udap_security_test_kit 0.11.5 → 0.12.0

data/lib/udap_security_test_kit/visual_inspection_and_attestation/server/metadata_server_capabilities_group/udap_metadata_representation_test.rb

@@ -0,0 +1,42 @@
+module UDAPSecurityTestKit
+  class UDAPMetadataRepresentationAttestationTest < Inferno::Test
+    title 'Represents server capabilities correctly'
+    id :udap_security_metadata_representation
+    description %(
+      Server's UDAP metadata endpoint correctly represents the server’s capabilities with respect to the UDAP
+      workflows described in the guide.
+    )
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@18'
+
+    input :udap_metadata_representation_correct,
+          title: 'UDAP Metadata and Server Capabilities: Represents server capabilities correctly',
+          description: %(
+            I attest that the server's UDAP metadata endpoint correctly represents the server’s capabilities with
+            respect to the UDAP workflows described in the guide.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              {
+                label: 'Yes',
+                value: 'true'
+              },
+              {
+                label: 'No',
+                value: 'false'
+              }
+            ]
+          }
+    input :udap_metadata_representation_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
+
+    run do
+      assert udap_metadata_representation_correct == 'true',
+             'Server metadata does not correctly represent the server’s capabilities with respect to UDAP workflows.'
+      pass udap_metadata_representation_note if udap_metadata_representation_note.present?
+    end
+  end
+end

data/lib/udap_security_test_kit/visual_inspection_and_attestation/server/metadata_server_capabilities_group/udap_profiles_supported_test.rb

@@ -0,0 +1,43 @@
+module UDAPSecurityTestKit
+  class UDAPProfilesSupportedAttestationTest < Inferno::Test
+    title 'Includes supported profiles'
+    id :udap_security_profiles_supported
+    description %(
+      Server's UDAP metadata includes the `udap_profiles_supported` element with `udap_to` if the
+      server supports the user authentication workflow described in Section 6.
+    )
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@27'
+
+    input :udap_profiles_supported_correct,
+          title: 'UDAP Metadata and Server Capabilities: Includes supported profiles',
+          description: %(
+            I attest that the server's UDAP metadata includes the `udap_profiles_supported` element with `udap_to`
+            if the server supports the user authentication workflow described in Section 6.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              {
+                label: 'Yes',
+                value: 'true'
+              },
+              {
+                label: 'No',
+                value: 'false'
+              }
+            ]
+          }
+    input :udap_profiles_supported_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
+
+    run do
+      assert udap_profiles_supported_correct == 'true',
+             'Server metadata does not include the `udap_profiles_supported` element with `udap_to` for UDAP
+             Tiered OAuth for User Authentication.'
+      pass udap_profiles_supported_note if udap_profiles_supported_note.present?
+    end
+  end
+end

data/lib/udap_security_test_kit/visual_inspection_and_attestation/server/metadata_server_capabilities_group.rb

@@ -0,0 +1,19 @@
+require_relative 'metadata_server_capabilities_group/udap_authorization_extensions_required_test'
+require_relative 'metadata_server_capabilities_group/udap_community_parameter_support_test'
+require_relative 'metadata_server_capabilities_group/udap_metadata_endpoint_error_handling_test'
+require_relative 'metadata_server_capabilities_group/udap_metadata_representation_test'
+require_relative 'metadata_server_capabilities_group/udap_profiles_supported_test'
+
+module UDAPSecurityTestKit
+  class MetadataServerCapabilitiesAttestationGroup < Inferno::TestGroup
+    id :udap_server_v100_metadata_server_capabilities_group
+    title 'UDAP Metadata and Server Capabilities'
+
+    run_as_group
+    test from: :udap_security_authorization_extensions_required
+    test from: :udap_security_community_parameter_support
+    test from: :udap_security_metadata_error_handling
+    test from: :udap_security_metadata_representation
+    test from: :udap_security_profiles_supported
+  end
+end

data/lib/udap_security_test_kit/visual_inspection_and_attestation/server/security_measures_group/csrf_protection_test.rb

@@ -0,0 +1,49 @@
+module UDAPSecurityTestKit
+  class CSRFProtectionAttestationTest < Inferno::Test
+    title 'Implements CSRF and Clickjacking protection'
+    id :udap_security_csrf_protection
+    description %(
+      Authorization Server implements CSRF and Clickjacking protection as
+      described in [RFC6749](https://openid.net/specs/openid-connect-core-1_0.html#RFC6749),
+      including:
+      - Use of anti-CSRF tokens.
+      - Validation of `state` parameter to prevent cross-site request forgery.
+    )
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@278',
+                          'hl7.fhir.us.udap-security_1.0.0@269'
+
+    input :csrf_protection_implemented,
+          title: 'Security Measures: Implements CSRF and Clickjacking protection',
+          description: %(
+            I attest that the Authorization Server implements CSRF and Clickjacking protection as
+            described in [RFC6749](https://openid.net/specs/openid-connect-core-1_0.html#RFC6749),
+            including:
+            - Use of anti-CSRF tokens.
+            - Validation of `state` parameter to prevent cross-site request forgery.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              {
+                label: 'Yes',
+                value: 'true'
+              },
+              {
+                label: 'No',
+                value: 'false'
+              }
+            ]
+          }
+    input :csrf_protection_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
+
+    run do
+      assert csrf_protection_implemented == 'true',
+             'Authorization Server does not implement CSRF protection as described in RFC6749.'
+      pass csrf_protection_note if csrf_protection_note.present?
+    end
+  end
+end

data/lib/udap_security_test_kit/visual_inspection_and_attestation/server/security_measures_group/obtain_authorization_scopes_test.rb

@@ -0,0 +1,44 @@
+module UDAPSecurityTestKit
+  class ObtainAuthorizationScopesAttestationTest < Inferno::Test
+    title 'Obtains user authorization for requested scopes'
+    id :udap_security_user_authorization
+    description %(
+      Resource Holder, after mapping the authenticated user, obtains authorization from the user for the scopes
+      requested by the client app, if such authorization is required, as per Section [4.5 of UDAP Tiered OAuth](https://www.udap.org/udap-user-auth-stu1.html),
+      returning to the workflow defined in [Section 4.1](https://hl7.org/fhir/us/udap-security/STU1/consumer.html#obtaining-an-authorization-code)
+      or [Section 5.1](https://hl7.org/fhir/us/udap-security/STU1/b2b.html#obtaining-an-authorization-code) of this
+      guide, for consumer-facing or B2B apps, respectively.
+    )
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@297'
+
+    input :user_authorization_correct,
+          title: 'Security Measures: Obtains user authorization for requested scopes',
+          description: %(
+            I attest that the Resource Holder, after mapping the authenticated user, obtains authorization from the
+            user for the scopes requested by the client app, if such authorization is required, as per Section
+            [4.5 of UDAP Tiered OAuth](https://www.udap.org/udap-user-auth-stu1.html), returning to the workflow
+            defined in [Section 4.1](https://hl7.org/fhir/us/udap-security/STU1/consumer.html#obtaining-an-authorization-code)
+            or [Section 5.1](https://hl7.org/fhir/us/udap-security/STU1/b2b.html#obtaining-an-authorization-code) of
+            this guide, for consumer-facing or B2B apps, respectively.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              { label: 'Yes', value: 'true' },
+              { label: 'No', value: 'false' }
+            ]
+          }
+    input :user_authorization_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
+
+    run do
+      assert user_authorization_correct == 'true',
+             'Resource Holder does not obtain user authorization for the requested scopes after mapping the
+              authenticated user.'
+      pass user_authorization_note if user_authorization_note.present?
+    end
+  end
+end

data/lib/udap_security_test_kit/visual_inspection_and_attestation/server/security_measures_group/state_parameter_test.rb

@@ -0,0 +1,48 @@
+module UDAPSecurityTestKit
+  class StateParameterAttestationTest < Inferno::Test
+    title 'Manages state parameter securely'
+    id :udap_security_state_parameter_management
+    description %(
+      The Resource Holder:
+      - Generates its own random value for the state parameter (does not reuse the value provided by the Client App).
+      - Validates that the value of the state parameter in the query string matches the value it generated when the
+        user is redirected back from the IdP.
+      - Validates the value of the state parameter when receiving an error response from the IdP.
+    )
+    verifies_requirements(
+      'hl7.fhir.us.udap-security_1.0.0@254',
+      'hl7.fhir.us.udap-security_1.0.0@255',
+      'hl7.fhir.us.udap-security_1.0.0@270',
+      'hl7.fhir.us.udap-security_1.0.0@272'
+    )
+
+    input :state_parameter_management_correct,
+          title: 'Security Measures: Manages state parameter securely',
+          description: %(
+            I attest that the Resource Holder:
+            - Generates its own random value for the state parameter and does not reuse the value provided by the
+              Client App.
+            - Validates that the value of the state parameter in the query string matches the value it generated
+              when the user is redirected back from the IdP.
+            - Validates the value of the state parameter when receiving an error response from the IdP.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              { label: 'Yes', value: 'true' },
+              { label: 'No', value: 'false' }
+            ]
+          }
+    input :state_parameter_management_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
+
+    run do
+      assert state_parameter_management_correct == 'true',
+             'Resource Holder does not properly generate or validate the state parameter as required.'
+      pass state_parameter_management_note if state_parameter_management_note.present?
+    end
+  end
+end

data/lib/udap_security_test_kit/visual_inspection_and_attestation/server/security_measures_group/unauthenticated_client_security_test.rb

@@ -0,0 +1,47 @@
+module UDAPSecurityTestKit
+  class UnauthenticatedClientSecurityAttestationTest < Inferno::Test
+    title 'Considers security measures for unauthenticated clients'
+    id :udap_security_unauthenticated_clients
+    description %(
+        I attest that the Authorization Server considers security implications when interacting with unauthenticated
+        clients, including:
+        - Restricting access to sensitive endpoints.
+        - Implementing rate limiting or other protective measures.
+    )
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@288'
+
+    input :unauthenticated_client_security_measures,
+          title: 'Security Measures: Considers security measures for unauthenticated clients',
+          description: %(
+            I attest that the Authorization Server considers security implications when interacting with unauthenticated
+            clients, including:
+            - Restricting access to sensitive endpoints.
+            - Implementing rate limiting or other protective measures.
+          ),
+          type: 'radio',
+          default: 'false',
+          options: {
+            list_options: [
+              {
+                label: 'Yes',
+                value: 'true'
+              },
+              {
+                label: 'No',
+                value: 'false'
+              }
+            ]
+          }
+    input :unauthenticated_client_security_note,
+          title: 'Notes, if applicable:',
+          type: 'textarea',
+          optional: true
+
+    run do
+      assert unauthenticated_client_security_measures == 'true',
+             'Authorization Server does not consider security implications when interacting with unauthenticated
+              clients.'
+      pass unauthenticated_client_security_note if unauthenticated_client_security_note.present?
+    end
+  end
+end

data/lib/udap_security_test_kit/visual_inspection_and_attestation/server/security_measures_group.rb

@@ -0,0 +1,17 @@
+require_relative 'security_measures_group/csrf_protection_test'
+require_relative 'security_measures_group/state_parameter_test'
+require_relative 'security_measures_group/obtain_authorization_scopes_test'
+require_relative 'security_measures_group/unauthenticated_client_security_test'
+
+module UDAPSecurityTestKit
+  class SecurityMeasuresAttestationGroup < Inferno::TestGroup
+    id :udap_server_v100_security_measures_group
+    title 'Security Measures'
+
+    run_as_group
+    test from: :udap_security_csrf_protection
+    test from: :udap_security_state_parameter_management
+    test from: :udap_security_unauthenticated_clients
+    test from: :udap_security_user_authorization
+  end
+end

data/lib/udap_security_test_kit/visual_inspection_and_attestation/server_attestation_group.rb

@@ -0,0 +1,33 @@
+require_relative 'server/metadata_server_capabilities_group'
+require_relative 'server/client_authentication_group'
+require_relative 'server/dynamic_client_registration_group'
+require_relative 'server/authorization_code_token_requests_group'
+require_relative 'server/authentication_requests_group'
+require_relative 'server/id_token_access_token_validation_group'
+require_relative 'server/error_handling_group'
+require_relative 'server/security_measures_group'
+require_relative 'server/identity_provider_interaction_group'
+require_relative 'server/jwt_security_group'
+
+module UDAPSecurityTestKit
+  class ServerAttestationGroup < Inferno::TestGroup
+    id :udap_server_v100_visual_inspection_and_attestation
+    title 'Visual Inspection and Attestation'
+    optional
+
+    description <<~DESCRIPTION
+      Perform visual inspections or attestations to ensure that the Server is conformant to the UDAP IG requirements.
+    DESCRIPTION
+
+    group from: :udap_server_v100_metadata_server_capabilities_group
+    group from: :udap_server_v100_dynamic_client_registration_group
+    group from: :udap_server_v100_authorization_code_token_requests_group
+    group from: :udap_server_v100_authentication_requests_group
+    group from: :udap_server_v100_id_token_access_token_validation_group
+    group from: :udap_server_v100_error_handling_group
+    group from: :udap_server_v100_security_measures_group
+    group from: :udap_server_v100_client_authentication_group
+    group from: :udap_server_v100_jwt_security_group
+    group from: :udap_server_v100_identity_provider_interaction_group
+  end
+end

data/lib/udap_security_test_kit/well_known_endpoint_test.rb

@@ -28,6 +28,10 @@ module UDAPSecurityTestKit
     output :udap_well_known_metadata_json
     makes_request :config
 
+    verifies_requirements 'hl7.fhir.us.udap-security_1.0.0@12',
+                          'hl7.fhir.us.udap-security_1.0.0@13',
+                          'hl7.fhir.us.udap-security_1.0.0@14'
+
     run do
       uri = URI.parse("#{udap_fhir_base_url.strip.chomp('/')}/.well-known/udap")
       unless udap_community_parameter.blank?

data/lib/udap_security_test_kit.rb

@@ -3,6 +3,7 @@ require_relative 'udap_security_test_kit/authorization_code_group'
 require_relative 'udap_security_test_kit/client_credentials_group'
 require_relative 'udap_security_test_kit/redirect_uri'
 require_relative 'udap_security_test_kit/metadata'
+require_relative 'udap_security_test_kit/visual_inspection_and_attestation/server_attestation_group'
 
 module UDAPSecurityTestKit
   class Suite < Inferno::TestSuite
@@ -32,6 +33,14 @@ module UDAPSecurityTestKit
       (which is not a required capability).
     )
 
+    requirement_sets(
+      {
+        identifier: 'hl7.fhir.us.udap-security_1.0.0',
+        title: 'Security for Scalable Registration, Authentication, and Authorization (UDAP)',
+        actor: 'Server'
+      }
+    )
+
     input_instructions %(
       This menu will execute tests for both OAuth flows.
 
@@ -85,5 +94,6 @@ module UDAPSecurityTestKit
 
     group from: :udap_authorization_code_group
     group from: :udap_client_credentials_group
+    group from: :udap_server_v100_visual_inspection_and_attestation
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: udap_security_test_kit
 version: !ruby/object:Gem::Version
-  version: 0.11.5
+  version: 0.12.0
 platform: ruby
 authors:
 - Stephen MacVicar
@@ -9,22 +9,28 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-05-14 00:00:00.000000000 Z
+date: 2025-07-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: inferno_core
   requirement: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.6.1
+        version: 1.0.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.6.1
+        version: 1.0.2
 - !ruby/object:Gem::Dependency
   name: jwt
   requirement: !ruby/object:Gem::Requirement
@@ -110,6 +116,11 @@ files:
 - lib/udap_security_test_kit/registration_failure_invalid_jwt_signature_test.rb
 - lib/udap_security_test_kit/registration_success_contents_test.rb
 - lib/udap_security_test_kit/registration_success_test.rb
+- lib/udap_security_test_kit/requirements/generated/udap-security-test-kit_requirements_coverage.csv
+- lib/udap_security_test_kit/requirements/generated/udap_security_client_requirements_coverage.csv
+- lib/udap_security_test_kit/requirements/generated/udap_security_requirements_coverage.csv
+- lib/udap_security_test_kit/requirements/hl7.fhir.us.udap-security_1.0.0_reqs.xlsx
+- lib/udap_security_test_kit/requirements/udap_security_test_kit_requirements.csv
 - lib/udap_security_test_kit/scopes_supported_field_test.rb
 - lib/udap_security_test_kit/signed_metadata_contents_test.rb
 - lib/udap_security_test_kit/signed_metadata_field_test.rb
@@ -134,6 +145,76 @@ files:
 - lib/udap_security_test_kit/udap_x509_certificate.rb
 - lib/udap_security_test_kit/urls.rb
 - lib/udap_security_test_kit/version.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/client/b2b_authorization_extension_object_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/client/client_authorization_code_usage_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/client/client_security_csrf_protection_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/client/cryptographic_algorithms_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/client/data_holder_auth_request_scope_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/client/idp_authentication_compliance_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/client/idp_supports_required_scopes_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/client/jti_reuse_prevention_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/client/metadata_interpretation_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/client/oauth2_protocol_compliance_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/client/preferred_identity_provider_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/client/private_key_authentication_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/client/resource_holder_authentication_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/client/software_statement_registration_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/client/token_request_authentication_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/client/trust_community_query_parameters_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/client/validation_confidentiality_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/client_attestation_group.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/authentication_requests_group.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/authentication_requests_group/authentication_request_construction_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/authentication_requests_group/authentication_request_validation_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/authorization_code_token_requests_group.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/authorization_code_token_requests_group/access_token_lifetime_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/authorization_code_token_requests_group/access_token_request_validation_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/authorization_code_token_requests_group/authorization_code_usage_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/authorization_code_token_requests_group/resource_holder_authorization_flow_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/client_authentication_group.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/client_authentication_group/client_certificate_storage_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/client_authentication_group/no_client_credentials_native_apps_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/dynamic_client_registration_group.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/dynamic_client_registration_group/certification_handling_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/dynamic_client_registration_group/client_id_modification_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/dynamic_client_registration_group/dynamic_client_registration_validation_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/error_handling_group.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/error_handling_group/deny_token_request_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/error_handling_group/general_error_response_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/error_handling_group/invalid_id_token_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/error_handling_group/invalid_idp_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/error_handling_group/invalid_redirection_uri_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/error_handling_group/prompt_none_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/error_handling_group/state_mismatch_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/error_handling_group/unauthenticated_user_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/error_handling_group/valid_state_error_response_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/id_token_access_token_validation_group.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/id_token_access_token_validation_group/access_token_validation_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/id_token_access_token_validation_group/id_token_validation_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/id_token_access_token_validation_group/token_response_validation_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/identity_provider_interaction_group.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/identity_provider_interaction_group/idp_authentication_request_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/identity_provider_interaction_group/idp_dynamic_registration_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/identity_provider_interaction_group/idp_metadata_validation_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/identity_provider_interaction_group/idp_token_exchange_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/jwt_security_group.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/jwt_security_group/jwt_certificate_chain_validation_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/jwt_security_group/jwt_grant_parameter_validation_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/jwt_security_group/jwt_jti_reuse_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/jwt_security_group/jwt_signature_validation_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/jwt_security_group/jwt_token_request_validation_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/metadata_server_capabilities_group.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/metadata_server_capabilities_group/udap_authorization_extensions_required_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/metadata_server_capabilities_group/udap_community_parameter_support_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/metadata_server_capabilities_group/udap_metadata_endpoint_error_handling_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/metadata_server_capabilities_group/udap_metadata_representation_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/metadata_server_capabilities_group/udap_profiles_supported_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/security_measures_group.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/security_measures_group/csrf_protection_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/security_measures_group/obtain_authorization_scopes_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/security_measures_group/state_parameter_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server/security_measures_group/unauthenticated_client_security_test.rb
+- lib/udap_security_test_kit/visual_inspection_and_attestation/server_attestation_group.rb
 - lib/udap_security_test_kit/well_known_endpoint_test.rb
 homepage: https://github.com/inferno-framework/udap-security-test-kit
 licenses: