Hi Team,
Thank you for the quick response, We understood the above part.
Now we are trying to implement the functionality and got these doubts, please clarify.
1.
Test 3: Trusted dynamic client registration
After clicking Start, the client application retrieves metadata from the following FHIR server and performs UDAP Trusted Dynamic Client registration at its registration endpoint by submitting a software statement signed with the private key corresponding to the app's UDAP test certificate.
FHIR Base URL:
https://test.udap.org/fhir/r4/stage As per this above test case, we tried to retrieve the metadata with the well-known endpoint like
https://test.udap.org/fhir/r4/stage/.well-known/udap and we see response containing only below data:
{
"authorization_endpoint": "
https://test.udap.org/oauth/stage/authz",
"token_endpoint": "
https://test.udap.org/oauth/stage/token",
"registration_endpoint": "
https://test.udap.org/oauth/stage/register"
}
and but when we see the server metadata and Supported metadata elements (community may include)
for reference:
https://www.udap.org/udap-server-metadata.html we found that below fields are missing,
x5c
udap_versions_supported
udap_profiles_supported
udap_certifications_supported
udap_certifications_required
udap_authorization_extensions_supported
udap_authorization_extensions_required
grant_types_supported
scopes_supported
signed_endpoints - (If the server includes an authorization endpoint, token endpoint, or registration endpoint element its metadata,
then it SHOULD also include the signed_endpoints element as a signed JWT containing the following claims: iss, sub, exp, iat, jti, authorization_endpoint, token_endpoint, registration_endpoint)
token_endpoint_auth_methods_supported
token_endpoint_auth_signing_alg_values_supported
registration_endpoint_jwt_signing_alg_values_supported
So, our question here is -
1. Are we retrieving the proper well-known endpoint / is there any other endpoint hosted that provides the above details so to do the client side validation before making request to authorization, token or registration endpoint?
We understand that the server has the capability to define the optionality of the elements by not specifying but there are few fields which we may need, to proceed with the functionality and some are kind of mandatory like
udap_profiles_supported
grant_types_supported
scopes_supported
signed_endpoints
token_endpoint_auth_methods_supported
token_endpoint_auth_signing_alg_values_supported
registration_endpoint_jwt_signing_alg_values_supported
2. Test 5: Client Authentication using client_secret (authorization code flow)
After clicking Start, the client application redirects the user's agent to the authorization endpoint for the following FHIR server using the client_id obtained during manual registration, then exchanges the authorization code for an access token using the client_secret obtained during manual registration. Note: This test covers only basic OAuth 2.0 functionality for authorization code flow for apps that do not yet support UDAP Dynamic Client Registration or UDAP JWT-Based Client Authentication. If you do not already have a client_id and client_secret, click here to manually register your app.
FHIR Base URL:
https://test.udap.org/fhir/r4/stage Sign In Username: udapuser
Sign In Password: udapudap
Does this implementation requires for us as we are trying to support UDAP Dynamic Client Registration or UDAP JWT-Based Client Authentication?
Kindly provide the clarifications for the above mentioned queries.
Thank you,
Sandheep