Package software.amazon.awscdk.services.bedrockagentcore

Interface IOAuth2CredentialProvider

All Superinterfaces:
software.constructs.IConstruct, software.constructs.IDependable, IEnvironmentAware, IGrantable, IOAuth2CredentialProviderRef, IResource, software.amazon.jsii.JsiiSerializable
All Known Subinterfaces:
IOAuth2CredentialProvider.Jsii$Default
All Known Implementing Classes:
IOAuth2CredentialProvider.Jsii$Proxy, OAuth2CredentialProvider
@Generated(value="jsii-pacmak/1.129.0 (build eaca441)", date="2026-05-19T08:18:44.446Z") @Stability(Stable) public interface IOAuth2CredentialProvider extends software.amazon.jsii.JsiiSerializable, IResource, IGrantable, IOAuth2CredentialProviderRef
An OAuth2 credential provider registered in AgentCore Token Vault.

  • Method Details

    • getCredentialProviderArn

      @Stability(Stable) @NotNull String getCredentialProviderArn()
      The ARN of this credential provider.

    • getCredentialProviderVendor

      @Stability(Stable) @NotNull String getCredentialProviderVendor()
      OAuth2 vendor string passed to CloudFormation.

    • getCallbackUrl

      @Stability(Stable) @Nullable default String getCallbackUrl()
      Callback URL for the OAuth2 authorization flow.

    • getClientSecretArn

      @Stability(Stable) @Nullable default String getClientSecretArn()
      The ARN of the Secrets Manager secret for the OAuth2 client credentials.

      May be undefined for resources imported without this attribute.

    • getCreatedTime

      @Stability(Stable) @Nullable default String getCreatedTime()
      Timestamp when the credential provider was created.

    • getLastUpdatedTime

      @Stability(Stable) @Nullable default String getLastUpdatedTime()
      Timestamp when the credential provider was last updated.

    • bindForGatewayOAuthTarget

      @Stability(Stable) @NotNull GatewayOAuth2IdentityBinding bindForGatewayOAuthTarget(@NotNull List<String> scopes, @Nullable Map<String,String> customParameters)
      ARNs and OAuth scopes for gateway targets (GatewayCredentialProvider.fromOauthIdentity or fromOauthIdentityArn).

      Parameters:
      scopes - This parameter is required.
      customParameters -

    • bindForGatewayOAuthTarget

      @Stability(Stable) @NotNull GatewayOAuth2IdentityBinding bindForGatewayOAuthTarget(@NotNull List<String> scopes)
      ARNs and OAuth scopes for gateway targets (GatewayCredentialProvider.fromOauthIdentity or fromOauthIdentityArn).

      Parameters:
      scopes - This parameter is required.

    • grant

      @Stability(Stable) @NotNull Grant grant(@NotNull IGrantable grantee, @NotNull String... actions)
      Grants IAM actions to the IAM principal.

      Parameters:
      grantee - This parameter is required.
      actions - This parameter is required.

    • grantAdmin

      @Stability(Stable) @NotNull Grant grantAdmin(@NotNull IGrantable grantee)
      Grant control plane permissions to manage this provider.

      Parameters:
      grantee - This parameter is required.

    • grantFullAccess

      @Stability(Stable) @NotNull Grant grantFullAccess(@NotNull IGrantable grantee)
      Grant read, admin, and token retrieval permissions.

      Parameters:
      grantee - This parameter is required.

    • grantRead

      @Stability(Stable) @NotNull Grant grantRead(@NotNull IGrantable grantee)
      Grant GetOauth2CredentialProvider and ListOauth2CredentialProviders, scoped to this provider and parent resources required by the Bedrock AgentCore authorization model.

      Parameters:
      grantee - This parameter is required.

    • grantUse

      @Stability(Stable) @NotNull Grant grantUse(@NotNull IGrantable grantee)
      Grant permission to retrieve OAuth tokens (GetResourceOauth2Token, CompleteResourceTokenAuth).

      Parameters:
      grantee - This parameter is required.