diff --git a/zds/api/utils.py b/zds/api/utils.py
index 728d8968d3..ed33e05792 100644
--- a/zds/api/utils.py
+++ b/zds/api/utils.py
@@ -1,5 +1,11 @@
+from django.urls import reverse
 from oauth2_provider.models import Application, AccessToken
 
+
+# As of django-oauth-toolkit (oauth2_provider) 2.0.0, `Application.client_secret` values are hashed
+# before being saved in the database. For the tests, we use the same method as django-oauth-toolkit tests
+# which is to store the client_secret cleartext value in CLEARTEXT_SECRET.
+# (See https://github.com/jazzband/django-oauth-toolkit/blob/fda64f97974aac78d4ac9c9f0f36e137dbe4fb8c/tests/test_client_credential.py#L26C58-L26C58)
 CLEARTEXT_SECRET = "abcdefghijklmnopqrstuvwxyz1234567890"
 
 
@@ -13,7 +19,7 @@ def authenticate_oauth2_client(client, user, password):
     oauth2_client.save()
 
     client.post(
-        "/oauth2/token/",
+        reverse("oauth2_provider:token"),
         {
             "client_id": oauth2_client.client_id,
             "client_secret": CLEARTEXT_SECRET,