Scanning SPA using Microsoft Azure AD B2C Authorization Code Grant flow
38 views
Skip to first unread message
Colby Crossley
unread,
Oct 22, 2024, 8:41:49 PMOct 22
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ZAP User Group
I'm trying to scan a Single Page Application using Microsoft Azure AD B2C authorization code grant flow and ZAP is just getting stuck in a loop between the SPA endpoint and Azure AD B2C. I have tried the authentication tester tool and all checks pass. Does anyone have suggestions on how to setup ZAP to work with this authorization code flow?
Simon Bennetts
unread,
Oct 24, 2024, 11:50:13 AMOct 24
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ZAP User Group
How have you using ZAP, and exactly what have you configured it to do?
Cheers,
Simon
Colby Crossley
unread,
Oct 24, 2024, 3:42:12 PMOct 24
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ZAP User Group
I used the ZAP authentication tester, which indicates status passed. ZAP is not sending the bearer token as an authorization header in subsequent requests, and I suspect this is because it's not detecting the access_token from Azure AD B2C's OAuth 2.0 authorization code flow.