Obtain an access token to make gateway requests - Amazon Bedrock AgentCore

Amazon Bedrock AgentCore is in preview release and is subject to change.

Obtain an access token to make gateway requests

To make MCP requests to a gateway, you need authorize the requests with an access token from the identity provider configured for the gateway's inbound authentication. The process for obtaining the token depends on the identity provider:

  • For Amazon Cognito, use the OAuth 2.0 token endpoint with client credentials flow.

  • For Auth0, use the OAuth 2.0 token endpoint with client credentials flow.

  • For other identity providers, refer to their documentation for obtaining access tokens.

After you receive the access token, specify it in the Authorization header of your request, as in the following format:

Authorization: Bearer ${AccessToken}

To see examples of how to retrieve your access token with Amazon Cognito, select one of the following methods:

curl
curl --http1.1 -X POST ${token_endpoint} \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials&client_id=${client_id}&client_secret=${client_secret}"
Python requests package
import requests
import base64

def get_cognito_access_token(client_id, client_secret, token_endpoint):
    credentials = base64.b64encode(f"{client_id}:{client_secret}".encode()).decode()
    
    response = requests.post(
        token_endpoint,
        headers={
            "Authorization": f"Basic {credentials}",
            "Content-Type": "application/x-www-form-urlencoded"
        },
        data={"grant_type": "client_credentials"}
    )
    
    return response.json()["access_token"]

Replace the client_id, client_secret, and token_endpoint with the values that were created when you configured inbound authorization.