Configure OAuth 2.0 authentication
This document is for:
Invicti Platform
Invicti Platform supports the OAuth 2.0 authentication mechanism, allowing you to configure targets for web applications that require OAuth 2.0. This document explains how to add an OAuth 2.0 login sequence to a target in Invicti Platform.
How to set up an OAuth 2.0 login sequence
- Select Inventory > Targets from the left-side menu.
- Choose the target for which you would like to configure OAuth 2.0 authentication, and click Edit target
- Open the Authentication form.
- In the Authenticated method, select OAuth2.
- Use the drop-down to set the Grant Type to one of the OAuth2 Authentication Flow mechanisms. The supported grant types are:
- Authorization Code
- Implicit
- Client Credentials
- Password Credentials
- Set the Access Token URL.
- Set the Client ID and Client Secret fields for your target. These are unique values assigned to your web application by the Authentication Provider when you registered your web application with the Authentication Provider for its login functionality.
- Set the Scope(optional) field to a space-delimited list of elements for which permission is being requested.
- Click Save target configuration or Save and scan to confirm.