ZAP Authentication Tester with OAuth2 and Microsoft Entra ID
31 views
Skip to first unread message
Emerson Juan
May 8, 2026, 12:28:05 PMMay 8
to ZAP User Group
Hi Team,
Hope you're doing well.
I'm trying to configure ZAP authentication using the Automation Framework approach and the Authentication Tester. However, our web application uses OAuth2, and the authentication process is handled by Microsoft Entra ID.
Scenario:
1- User accesses example.com
2- Application redirects the user to Microsoft Entra ID, for example:
https://login.microsoftonline.com/{TenantID}/oauth2/v2.0/authorize?...&redirect_uri=https://example.com
3- If authentication is successful, the user is redirected back to the application and becomes authenticated.
Is this the scenario Simon refers to in the “ZAP Chat 02 Authentication Tester” video around the 11-minute mark?
Am I following the correct approach for this type of authentication flow, or would you recommend another method?
Thank you in advance,
Emerson
Sources:
ZAP Chat 02 Authentication Tester
https://www.youtube.com/watch?v=RCi9W77bGpI
How to configure authentication using auto-detection
https://youtu.be/_CKzFqDi33A
Automation Framework
https://www.zaproxy.org/docs/automate/automation-framework/
I'm trying to configure ZAP authentication using the Automation Framework approach and the Authentication Tester. However, our web application uses OAuth2, and the authentication process is handled by Microsoft Entra ID.
Scenario:
1- User accesses example.com
2- Application redirects the user to Microsoft Entra ID, for example:
https://login.microsoftonline.com/{TenantID}/oauth2/v2.0/authorize?...&redirect_uri=https://example.com
3- If authentication is successful, the user is redirected back to the application and becomes authenticated.
Is this the scenario Simon refers to in the “ZAP Chat 02 Authentication Tester” video around the 11-minute mark?
Am I following the correct approach for this type of authentication flow, or would you recommend another method?
Thank you in advance,
Emerson
Sources:
ZAP Chat 02 Authentication Tester
https://www.youtube.com/watch?v=RCi9W77bGpI
How to configure authentication using auto-detection
https://youtu.be/_CKzFqDi33A
Automation Framework
https://www.zaproxy.org/docs/automate/automation-framework/
Simon Bennetts
May 27, 2026, 4:44:06 AM (6 days ago) May 27
to ZAP User Group
Hiya,
Follow the Authentication Decision Tree: https://www.zaproxy.org/docs/authentication/
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages