image Get the whitepaper, toolkits & remediation guides → http1mustdie.com

DAST

OAuth 2.0 authentication

  • Last updated: August 7, 2025

  • Read time: 1 Minute

Burp Suite DAST supports the Client Credentials grant flow for OAuth 2.0. This enables you to authenticate using dynamically generated bearer tokens.

Note

We're always looking to enhance our authentication capabilities. If you use a different OAuth 2.0 flow, please email our support team to share your use case.

Configuring OAuth 2.0 client credentials flow

To configure the client credentials flow when you create a new site:

  1. Under API definition select the Authentication tab.
  2. Click Add API authentication to display the Add Authentication dialog.
  3. Select Bearer auth.
  4. Set the Token type to Dynamic.
  5. Enter a Label for the token.
  6. Enter your OAuth 2.0 token endpoint URL in Authentication service URL.
  7. Select POST as the method.
  8. Expand Add headers and add: Name: Content-Type, Value: application/x-www-form-urlencoded
  9. In the Body field, enter: grant_type=client_credentials&client_id=your_client_id&client_secret=your_client_secret Replace your_client_id and your_client_secret with your OAuth 2.0 client credentials.
  10. Set the Re-fetch every interval based on your token's expiry time.
  11. Set the Token location to access_token.
  12. Click Save.