ZAP Authentication Tester with OAuth2 and Microsoft Entra ID

[Emerson Juan]

Hi Team,

Hope you're doing well.

I'm trying to configure ZAP authentication using the Automation Framework approach and the Authentication Tester. However, our web application uses OAuth2, and the authentication process is handled by Microsoft Entra ID.

Scenario:

1- User accesses example.com
2- Application redirects the user to Microsoft Entra ID, for example:
https://login.microsoftonline.com/{TenantID}/oauth2/v2.0/authorize?...&redirect_uri=https://example.com
3- If authentication is successful, the user is redirected back to the application and becomes authenticated.

Is this the scenario Simon refers to in the “ZAP Chat 02 Authentication Tester” video around the 11-minute mark?

Am I following the correct approach for this type of authentication flow, or would you recommend another method?

Thank you in advance,
Emerson

Sources:

ZAP Chat 02 Authentication Tester
https://www.youtube.com/watch?v=RCi9W77bGpI

How to configure authentication using auto-detection
https://youtu.be/_CKzFqDi33A

Automation Framework
https://www.zaproxy.org/docs/automate/automation-framework/