Walk back the claims in WellKnown smart-configuration

I also moved the keystore config back into server.xml to fix warnings
generated by tools that aren't dropinConfig-aware.

Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>

fhir-server/liberty-config/configDropins/defaults/keystore.xml

@@ -1,4 +1,4 @@
-<server>
-    <keyStore id="defaultKeyStore" location="${server.output.dir}/resources/security/fhirKeyStore.p12" password="change-password"/>
-    <keyStore id="defaultTrustStore" location="${server.output.dir}/resources/security/fhirTrustStore.p12" password="change-password"/>
+<server description="fhir-server">
+    <!-- This empty config file is here to prevent the openliberty docker.ci from generating a new keystore. -->
+    <!-- The ssl config, along with the keystore and truststore config, are defined in the main server.xml -->
 </server>

fhir-server/liberty-config/configDropins/disabled/cors.xml

@@ -1,4 +1,4 @@
-<server>
+<server description="fhir-server">
     <!-- Enable CORS (Cross Origin Resource Sharing) -->
     <cors allowCredentials="true" allowedMethods="GET, PUT, POST"
         allowedHeaders="Content-Type, Authorization, Accept, Origin"

fhir-server/liberty-config/server.xml

@@ -28,6 +28,8 @@
 
     <!-- IBM FHIR Server's keystore and truststore configuration -->
     <ssl id="defaultSSLConfig" keyStoreRef="defaultKeyStore" trustStoreRef="defaultTrustStore" clientAuthenticationSupported="true" sslProtocol="TLSv1.2"/>
+    <keyStore id="defaultKeyStore" location="${server.output.dir}/resources/security/fhirKeyStore.p12" password="change-password"/>
+    <keyStore id="defaultTrustStore" location="${server.output.dir}/resources/security/fhirTrustStore.p12" password="change-password"/>
 
     <!-- This entry defines the ports that the server will listen on.
         By default, the httpPort is disabled (set to "-1").

fhir-server/src/main/java/com/ibm/fhir/server/resources/WellKnown.java

@@ -100,13 +100,14 @@ private JsonObject buildSmartConfig() throws Exception {
                 .add("authorization_endpoint", authURL) // required
                 .add("token_endpoint", tokenURL) // required
                 .add("scopes_supported", Json.createArrayBuilder() // recommended
-                    .add("launch")
-                    .add("launch/patient")
-                    .add("offline_access")
                     .add("openid")
                     .add("profile")
-                    .add("user/*.*")
-                    .add("patient/*.*")
+                    .add("offline_access")
+                    // TODO
+//                    .add("launch")
+//                    .add("launch/patient")
+//                    .add("user/*.*")
+//                    .add("patient/*.*")
                     .build())
                 .add("response_types", Json.createArrayBuilder() // recommended
                     .add("code")
@@ -117,11 +118,12 @@ private JsonObject buildSmartConfig() throws Exception {
                     .add("launch-standalone")
                     .add("client-public")
                     .add("client-confidential-symmetric")
-                    .add("context-standalone-patient")
-                    .add("context-standalone-encounter")
-                    .add("permission-user")
-                    .add("permission-patient")
                     .add("permission-offline")
+                    // TODO
+//                    .add("context-standalone-patient")
+//                    .add("context-standalone-encounter")
+//                    .add("permission-user")
+//                    .add("permission-patient")
                     .build())
 // management_endpoint: RECOMMENDED, URL where an end-user can view which applications currently have access to data and can make adjustments to these access rights.
 // introspection_endpoint : RECOMMENDED, URL to a server’s introspection endpoint that can be used to validate a token.