Stream: implementers
Topic: Security Testing on Crucible
kler (Dec 19 2016 at 15:57):
can anyone tell how to setup security testing on Crucible ???
Jason Walonoski (Jan 04 2017 at 16:13):
You need to start by declaring security in your CapabilityStatement (or Conformance in DSTU2).
Jason Walonoski (Jan 04 2017 at 16:15):
For example, see https://fhir-api-dstu2.smarthealthit.org/metadata
Jason Walonoski (Jan 04 2017 at 16:17):
In order for Crucible to authenticate with your server, your server must return a conformance statement (at /metadata) containing the OAuth2 endpoints. Unless your server does that, we do not provide the dialog box where you can enter your OAuth2 credentials.
Jason Walonoski (Jan 04 2017 at 16:17):
Also, there is a Crucible stream.
Abbie Watson (Jan 04 2017 at 18:18):
Ah, thank you. That bit of context really helps.
Something I'm not entirely clear on... is Crucible testing the Argonaut implementations? Or does it just assume you've gotten past Argonaut Sprint 1 and 2, and is testing general FHIR conformance?
Jason Walonoski (Jan 04 2017 at 18:27):
Crucible was/is involved in the Argonauts implementation program. We have a number of Argonauts tests on our DSTU2 server, and are working on new ones... but we do not currently have OAuth2-only tests. The Argonaut tests focus on the Argonaut use-cases, and rely on the security layer being implemented correctly. Lots of people have pointed out to us that we could do this a better way... until we get there, we take pull requests. :)
Last updated: Apr 12 2022 at 19:14 UTC
