OAuthConfiguration
- class aws_cdk.aws_bedrock_agentcore_alpha.OAuthConfiguration(*, provider_arn, scopes, secret_arn, custom_parameters=None)
Bases:
object(experimental) OAuth configuration.
- Parameters:
provider_arn (
str) – (experimental) The OAuth credential provider ARN. This is returned when creating the OAuth credential provider via Console or API. Format: arn:aws:bedrock-agentcore:region:account:token-vault/id/oauth2credentialprovider/name Required: Yesscopes (
Sequence[str]) – (experimental) The OAuth scopes for the credential provider. These scopes define the level of access requested from the OAuth provider. Array Members: Minimum number of 0 items. Maximum number of 100 items. Length Constraints: Minimum length of 1. Maximum length of 64. Required: Yessecret_arn (
str) – (experimental) The ARN of the Secrets Manager secret containing OAuth credentials (client ID and secret). This is returned when creating the OAuth credential provider via Console or API. Format: arn:aws:secretsmanager:region:account:secret:name Required: Yescustom_parameters (
Optional[Mapping[str,str]]) – (experimental) Custom parameters for the OAuth flow. Default: - No custom parameters
- Stability:
experimental
- ExampleMetadata:
fixture=default infused
Example:
gateway = agentcore.Gateway(self, "MyGateway", gateway_name="my-gateway" ) # OAuth2 authentication (recommended) # Note: Create the OAuth provider using AWS console or Identity L2 construct when available oauth_provider_arn = "arn:aws:bedrock-agentcore:us-east-1:123456789012:token-vault/abc123/oauth2credentialprovider/my-oauth" oauth_secret_arn = "arn:aws:secretsmanager:us-east-1:123456789012:secret:my-oauth-secret-abc123" # Add an MCP server target directly to the gateway mcp_target = gateway.add_mcp_server_target("MyMcpServer", gateway_target_name="my-mcp-server", description="External MCP server integration", endpoint="https://my-mcp-server.example.com", credential_provider_configurations=[ agentcore.GatewayCredentialProvider.from_oauth_identity_arn( provider_arn=oauth_provider_arn, secret_arn=oauth_secret_arn, scopes=["mcp-runtime-server/invoke"] ) ] ) # Grant sync permission to a Lambda function that will trigger synchronization sync_function = lambda_.Function(self, "SyncFunction", runtime=lambda_.Runtime.PYTHON_3_12, handler="index.handler", code=lambda_.Code.from_inline(""" import boto3 def handler(event, context): client = boto3.client('bedrock-agentcore') response = client.synchronize_gateway_targets( gatewayIdentifier=event['gatewayId'], targetIds=[event['targetId']] ) return response """) ) mcp_target.grant_sync(sync_function)
Attributes
- custom_parameters
(experimental) Custom parameters for the OAuth flow.
- Default:
No custom parameters
- Stability:
experimental
- provider_arn
(experimental) The OAuth credential provider ARN.
This is returned when creating the OAuth credential provider via Console or API. Format: arn:aws:bedrock-agentcore:region:account:token-vault/id/oauth2credentialprovider/name Required: Yes
- Stability:
experimental
- scopes
(experimental) The OAuth scopes for the credential provider. These scopes define the level of access requested from the OAuth provider.
Array Members: Minimum number of 0 items. Maximum number of 100 items. Length Constraints: Minimum length of 1. Maximum length of 64. Required: Yes
- Stability:
experimental
- secret_arn
(experimental) The ARN of the Secrets Manager secret containing OAuth credentials (client ID and secret).
This is returned when creating the OAuth credential provider via Console or API. Format: arn:aws:secretsmanager:region:account:secret:name Required: Yes
- Stability:
experimental