2.254.0

interface CustomOAuth2CredentialProviderProps ๐Ÿ”น

LanguageType name
.NETAmazon.CDK.AWS.Bedrock.Agentcore.Alpha.CustomOAuth2CredentialProviderProps
Gogithub.com/aws/aws-cdk-go/awsbedrockagentcorealpha/v2#CustomOAuth2CredentialProviderProps
Javasoftware.amazon.awscdk.services.bedrock.agentcore.alpha.CustomOAuth2CredentialProviderProps
Pythonaws_cdk.aws_bedrock_agentcore_alpha.CustomOAuth2CredentialProviderProps
TypeScript (source)@aws-cdk/aws-bedrock-agentcore-alpha ยป CustomOAuth2CredentialProviderProps

Implements OAuth2CredentialProviderBaseProps, OAuth2ClientCredentials, OAuth2CredentialProviderFactoryBaseProps

Props for {@link OAuth2CredentialProvider.usingCustom}.

Set exactly one of {@link discoveryUrl} (OIDC discovery document) or {@link authorizationServerMetadata} (static OAuth2 server metadata). Do not pass both.

Example

agentcore.OAuth2CredentialProvider.usingCustom(this, "CustomOAuth", {
  oAuth2CredentialProviderName: "custom-idp",
  clientId: "your-client-id",
  clientSecret: cdk.SecretValue.unsafePlainText("your-client-secret"),
  discoveryUrl: "https://idp.example.com/.well-known/openid-configuration",
});

Properties

NameTypeDescription
clientId๐Ÿ”นstringOAuth2 client identifier.
clientSecret๐Ÿ”นSecretValueOAuth2 client secret.
authorizationServerMetadata?๐Ÿ”นOAuth2AuthorizationServerMetadataAuthorization server metadata (issuer, authorization and token endpoints) when not using a discovery URL.
discoveryUrl?๐Ÿ”นstringOIDC/OAuth2 discovery document URL for dynamic integration with the identity provider.
oAuth2CredentialProviderName?๐Ÿ”นstringName of the credential provider.
tags?๐Ÿ”น{ [string]: string }Tags for this credential provider.

clientId๐Ÿ”น

Type: string

OAuth2 client identifier.

clientSecret๐Ÿ”น

Type: SecretValue

OAuth2 client secret.

NOTE: The client secret will be included in the CloudFormation template as part of synthesis. The service stores the secret in Secrets Manager after creation, but the value is visible in the template and deployment history. Use SecretValue.unsafePlainText() to explicitly acknowledge plaintext, or pass a reference from another construct to avoid embedding the literal value.

authorizationServerMetadata?๐Ÿ”น

Type: OAuth2AuthorizationServerMetadata (optional, default: not used when {@link discoveryUrl } is set)

Authorization server metadata (issuer, authorization and token endpoints) when not using a discovery URL.

discoveryUrl?๐Ÿ”น

Type: string (optional, default: not used when {@link authorizationServerMetadata } is set)

OIDC/OAuth2 discovery document URL for dynamic integration with the identity provider.

oAuth2CredentialProviderName?๐Ÿ”น

Type: string (optional, default: a name generated by CDK)

Name of the credential provider.

tags?๐Ÿ”น

Type: { [string]: string } (optional, default: no tags)

Tags for this credential provider.

โ† PreviousNext โ†’