+  end
+
+  it 'fails when token_endpoint_auth_methods_supported value is incorrect' do
+    correct_metadata['token_endpoint_auth_methods_supported'] = ['invalid']
+    result = run(runnable, well_known_configuration: JSON.generate(correct_metadata))
+    expect(result.result).to eq('fail')
+    expect(result.result_message).to match('private_key_jwt')
+  end
+
+  it 'fails when token_endpoint_auth_signing_alg_values_supported value is incorrect' do
+    correct_metadata['token_endpoint_auth_signing_alg_values_supported'] = ['invalid']
+    result = run(runnable, well_known_configuration: JSON.generate(correct_metadata))
+    expect(result.result).to eq('fail')
+    expect(result.result_message).to match('`RS384` or `ES384`')
+  end
 end