class OAuth2CredentialProvider (construct)
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.Bedrock.Agentcore.Alpha.OAuth2CredentialProvider |
 Go | github.com/aws/aws-cdk-go/awsbedrockagentcorealpha/v2#OAuth2CredentialProvider |
 Java | software.amazon.awscdk.services.bedrock.agentcore.alpha.OAuth2CredentialProvider |
 Python | aws_cdk.aws_bedrock_agentcore_alpha.OAuth2CredentialProvider |
 TypeScript (source) | @aws-cdk/aws-bedrock-agentcore-alpha ยป OAuth2CredentialProvider |
Implements
IConstruct, IDependable, IResource, IEnvironment, IOAuth2, IGrantable, IOAuth2
L2 construct for AWS::BedrockAgentCore::OAuth2CredentialProvider.
Prefer the static factories (for example {@link OAuth2CredentialProvider.usingSlack}) so you only pass the OAuth2 settings that apply to that vendor. To attach the identity to a gateway target, use {@link GatewayCredentialProvider.fromOauthIdentity } with this construct, or {@link OAuth2CredentialProvider.bindForGatewayOAuthTarget} with {@link GatewayCredentialProvider.fromOauthIdentityArn }.
Example
agentcore.OAuth2CredentialProvider.usingCustom(this, "CustomOAuthMeta", {
clientId: "your-client-id",
clientSecret: cdk.SecretValue.unsafePlainText("your-client-secret"),
authorizationServerMetadata: {
issuer: "https://idp.example.com",
authorizationEndpoint: "https://idp.example.com/oauth2/authorize",
tokenEndpoint: "https://idp.example.com/oauth2/token",
},
});
Initializer
new OAuth2CredentialProvider(scope: Construct, id: string, props: OAuth2CredentialProviderProps)
Parameters
- scope
Construct - id
string - props
OAuth2Credential Provider Props
Construct Props
| Name | Type | Description |
|---|---|---|
| credential | string | OAuth2 vendor string for CloudFormation CredentialProviderVendor. |
| oauth2 | Oauth2 | OAuth2 provider configuration passed through to Oauth2ProviderConfigInput. |
| o | string | Name of the credential provider. |
| tags? | { [string]: string } | Tags for this credential provider. |
credentialProviderVendor
Type:
string
OAuth2 vendor string for CloudFormation CredentialProviderVendor.
oauth2ProviderConfigInput
Type:
Oauth2
OAuth2 provider configuration passed through to Oauth2ProviderConfigInput.
oAuth2CredentialProviderName?
Type:
string
(optional, default: a name generated by CDK)
Name of the credential provider.
tags?
Type:
{ [string]: string }
(optional, default: no tags)
Tags for this credential provider.
Properties
| Name | Type | Description |
|---|---|---|
| credential | string | The ARN of this credential provider. |
| credential | string | OAuth2 vendor string passed to CloudFormation. |
| env | Resource | The environment this resource belongs to. |
| grant | IPrincipal | The principal to grant permissions to. |
| node | Node | The tree node. |
| o | string | The name of this OAuth2 credential provider. |
| o | OAuth2 | A reference to a OAuth2CredentialProvider resource. |
| stack | Stack | The stack in which this resource is defined. |
| callback | string | Callback URL for the OAuth2 authorization flow. |
| client | string | The ARN of the Secrets Manager secret for the OAuth2 client credentials. |
| created | string | Timestamp when the credential provider was created. |
| last | string | Timestamp when the credential provider was last updated. |
| static PROPERTY_INJECTION_ID | string | Uniquely identifies this class. |
credentialProviderArn
Type:
string
The ARN of this credential provider.
credentialProviderVendor
Type:
string
OAuth2 vendor string passed to CloudFormation.
env
Type:
Resource
The environment this resource belongs to.
For resources that are created and managed in a Stack (those created by
creating new class instances like new Role(), new Bucket(), etc.), this
is always the same as the environment of the stack they belong to.
For referenced resources (those obtained from referencing methods like
Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be
different than the stack they were imported into.
grantPrincipal
Type:
IPrincipal
The principal to grant permissions to.
node
Type:
Node
The tree node.
oAuth2CredentialProviderName
Type:
string
The name of this OAuth2 credential provider.
oAuth2CredentialProviderRef
Type:
OAuth2
A reference to a OAuth2CredentialProvider resource.
stack
Type:
Stack
The stack in which this resource is defined.
callbackUrl?
Type:
string
(optional)
Callback URL for the OAuth2 authorization flow.
clientSecretArn?
Type:
string
(optional)
The ARN of the Secrets Manager secret for the OAuth2 client credentials.
May be undefined for resources imported without this attribute.
createdTime?
Type:
string
(optional)
Timestamp when the credential provider was created.
lastUpdatedTime?
Type:
string
(optional)
Timestamp when the credential provider was last updated.
static PROPERTY_INJECTION_ID
Type:
string
Uniquely identifies this class.
Methods
| Name | Description |
|---|---|
| apply | Apply the given removal policy to this resource. |
| bind | ARNs and OAuth scopes for {@link GatewayCredentialProvider.fromOauthIdentity } / {@link GatewayCredentialProvider.fromOauthIdentityArn }. |
| grant(grantee, ...actions) | [disable-awslint:no-grants]. |
| grant | [disable-awslint:no-grants]. |
| grant | [disable-awslint:no-grants]. |
| grant | [disable-awslint:no-grants]. |
| grant | [disable-awslint:no-grants]. |
| to | Returns a string representation of this construct. |
| with(...mixins) | Applies one or more mixins to this construct. |
| static from | Import an existing OAuth2 credential provider. |
| static using | Create a credential provider for Atlassian OAuth2. |
| static using | Create a credential provider for Auth0 OAuth2 (IncludedOauth2ProviderConfig). |
| static using | Create a credential provider for Amazon Cognito OAuth2 (IncludedOauth2ProviderConfig). |
| static using | Create a credential provider for a custom OAuth2 authorization server (discovery document or metadata). |
| static using | Create a credential provider for CyberArk OAuth2 (IncludedOauth2ProviderConfig). |
| static using | Create a credential provider for Dropbox OAuth2 (IncludedOauth2ProviderConfig). |
| static using | Create a credential provider for Facebook OAuth2 (IncludedOauth2ProviderConfig). |
| static using | Create a credential provider for FusionAuth OAuth2 (IncludedOauth2ProviderConfig). |
| static using | Create a credential provider for GitHub OAuth2. |
| static using | Create a credential provider for Google OAuth2. |
| static using | Create a credential provider for HubSpot OAuth2 (IncludedOauth2ProviderConfig). |
| static using | Create a credential provider for LinkedIn OAuth2. |
| static using | Create a credential provider for Microsoft (Entra ID) OAuth2. |
| static using | Create a credential provider for Notion OAuth2 (IncludedOauth2ProviderConfig). |
| static using | Create a credential provider for Okta OAuth2 (IncludedOauth2ProviderConfig). |
| static using | Create a credential provider for OneLogin OAuth2 (IncludedOauth2ProviderConfig). |
| static using | Create a credential provider for PingOne OAuth2 (IncludedOauth2ProviderConfig). |
| static using | Create a credential provider for Reddit OAuth2 (IncludedOauth2ProviderConfig). |
| static using | Create a credential provider for Salesforce OAuth2. |
| static using | Create a credential provider for Slack OAuth2. |
| static using | Create a credential provider for Spotify OAuth2 (IncludedOauth2ProviderConfig). |
| static using | Create a credential provider for Twitch OAuth2 (IncludedOauth2ProviderConfig). |
| static using | Create a credential provider for X (Twitter) OAuth2 (IncludedOauth2ProviderConfig). |
| static using | Create a credential provider for Yandex OAuth2 (IncludedOauth2ProviderConfig). |
| static using | Create a credential provider for Zoom OAuth2 (IncludedOauth2ProviderConfig). |
applyRemovalPolicy(policy)
public applyRemovalPolicy(policy: RemovalPolicy): void
Parameters
- policy
RemovalPolicy
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
bindForGatewayOAuthTarget(scopes, customParameters?)
public bindForGatewayOAuthTarget(scopes: string[], customParameters?: { [string]: string }): GatewayOAuth2IdentityBinding
Parameters
- scopes
string[]โ OAuth scopes the gateway target should request (see vendor documentation). - customParameters
{ [string]: string }โ Optional custom parameters for the OAuth flow.
Returns
ARNs and OAuth scopes for {@link GatewayCredentialProvider.fromOauthIdentity } / {@link GatewayCredentialProvider.fromOauthIdentityArn }.
grant(grantee, ...actions)
public grant(grantee: IGrantable, ...actions: string[]): Grant
Parameters
- grantee
IGrantable - actions
string
Returns
[disable-awslint:no-grants].
grantAdmin(grantee)
public grantAdmin(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable
Returns
[disable-awslint:no-grants].
grantFullAccess(grantee)
public grantFullAccess(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable
Returns
[disable-awslint:no-grants].
grantRead(grantee)
public grantRead(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable
Returns
[disable-awslint:no-grants].
grantUse(grantee)
public grantUse(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable
Returns
[disable-awslint:no-grants].
toString()
public toString(): string
Returns
string
Returns a string representation of this construct.
with(...mixins)
public with(...mixins: IMixin[]): IConstruct
Parameters
- mixins
IMixin
Returns
Applies one or more mixins to this construct.
Mixins are applied in order. The list of constructs is captured at the
start of the call, so constructs added by a mixin will not be visited.
Use multiple with() calls if subsequent mixins should apply to added
constructs.
static fromOAuth2CredentialProviderAttributes(scope, id, attrs)
public static fromOAuth2CredentialProviderAttributes(scope: Construct, id: string, attrs: OAuth2CredentialProviderAttributes): IOAuth2CredentialProvider
Parameters
- scope
Construct - id
string - attrs
OAuth2Credential Provider Attributes
Returns
Import an existing OAuth2 credential provider.
static usingAtlassian(scope, id, props)
public static usingAtlassian(scope: Construct, id: string, props: AtlassianOAuth2CredentialProviderProps): OAuth2CredentialProvider
Parameters
- scope
Construct - id
string - props
AtlassianOAuth2 Credential Provider Props
Returns
Create a credential provider for Atlassian OAuth2.
static usingAuth0(scope, id, props)
public static usingAuth0(scope: Construct, id: string, props: IncludedOauth2TenantCredentialProviderProps): OAuth2CredentialProvider
Parameters
- scope
Construct - id
string - props
IncludedOauth2 Tenant Credential Provider Props
Returns
Create a credential provider for Auth0 OAuth2 (IncludedOauth2ProviderConfig).
static usingCognito(scope, id, props)
public static usingCognito(scope: Construct, id: string, props: IncludedOauth2TenantCredentialProviderProps): OAuth2CredentialProvider
Parameters
- scope
Construct - id
string - props
IncludedOauth2 Tenant Credential Provider Props
Returns
Create a credential provider for Amazon Cognito OAuth2 (IncludedOauth2ProviderConfig).
static usingCustom(scope, id, props)
public static usingCustom(scope: Construct, id: string, props: CustomOAuth2CredentialProviderProps): OAuth2CredentialProvider
Parameters
- scope
Construct - id
string - props
CustomOAuth2 Credential Provider Props
Returns
Create a credential provider for a custom OAuth2 authorization server (discovery document or metadata).
static usingCyberArk(scope, id, props)
public static usingCyberArk(scope: Construct, id: string, props: IncludedOauth2TenantCredentialProviderProps): OAuth2CredentialProvider
Parameters
- scope
Construct - id
string - props
IncludedOauth2 Tenant Credential Provider Props
Returns
Create a credential provider for CyberArk OAuth2 (IncludedOauth2ProviderConfig).
static usingDropbox(scope, id, props)
public static usingDropbox(scope: Construct, id: string, props: DropboxOAuth2CredentialProviderProps): OAuth2CredentialProvider
Parameters
- scope
Construct - id
string - props
DropboxOAuth2 Credential Provider Props
Returns
Create a credential provider for Dropbox OAuth2 (IncludedOauth2ProviderConfig).
static usingFacebook(scope, id, props)
public static usingFacebook(scope: Construct, id: string, props: FacebookOAuth2CredentialProviderProps): OAuth2CredentialProvider
Parameters
- scope
Construct - id
string - props
FacebookOAuth2 Credential Provider Props
Returns
Create a credential provider for Facebook OAuth2 (IncludedOauth2ProviderConfig).
static usingFusionAuth(scope, id, props)
public static usingFusionAuth(scope: Construct, id: string, props: IncludedOauth2TenantCredentialProviderProps): OAuth2CredentialProvider
Parameters
- scope
Construct - id
string - props
IncludedOauth2 Tenant Credential Provider Props
Returns
Create a credential provider for FusionAuth OAuth2 (IncludedOauth2ProviderConfig).
static usingGithub(scope, id, props)
public static usingGithub(scope: Construct, id: string, props: GithubOAuth2CredentialProviderProps): OAuth2CredentialProvider
Parameters
- scope
Construct - id
string - props
GithubOAuth2 Credential Provider Props
Returns
Create a credential provider for GitHub OAuth2.
static usingGoogle(scope, id, props)
public static usingGoogle(scope: Construct, id: string, props: GoogleOAuth2CredentialProviderProps): OAuth2CredentialProvider
Parameters
- scope
Construct - id
string - props
GoogleOAuth2 Credential Provider Props
Returns
Create a credential provider for Google OAuth2.
static usingHubspot(scope, id, props)
public static usingHubspot(scope: Construct, id: string, props: HubspotOAuth2CredentialProviderProps): OAuth2CredentialProvider
Parameters
- scope
Construct - id
string - props
HubspotOAuth2 Credential Provider Props
Returns
Create a credential provider for HubSpot OAuth2 (IncludedOauth2ProviderConfig).
static usingLinkedin(scope, id, props)
public static usingLinkedin(scope: Construct, id: string, props: LinkedinOAuth2CredentialProviderProps): OAuth2CredentialProvider
Parameters
- scope
Construct - id
string - props
LinkedinOAuth2 Credential Provider Props
Returns
Create a credential provider for LinkedIn OAuth2.
static usingMicrosoft(scope, id, props)
public static usingMicrosoft(scope: Construct, id: string, props: MicrosoftOAuth2CredentialProviderProps): OAuth2CredentialProvider
Parameters
- scope
Construct - id
string - props
MicrosoftOAuth2 Credential Provider Props
Returns
Create a credential provider for Microsoft (Entra ID) OAuth2.
static usingNotion(scope, id, props)
public static usingNotion(scope: Construct, id: string, props: NotionOAuth2CredentialProviderProps): OAuth2CredentialProvider
Parameters
- scope
Construct - id
string - props
NotionOAuth2 Credential Provider Props
Returns
Create a credential provider for Notion OAuth2 (IncludedOauth2ProviderConfig).
static usingOkta(scope, id, props)
public static usingOkta(scope: Construct, id: string, props: IncludedOauth2TenantCredentialProviderProps): OAuth2CredentialProvider
Parameters
- scope
Construct - id
string - props
IncludedOauth2 Tenant Credential Provider Props
Returns
Create a credential provider for Okta OAuth2 (IncludedOauth2ProviderConfig).
static usingOneLogin(scope, id, props)
public static usingOneLogin(scope: Construct, id: string, props: IncludedOauth2TenantCredentialProviderProps): OAuth2CredentialProvider
Parameters
- scope
Construct - id
string - props
IncludedOauth2 Tenant Credential Provider Props
Returns
Create a credential provider for OneLogin OAuth2 (IncludedOauth2ProviderConfig).
static usingPingOne(scope, id, props)
public static usingPingOne(scope: Construct, id: string, props: IncludedOauth2TenantCredentialProviderProps): OAuth2CredentialProvider
Parameters
- scope
Construct - id
string - props
IncludedOauth2 Tenant Credential Provider Props
Returns
Create a credential provider for PingOne OAuth2 (IncludedOauth2ProviderConfig).
static usingReddit(scope, id, props)
public static usingReddit(scope: Construct, id: string, props: RedditOAuth2CredentialProviderProps): OAuth2CredentialProvider
Parameters
- scope
Construct - id
string - props
RedditOAuth2 Credential Provider Props
Returns
Create a credential provider for Reddit OAuth2 (IncludedOauth2ProviderConfig).
static usingSalesforce(scope, id, props)
public static usingSalesforce(scope: Construct, id: string, props: SalesforceOAuth2CredentialProviderProps): OAuth2CredentialProvider
Parameters
- scope
Construct - id
string - props
SalesforceOAuth2 Credential Provider Props
Returns
Create a credential provider for Salesforce OAuth2.
static usingSlack(scope, id, props)
public static usingSlack(scope: Construct, id: string, props: SlackOAuth2CredentialProviderProps): OAuth2CredentialProvider
Parameters
- scope
Construct - id
string - props
SlackOAuth2 Credential Provider Props
Returns
Create a credential provider for Slack OAuth2.
static usingSpotify(scope, id, props)
public static usingSpotify(scope: Construct, id: string, props: SpotifyOAuth2CredentialProviderProps): OAuth2CredentialProvider
Parameters
- scope
Construct - id
string - props
SpotifyOAuth2 Credential Provider Props
Returns
Create a credential provider for Spotify OAuth2 (IncludedOauth2ProviderConfig).
static usingTwitch(scope, id, props)
public static usingTwitch(scope: Construct, id: string, props: TwitchOAuth2CredentialProviderProps): OAuth2CredentialProvider
Parameters
- scope
Construct - id
string - props
TwitchOAuth2 Credential Provider Props
Returns
Create a credential provider for Twitch OAuth2 (IncludedOauth2ProviderConfig).
static usingX(scope, id, props)
public static usingX(scope: Construct, id: string, props: XOAuth2CredentialProviderProps): OAuth2CredentialProvider
Parameters
- scope
Construct - id
string - props
XOAuth2Credential Provider Props
Returns
Create a credential provider for X (Twitter) OAuth2 (IncludedOauth2ProviderConfig).
static usingYandex(scope, id, props)
public static usingYandex(scope: Construct, id: string, props: YandexOAuth2CredentialProviderProps): OAuth2CredentialProvider
Parameters
- scope
Construct - id
string - props
YandexOAuth2 Credential Provider Props
Returns
Create a credential provider for Yandex OAuth2 (IncludedOauth2ProviderConfig).
static usingZoom(scope, id, props)
public static usingZoom(scope: Construct, id: string, props: ZoomOAuth2CredentialProviderProps): OAuth2CredentialProvider
Parameters
- scope
Construct - id
string - props
ZoomOAuth2 Credential Provider Props
Returns
Create a credential provider for Zoom OAuth2 (IncludedOauth2ProviderConfig).