FHIR Chat · Inferno / bdt test error for Auth-01.0.0 and Auth-01.0.1 · bulk data

Stream: bulk data

Topic: Inferno / bdt test error for Auth-01.0.0 and Auth-01.0.1

view this post on Zulip Lee Surprenant (Jan 11 2022 at 20:29):

I think we had discussed this one at the last connectathon, but unfortunately I didn't open any thread / issue to track it.
Our server implementation is failing the following two tests from the inferno (community edition) Bulk Data Test:

  • Auth-01.0.0: Kick-off request at the system-level export endpoint requires authorization header
  • Auth-01.0.1: Kick-off request at the system-level export endpoint rejects invalid token

In both cases, our auth layer is intercepting the call and rejecting the invalid request with a response code of 401 and no body.
I believe that behavior should be valid (and I think folks agreed in september), but I'm hoping to follow up on that and make a specific change request this time around (so that I don't forget and then re-discover it next connectathon).

view this post on Zulip Lee Surprenant (Jan 11 2022 at 20:33):

For Auth-01.0.0, we are failing with this messages:

Error: In case of error, the response body must be an OperationOutcome Expected the request to return an OperationOutcome but the response has no body.

The server does not respond with JSON regardless of the accept header! Error: the server must reply with JSON content-type header (application/json, application/json+fhir or application/fhir+json).

But I don't think the Content-Type header matters much when we return an empty response.

view this post on Zulip Lee Surprenant (Jan 11 2022 at 20:33):

For Auth-01.0.1, we are failing with this message:

Error: In case of error, the response body must be an OperationOutcome Expected the request to return an OperationOutcome but the response has no body.

 The server does not respond with JSON regardless of the accept header!

view this post on Zulip Lee Surprenant (Jan 11 2022 at 20:34):

Do we agree that servers are allowed to return a 401 with an empty body for unauthorized $export requests (instead of always returning an OperationOutcome)?
I think that was asserted in the bulk data v2 timeframe, but not sure if this clarification ever made it into the spec or not...

view this post on Zulip Lee Surprenant (Jan 11 2022 at 20:39):

ok, I think I tracked down the specific clarification I was thinking of: https://github.com/HL7/bulk-data/pull/94/files
so I think we just need advice on where to open this issue / how to help progress it along

view this post on Zulip Dan Gottlieb (Jan 11 2022 at 22:04):

Yup, agree that this behavior is in line with the v2 requirements. Can you open an issue at https://github.com/smart-on-fhir/bdt ?

view this post on Zulip Lee Surprenant (Jan 12 2022 at 00:15):

actually, it looks like vlad already fixed this one in bdt: https://github.com/smart-on-fhir/bdt/issues/7
so i guess we just need inferno to pick up an updated version.

view this post on Zulip Lee Surprenant (Jan 12 2022 at 01:19):

I opened https://github.com/onc-healthit/inferno/issues/592 for it

view this post on Zulip Yunwei Wang (Jan 12 2022 at 01:50):

I admit that our Inferno community edition is kinda fall behind because we are so focused to get program edition done.

Last updated: Apr 12 2022 at 19:14 UTC


An HL7 Website -