Documentation Index
Fetch the complete documentation index at: https://apyguard.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Overview
OAuth2 Password is designed for providers that support the resource owner password credentials grant. ApyGuard uses both client credentials and user credentials to request tokens before testing protected endpoints.Configure OAuth2 Password in ApyGuard
- Go to Start Scan → Authorization Settings.
- Create a new authorization setting.
- Choose OAuth2 Password.
- Enter a descriptive Authorization Setting Name.
- Configure token format and token location.
- Select the API server so ApyGuard can detect OAuth2 configuration.
- Review the detected OAuth2 metadata.
- Create or select the matching OAuth2 Password credential.
- Save the authorization setting and use it in the scan.
Required credential fields
Create a credential record with:- Client ID
- Client secret
- Username
- Password
- Scopes
What users review in the UI
Detected OAuth2 fields
ApyGuard can display authorization endpoint, token endpoint, introspection endpoint, revocation endpoint, supported scopes, and supported grant types.
Editable provider values
Users can review and edit the detected OAuth2 configuration before saving the authorization setting.
Best fit
Use this method when:- The identity provider explicitly supports password grant
- You are testing a trusted internal or legacy workflow
- You have a real user identity for authenticated testing
Watchouts
- Some providers disable password grant entirely
- Requested scopes may be valid for the client but not the user
- Test users may have different roles than expected