FusionAuth

FusionAuth can be configured as an outbound resource credential provider for AgentCore Identity. This allows your agents to authenticate users through FusionAuth's OAuth2 service and obtain access tokens for FusionAuth API resources.

Outbound

Step 1

Use the following procedure to set up a FusionAuth OAuth2 application and obtain the necessary client credentials for AgentCore Identity.

To configure a FusionAuth OAuth2 application

Open the developer console for FusionAuth.
In the main navigation bar, choose Applications.
Choose Add to create a new application.
Enter a name for your application.
In the form mark the following as required: Client Authentication, PKCE.

For authorized redirect URLs, add the following:


https://bedrock-agentcore.region.amazonaws.com/identities/oauth2/callback

Add the necessary scopes for your application.
Record the client ID and client secret. You'll need this information to configure the FusionAuth resource provider in AgentCore Identity.

For more details, refer to FusionAuth's OAuth documentation.

Step 2

To configure FusionAuth as an outbound resource provider, use the following:


{
  "name": "FusionAuth",
  "credentialProviderVendor": "FusionAuthOauth2",
  "oauth2ProviderConfigInput" : {
    "includedOauth2ProviderConfig": {
      "clientId": "your-client-id",
      "clientSecret": "your-client-secret",
      "authorizeEndpoint": "https://your-tenant-authorization-url",
      "tokenEndpoint": "https://your-tenant-token-endpoint",
      "issuer": "https://your-tenant-token-issuer"
    }
  }
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Facebook

GitHub