id: oauth2-detect info: name: OAuth 2.0 Authorization Server Detection Template author: righettod severity: info description: Try to detect OAuth 2.0 Authorization Server via the "oauth/token" endpoint tags: tech,oauth http: - method: POST path: - "{{BaseURL}}/oauth/token" body: "grant_type=authorization_code&client_id=xxx&redirect_uri=https%3A%2F%2Fprojectdiscovery.io&code=xxx&client_secret=xxx" matchers-condition: and matchers: - type: status status: - 401 - 400 condition: or - type: word part: body words: - 'error":"invalid_client"'