diff --git a/src/Microsoft.Health.Fhir.Web/DevelopmentIdentityProviderConfiguration.cs b/src/Microsoft.Health.Fhir.Web/DevelopmentIdentityProviderConfiguration.cs
index ef7f478873..6f69f7198d 100644
--- a/src/Microsoft.Health.Fhir.Web/DevelopmentIdentityProviderConfiguration.cs
+++ b/src/Microsoft.Health.Fhir.Web/DevelopmentIdentityProviderConfiguration.cs
@@ -9,7 +9,7 @@ namespace Microsoft.Health.Fhir.Web
{
public class DevelopmentIdentityProviderConfiguration
{
- public const string Audience = "fhir-api";
+ public static string Audience { get; set; } = "fhir-api";
public bool Enabled { get; set; }
diff --git a/test/Microsoft.Health.Fhir.Tests.E2E/Common/AuthenticationScenarios.cs b/test/Microsoft.Health.Fhir.Tests.E2E/Common/AuthenticationScenarios.cs
deleted file mode 100644
index 000c59fc40..0000000000
--- a/test/Microsoft.Health.Fhir.Tests.E2E/Common/AuthenticationScenarios.cs
+++ /dev/null
@@ -1,30 +0,0 @@
-// -------------------------------------------------------------------------------------------------
-// Copyright (c) Microsoft Corporation. All rights reserved.
-// Licensed under the MIT License (MIT). See LICENSE in the repo root for license information.
-// -------------------------------------------------------------------------------------------------
-
-namespace Microsoft.Health.Fhir.Tests.E2E.Common
-{
- public enum AuthenticationScenarios
- {
- ///
- /// Represents a scenario when no auth(no username or password) is provided.
- ///
- NOAUTH,
-
- ///
- /// Represents a scenario when an invalid auth (wrong username or password) is provided.
- ///
- INVALIDAUTH,
-
- ///
- /// Represents a scenario when an valid auth is provided but wrong authority
- ///
- VALIDAUTHWRONGAUTHORITY,
-
- ///
- /// Represents a scenario when an valid auth is provided
- ///
- VALIDAUTH,
- }
-}
diff --git a/test/Microsoft.Health.Fhir.Tests.E2E/Common/FhirClient.cs b/test/Microsoft.Health.Fhir.Tests.E2E/Common/FhirClient.cs
index db219a169c..d1cbcc2b87 100644
--- a/test/Microsoft.Health.Fhir.Tests.E2E/Common/FhirClient.cs
+++ b/test/Microsoft.Health.Fhir.Tests.E2E/Common/FhirClient.cs
@@ -90,10 +90,10 @@ public async Task RunAsUser(TestUser user, TestApplication clientApplication)
await SetupAuthenticationAsync(clientApplication, user);
}
- public async Task RunAsClientApplication(TestApplication clientApplication, AuthenticationScenarios scenario = AuthenticationScenarios.VALIDAUTH)
+ public async Task RunAsClientApplication(TestApplication clientApplication)
{
EnsureArg.IsNotNull(clientApplication, nameof(clientApplication));
- await SetupAuthenticationAsync(clientApplication, null, scenario);
+ await SetupAuthenticationAsync(clientApplication, null);
}
public Task> CreateAsync(T resource)
@@ -268,12 +268,10 @@ private async Task> CreateResponseAsync(HttpResponseMessage r
string.IsNullOrWhiteSpace(content) ? null : (T)_deserialize(content));
}
- private async Task SetupAuthenticationAsync(TestApplication clientApplication, TestUser user = null, AuthenticationScenarios scnerio = AuthenticationScenarios.VALIDAUTH)
+ private async Task SetupAuthenticationAsync(TestApplication clientApplication, TestUser user = null)
{
await GetSecuritySettings("metadata");
- ConfigureSecuritySettings(scnerio);
-
if (SecuritySettings.SecurityEnabled)
{
var tokenKey = $"{clientApplication.ClientId}:{(user == null ? string.Empty : user.UserId)}";
@@ -287,24 +285,6 @@ private async Task SetupAuthenticationAsync(TestApplication clientApplication, T
}
}
- private void ConfigureSecuritySettings(AuthenticationScenarios authenticationscenario)
- {
- if (authenticationscenario == AuthenticationScenarios.NOAUTH)
- {
- SecuritySettings = (true, null, null);
- }
-
- if (authenticationscenario == AuthenticationScenarios.INVALIDAUTH)
- {
- SecuritySettings = (true, SecuritySettings.AuthorizeUrl, "invalidtoken");
- }
-
- if (authenticationscenario == AuthenticationScenarios.VALIDAUTHWRONGAUTHORITY)
- {
- SecuritySettings = (true, "invalidauthority", SecuritySettings.TokenUrl);
- }
- }
-
private async Task GetBearerToken(TestApplication clientApplication, TestUser user)
{
var formContent = new FormUrlEncodedContent(user == null ? GetAppSecuritySettings(clientApplication) : GetUserSecuritySettings(clientApplication, user));
@@ -317,10 +297,6 @@ private async Task GetBearerToken(TestApplication clientApplication, Tes
{
return tokenJson["access_token"].Value();
}
- else if (tokenJson["error"] != null)
- {
- return null;
- }
return null;
}
diff --git a/test/Microsoft.Health.Fhir.Tests.E2E/Rest/BasicAuthTests.cs b/test/Microsoft.Health.Fhir.Tests.E2E/Rest/BasicAuthTests.cs
index 2dabd6594d..881cea3758 100644
--- a/test/Microsoft.Health.Fhir.Tests.E2E/Rest/BasicAuthTests.cs
+++ b/test/Microsoft.Health.Fhir.Tests.E2E/Rest/BasicAuthTests.cs
@@ -24,6 +24,7 @@ public class BasicAuthTests : IClassFixture>
{
private const string ForbiddenMessage = "Forbidden: Authorization failed.";
private const string UnauthorizedMessage = "Unauthorized: Authentication failed.";
+ private const string Invalidtoken = "eyJhbGciOiJSUzI1NiIsImtpZCI6ImNmNWRmMGExNzY5ZWIzZTFkOGRiNWIxMGZiOWY3ZTk0IiwidHlwIjoiSldUIn0.eyJuYmYiOjE1NDQ2ODQ1NzEsImV4cCI6MTU0NDY4ODE3MSwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NDQzNDgiLCJhdWQiOlsiaHR0cHM6Ly9sb2NhbGhvc3Q6NDQzNDgvcmVzb3VyY2VzIiwiZmhpci1haSJdLCJjbGllbnRfaWQiOiJzZXJ2aWNlY2xpZW50Iiwicm9sZXMiOiJhZG1pbiIsImFwcGlkIjoic2VydmljZWNsaWVudCIsInNjb3BlIjpbImZoaXItYWkiXX0.SKSvy6Jxzwsv1ZSi0PO4Pdq6QDZ6mBJIRxUPgoPlz2JpiB6GMXu5u0n1IpS6zOXihGkGhegjtcqj-6TKE6Ou5uhQ0VTnmf-NxcYKFl48aDihcGem--qa2V8GC7na549Ctj1PLXoYUbovV4LB27Kj3X83sZVnWdHqg_G0AKo4xm7hr23VUvJ1D73lEcYaGd5K9GXHNgUrJO5v288y0uCXZ5ByNDJ-K6Xi7_68dLdshlIiHaeIBuC3rhchSf2hdglkQgOyo4g4gT_HfKjwdrrpGzepNXOPQEwtUs_o2uriXAd7FfbL_Q4ORiDWPXkmwBXqo7uUfg-2SnT3DApc3PuA0";
public BasicAuthTests(HttpIntegrationTestFixture fixture)
{
@@ -105,23 +106,6 @@ async Task ExecuteAndValidateNotFoundStatus(Func action)
}
}
- [Fact]
- [Trait(Traits.Priority, Priority.One)]
- public async Task WhenGettingAResource_GivenAUserWithReadPermissions_TheServerShouldReturnSuccess()
- {
- await Client.RunAsClientApplication(TestApplications.ServiceClient);
- Observation createdResource = await Client.CreateAsync(Samples.GetDefaultObservation());
-
- await Client.RunAsUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
- FhirResponse readResponse = await Client.ReadAsync(ResourceType.Observation, createdResource.Id);
-
- Observation readResource = readResponse.Resource;
-
- Assert.Equal(createdResource.Id, readResource.Id);
- Assert.Equal(createdResource.Meta.VersionId, readResource.Meta.VersionId);
- Assert.Equal(createdResource.Meta.LastUpdated, readResource.Meta.LastUpdated);
- }
-
[Fact]
[Trait(Traits.Priority, Priority.One)]
public async Task WhenUpdatingAResource_GivenAUserWithUpdatePermissions_TheServerShouldReturnSuccess()
@@ -144,9 +128,9 @@ public async Task WhenUpdatingAResource_GivenAUserWithUpdatePermissions_TheServe
[Fact]
[Trait(Traits.Priority, Priority.One)]
- public async Task WhenGettingAResource_GivenAUserWithNoAuthToken_TheServerShouldReturnUnAuthorized()
+ public async Task WhenGettingAResource_GivenAClientWithNoAuthToken_TheServerShouldReturnUnAuthorized()
{
- await Client.RunAsClientApplication(TestApplications.NativeClient, AuthenticationScenarios.NOAUTH);
+ await Client.RunAsClientApplication(TestApplications.InvalidClient);
FhirException fhirException = await Assert.ThrowsAsync(async () => await Client.CreateAsync(Samples.GetDefaultObservation()));
Assert.Equal(UnauthorizedMessage, fhirException.Message);
@@ -155,9 +139,10 @@ public async Task WhenGettingAResource_GivenAUserWithNoAuthToken_TheServerShould
[Fact]
[Trait(Traits.Priority, Priority.One)]
- public async Task WhenGettingAResource_GivenAUserWithInvalidAuthToken_TheServerShouldReturnUnAuthorized()
+ public async Task WhenGettingAResource_GivenAClientWithInvalidAuthToken_TheServerShouldReturnUnAuthorized()
{
- await Client.RunAsClientApplication(TestApplications.InvalidClient, AuthenticationScenarios.INVALIDAUTH);
+ await Client.RunAsClientApplication(TestApplications.ServiceClient);
+ Client.HttpClient.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", Invalidtoken);
FhirException fhirException = await Assert.ThrowsAsync(async () => await Client.CreateAsync(Samples.GetDefaultObservation()));
Assert.Equal(UnauthorizedMessage, fhirException.Message);
Assert.Equal(HttpStatusCode.Unauthorized, fhirException.StatusCode);
@@ -165,9 +150,27 @@ public async Task WhenGettingAResource_GivenAUserWithInvalidAuthToken_TheServerS
[Fact]
[Trait(Traits.Priority, Priority.One)]
- public async Task WhenGettingAResource_GivenAUserWithValidAuthTokenWrongAuthority_TheServerShouldReturnUnAuthorized()
+ public async Task WhenGettingAResource_GivenAUserWithReadPermissions_TheServerShouldReturnSuccess()
+ {
+ await Client.RunAsClientApplication(TestApplications.ServiceClient);
+ Observation createdResource = await Client.CreateAsync(Samples.GetDefaultObservation());
+
+ await Client.RunAsUser(TestUsers.ReadOnlyUser, TestApplications.NativeClient);
+ FhirResponse readResponse = await Client.ReadAsync(ResourceType.Observation, createdResource.Id);
+
+ Observation readResource = readResponse.Resource;
+
+ Assert.Equal(createdResource.Id, readResource.Id);
+ Assert.Equal(createdResource.Meta.VersionId, readResource.Meta.VersionId);
+ Assert.Equal(createdResource.Meta.LastUpdated, readResource.Meta.LastUpdated);
+ }
+
+ [Fact]
+ [Trait(Traits.Priority, Priority.One)]
+ public async Task WhenGettingAResource_GivenAClientWithWrongAudienceAuthToken_TheServerShouldReturnUnAuthorized()
{
- await Client.RunAsClientApplication(TestApplications.NativeClient, AuthenticationScenarios.VALIDAUTHWRONGAUTHORITY);
+ DevelopmentIdentityProviderConfiguration.Audience = "fhir-ai";
+ await Client.RunAsClientApplication(TestApplications.NativeClient);
FhirException fhirException = await Assert.ThrowsAsync(async () => await Client.CreateAsync(Samples.GetDefaultObservation()));
Assert.Equal(UnauthorizedMessage, fhirException.Message);
Assert.Equal(HttpStatusCode.Unauthorized, fhirException.StatusCode);