Advanced Testing
azuma mimoto provides advanced testing capabilities for the gematik IDP, including:
- User selection
- Scope selection (essentially allowing to test scope decline cases)
- Health-ID override
- ...
Advanced testing capabilities are currently available on the TU and RU environments for the Web-Flow and can be used via API.
Web-Flow: Enable advanced testing
To enabled advanced testing, the following query parameter needs to be included in the initial auth call:
gematik_show_testing_ui=true
The auth URL should look like this:
https://mimoto-test.pie.azuma-health.tech/connect/auth
?client_id=*your application id*
&redirect_uri=*your redirect url*
&response_type=code
&scope=*your requested scopes*
&state=*your state*
&code_challenge=*your code challenge*
&code_challenge_method=S256
&response_mode=query
&gematik_show_testing_ui=true
Hint
You can navigate to https://mimoto-react-examples.azuma-health.tech/oidc-live and use the button: Login in (With testing UI).
Web-Flow: Advanced testing UI
Once enabled, the idp selection page will include the following block:
Parameters
- Login User: The user, which should be logged in, can be selected here. The list contains pre-defined users that are available in the gematik IDP.
- Selected Scopes: Scopes, that should be declined, can be deselected here. E.g.: if email should not be returned in the ID token, the scope
urn:telematik:emailshould be deselected. - Scope Decline Mode:
- Remove claims (
RemoveClaims): Claims, that belong to declined scopes, will be completely removed from ID token. - Add empty claims (
AddEmptyClaims): Claims, that belong to declined scopes, will be added with empty value to ID token.
- Remove claims (
- Granted Scope Mode: Specifies, how the
scopeclaim of theAccess Tokenis populated- Include all requested scopes (
IncludeAllRequested): All the initially requested scopes are added to thescopeclaim - Only include selected scopes (
IncludeOnlySelected): Only the scopes selected above are included in thescopeclaim
- Include all requested scopes (
- Override Health-ID: This can be used to override the health ID to the provided value.
Using the API
In testing scenarios, it might be reasonable to start the auth call via API while providing certain test parameters. The mentioned testing parameters above can be provided in the auth call as follows:
- Login User (once): gematik_login_user
- Selected Scopes (per selected scope): gematik_selected_scopes
- Scope Decline Mode (once): gematik_scope_decline_mode with values RemoveClaims or AddEmptyClaims
- Override Health-ID (once): gematik_override_health_id
The overall request should look like this:
https://mimoto-test.pie.azuma-health.tech/connect/auth
?client_id=*your application id*
&redirect_uri=*your redirect url*
&response_type=code
&scope=*your requested scopes*
&state=*your state*
&code_challenge=*your code challenge*
&code_challenge_method=S256
&response_mode=query
&gematik_enable_testing=true
&provider=https://gsi.dev.gematik.solutions
&gematik_login_user=*value*
&gematik_selected_scopes=*value*
&gematik_selected_scopes=*value*
&gematik_scope_decline_mode=*value*
&gematik_override_health_id=*value*
&gematik_granted_scope_mode=*value*
Example 1
Login User 'C420797644' and accept only scope urn:telematik:email while requesting all available scopes.
This would remove claims from all other scopes from the ID token.
https://mimoto-test.pie.azuma-health.tech/connect/auth
?client_id=*your application id*
&redirect_uri=*your redirect url*
&response_type=code
&scope=urn:telematik:alter urn:telematik:display_name urn:telematik:email urn:telematik:geschlecht urn:telematik:geburtsdatum urn:telematik:given_name urn:telematik:versicherter openid
&state=*your state*
&code_challenge=*your code challenge*
&code_challenge_method=S256
&response_mode=query
&gematik_enable_testing=true
&provider=https://gsi.dev.gematik.solutions
&gematik_enable_testing=true
&gematik_login_user=C420797644
&gematik_scope_decline_mode=RemoveClaims
&gematik_selected_scopes=openid
&gematik_selected_scopes=urn:telematik:email
Example 2
Login User 'C420797644' and accept only scope urn:telematik:versicherter while requesting all available scopes.
This would add claims from all other scopes with empty value in ID token.
https://mimoto-test.pie.azuma-health.tech/connect/auth
?client_id=*your application id*
&redirect_uri=*your redirect url*
&response_type=code
&scope=urn:telematik:alter urn:telematik:display_name urn:telematik:email urn:telematik:geschlecht urn:telematik:geburtsdatum urn:telematik:given_name urn:telematik:versicherter openid
&state=*your state*
&code_challenge=*your code challenge*
&code_challenge_method=S256
&response_mode=query
&gematik_enable_testing=true
&provider=https://gsi.dev.gematik.solutions
&gematik_enable_testing=true
&gematik_login_user=C420797644
&gematik_scope_decline_mode=AddEmptyClaims
&gematik_selected_scopes=openid
&gematik_selected_scopes=urn:telematik:versicherter
Example 3
Login User 'C420797644' and accept scopes urn:telematik:email and urn:telematik:versicherter while requesting all available scopes.
Override Health-ID with value "ABC-Test-1".
https://mimoto-test.pie.azuma-health.tech/connect/auth
?client_id=*your application id*
&redirect_uri=*your redirect url*
&response_type=code
&scope=urn:telematik:alter urn:telematik:display_name urn:telematik:email urn:telematik:geschlecht urn:telematik:geburtsdatum urn:telematik:given_name urn:telematik:versicherter openid
&state=*your state*
&code_challenge=*your code challenge*
&code_challenge_method=S256
&response_mode=query
&gematik_enable_testing=true
&provider=https://gsi.dev.gematik.solutions
&gematik_login_user=C420797644
&gematik_selected_scopes=openid
&gematik_selected_scopes=urn:telematik:email
&gematik_selected_scopes=urn:telematik:versicherter
&gematik_scope_decline_mode=RemoveClaims
&gematik_override_health_id=ABC-Test-1
Example 4
Login User 'C420797644' and accept scopes urn:telematik:email and urn:telematik:versicherter while requesting all available scopes.
Also define that the scopes in Access Token should be adjusted to only include the requested scopes.
https://mimoto-test.pie.azuma-health.tech/connect/auth
?client_id=*your application id*
&redirect_uri=*your redirect url*
&response_type=code
&scope=urn:telematik:alter urn:telematik:display_name urn:telematik:email urn:telematik:geschlecht urn:telematik:geburtsdatum urn:telematik:given_name urn:telematik:versicherter openid
&state=*your state*
&code_challenge=*your code challenge*
&code_challenge_method=S256
&response_mode=query
&gematik_enable_testing=true
&provider=https://gsi.dev.gematik.solutions
&gematik_login_user=C420797644
&gematik_selected_scopes=openid
&gematik_selected_scopes=urn:telematik:email
&gematik_selected_scopes=urn:telematik:versicherter
&gematik_scope_decline_mode=RemoveClaims
&gematik_override_health_id=ABC-Test-1
&gematik_granted_scope_mode=IncludeOnlySelected
Available Users
| Name | Health ID |
|---|---|
| Addi Gürschner | C420797644 |
| Adelajda Fedel | V505397572 |
| Alanis Bárbara Blübaum | H981445495 |
| Annalise Baeyer | Y279331465 |
| Anniko Lorch | E486966747 |
| Antje Dürrwächter | C281555914 |
| Anton Winch | W767484198 |
| Axel Wilhelm Raimund Uhlenberg | O556653626 |
| Beat Bourbon | T647210096 |
| Benedict Wansing | S453483601 |
| Berchtold Görtz-Wrisberg | J671009960 |
| Bertrand von dem Busche | A100194532 |
| Burim Geizkofler | V681583552 |
| Carola Stendel | X243401984 |
| Celestyn Schickinger | M651641450 |
| Cerstin von Brandenstein | V011369855 |
| Charlotta Lattuada | I467763424 |
| Claudius Höttl | N040297356 |
| Damaris R. Labbadia | B682829226 |
| Darius Michael Brian Ubbo Graf von Bödefeld | X110411675 |
| Dieprand Edwards | I717558212 |
| Dietmar-Maria Budař | Y587922237 |
| Ditte Weitzenböck | P179293935 |
| Dorine Erner | B055779705 |
| Edmund Moning | G443503373 |
| Eileen Dettmers | I000685456 |
| Eniola Opocensky | T957299849 |
| Eren Krückels | Y562679679 |
| Ernie Eickelberg | V543033396 |
| Eugenius Reuth | F775922314 |
| Farah Anding | L102540839 |
| Ferdinande Castan | V201219304 |
| Filomena Obermöller | V251504960 |
| Fiorina Friederici | U449298563 |
| Flockina Klüwer | R393432004 |
| Fridtjof Schrader | H898891259 |
| Gunna Tatge | L338249596 |
| Göran Kreppel | F173976800 |
| Hannah-Lene Gottschlag | H697855490 |
| Hildur Fürsich | O018753329 |
| Hiếu Breitschuh | W425928742 |
| Imagina Handt | D162565246 |
| Iradj von Hattstein | E970401241 |
| James Eschebach | H326802335 |
| Jan Kaempfer | L066580827 |
| Janina Blaum | F635889268 |
| Jenni van der Berge | D700912919 |
| Joe Scharfenorth | E713244682 |
| Johann Peter Abramowitsch | V641677631 |
| Joris Eidams | P465620101 |
| Juan Sebastián Kijewski | E989497319 |
| Jules Seeckt | G839948921 |
| Karl-August Oehmen | W215342166 |
| Karyn Friderich | R302790016 |
| Kay Kalt | N450568028 |
| Kerstin Dincer | Y878467646 |
| Kim Hölder | V093547110 |
| Kreszentia Tramp | W407506186 |
| Kristina Hohoff | C638490876 |
| Kübra Brockdorff | O354567460 |
| Laurence Furkel | H398359331 |
| Lipót Wehrenberg | I787698582 |
| Liva Lubitsch | G049950594 |
| Loraine Jaks | Z082897408 |
| Magda Cain | F553092323 |
| Margarita Schwentke | D511048530 |
| Margriet Hitzing | Z129727266 |
| Marguerite Ambacher | Q952468482 |
| Marielle Raffington | I669655261 |
| Massimiliano Wessinghage | K162056938 |
| Metin Urfer | S382572116 |
| Mimi Zähler | U775088890 |
| Mohammed Dominé | Q166734172 |
| Nanette Berkemeier | O384255999 |
| Nick Mross | T760585825 |
| Nola Sklenar | Q540409950 |
| Olcay Kilian Mazingu | V302252880 |
| Paul-Werner Aslan Börner | Y581099432 |
| Peter-Heinz Matthaei | P902003565 |
| Phylicia Roedelheim | I840077700 |
| Pál Koke | T592799570 |
| Ricki Braunbeck | Z176485411 |
| Roswitha Feldmüller | B607260519 |
| S. Neda Edmond | K415576841 |
| Sandeep Keuning | J023079864 |
| Scarlet Monika Fauth | B622820700 |
| Szymon Hollwitz | E148859906 |
| Sébastien Zinner | J828745426 |
| Tanya Zade | X109219665 |
| Thankmar Niggeloh | R750102860 |
| Thorn Schetelich | Y140780380 |
| Toussaint Wieluch | K426342988 |
| Trajan Jammal | Q182922837 |
| Ulrike Eliane Ransbach | V244746635 |
| Valer Klaschka | P815185267 |
| Vitalis Erdle | P013510749 |
| Vitaly Zeitlhofer | P262640443 |
| Yannick Mederow | Z991878026 |
| Yaroslav Passy | H253024330 |
| Zofia Geers | J817104093 |
| İlkay Paul-Henri Steinhaeusser | Q667805971 |