DAST
OAuth 2.0 authentication
-
Last updated: August 7, 2025
-
Read time: 1 Minute
Burp Suite DAST supports the Client Credentials grant flow for OAuth 2.0. This enables you to authenticate using dynamically generated bearer tokens.
Note
We're always looking to enhance our authentication capabilities. If you use a different OAuth 2.0 flow, please email our support team to share your use case.
Configuring OAuth 2.0 client credentials flow
To configure the client credentials flow when you create a new site:
- Under API definition select the Authentication tab.
- Click Add API authentication to display the Add Authentication dialog.
- Select Bearer auth.
- Set the Token type to Dynamic.
- Enter a Label for the token.
- Enter your OAuth 2.0 token endpoint URL in Authentication service URL.
- Select POST as the method.
-
Expand Add headers and add:
Name:
Content-Type
, Value:application/x-www-form-urlencoded
-
In the Body field, enter:
grant_type=client_credentials&client_id=your_client_id&client_secret=your_client_secret
Replaceyour_client_id
andyour_client_secret
with your OAuth 2.0 client credentials. - Set the Re-fetch every interval based on your token's expiry time.
-
Set the Token location to
access_token
. - Click Save.