Package software.amazon.awscdk.services.bedrockagentcore

Interface OAuthConfiguration

All Superinterfaces:
software.amazon.jsii.JsiiSerializable
All Known Implementing Classes:
OAuthConfiguration.Jsii$Proxy
@Generated(value="jsii-pacmak/1.129.0 (build eaca441)", date="2026-05-19T08:18:44.488Z") @Stability(Stable) public interface OAuthConfiguration extends software.amazon.jsii.JsiiSerializable
OAuth configuration.

Example: 

 Gateway gateway = Gateway.Builder.create(this, "MyGateway")
         .gatewayName("my-gateway")
         .build();
 // OAuth2 (recommended): use OAuth2CredentialProvider + bindForGatewayOAuthTarget, or ARNs from console/API
 String oauthProviderArn = "arn:aws:bedrock-agentcore:us-east-1:123456789012:token-vault/abc123/oauth2credentialprovider/my-oauth";
 String oauthSecretArn = "arn:aws:secretsmanager:us-east-1:123456789012:secret:my-oauth-secret-abc123";
 // Add an MCP server target directly to the gateway
 GatewayTarget mcpTarget = gateway.addMcpServerTarget("MyMcpServer", AddMcpServerTargetOptions.builder()
         .gatewayTargetName("my-mcp-server")
         .description("External MCP server integration")
         .endpoint("https://my-mcp-server.example.com")
         .credentialProviderConfigurations(List.of(GatewayCredentialProvider.fromOauthIdentityArn(OAuthConfiguration.builder()
                 .providerArn(oauthProviderArn)
                 .secretArn(oauthSecretArn)
                 .scopes(List.of("mcp-runtime-server/invoke"))
                 .build())))
         .build());
 // Grant sync permission to a Lambda function that will trigger synchronization
 Function syncFunction = Function.Builder.create(this, "SyncFunction")
         .runtime(Runtime.PYTHON_3_12)
         .handler("index.handler")
         .code(Code.fromInline("\nimport boto3\n\ndef handler(event, context):\n    client = boto3.client('bedrock-agentcore')\n    response = client.synchronize_gateway_targets(\n        gatewayIdentifier=event['gatewayId'],\n        targetIds=[event['targetId']]\n    )\n    return response\n  "))
         .build();
 mcpTarget.grantSync(syncFunction);

  • Method Details

    • getProviderArn

      @Stability(Stable) @NotNull String getProviderArn()
      The OAuth credential provider ARN.

      This is returned when creating the OAuth credential provider via Console or API. Format: arn:aws:bedrock-agentcore:region:account:token-vault/id/oauth2credentialprovider/name Required: Yes

    • getScopes

      @Stability(Stable) @NotNull List<String> getScopes()
      The OAuth scopes for the credential provider. These scopes define the level of access requested from the OAuth provider.

      Array Members: Minimum number of 0 items. Maximum number of 100 items. Length Constraints: Minimum length of 1. Maximum length of 64. Required: Yes

    • getSecretArn

      @Stability(Stable) @NotNull String getSecretArn()
      The ARN of the Secrets Manager secret containing OAuth credentials (client ID and secret).

      This is returned when creating the OAuth credential provider via Console or API. Format: arn:aws:secretsmanager:region:account:secret:name Required: Yes

    • getCustomParameters

      @Stability(Stable) @Nullable default Map<String,String> getCustomParameters()
      Custom parameters for the OAuth flow.

      Default: - No custom parameters

    • builder

      @Stability(Stable) static OAuthConfiguration.Builder builder()
      Returns:
      a OAuthConfiguration.Builder of OAuthConfiguration