GetResourceOauth2Token - Amazon Bedrock AgentCore
Request SyntaxURI Request ParametersRequest BodyResponse SyntaxResponse ElementsErrorsSee Also

GetResourceOauth2Token

Reaturns the Oauth2Token of the provided resource

Request Syntax

POST /identities/oauth2/token HTTP/1.1
Content-type: application/json

{
   "customParameters": { 
      "string" : "string" 
   },
   "forceAuthentication": boolean,
   "oauth2Flow": "string",
   "resourceCredentialProviderName": "string",
   "resourceOauth2ReturnUrl": "string",
   "scopes": [ "string" ],
   "userId": "string",
   "workloadIdentityToken": "string"
}

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

customParameters

Gives the ability to send extra/custom parameters to the resource credentials provider during the authorization process. Standard OAuth2 flow parameters will not be overriden.

Type: String to string map

Key Length Constraints: Minimum length of 1. Maximum length of 256.

Key Pattern: [a-zA-Z0-9\-_\.]+

Value Length Constraints: Minimum length of 1. Maximum length of 2048.

Required: No

forceAuthentication

If true, always initiate a new 3LO flow

Type: Boolean

Required: No

oauth2Flow

The type of flow to be performed

Type: String

Valid Values: USER_FEDERATION | M2M

Required: Yes

resourceCredentialProviderName

Reference to the credential provider

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [a-zA-Z0-9\-_]+

Required: Yes

resourceOauth2ReturnUrl

Callback url to redirect after token retrieval completes. Should be one of the provideded urls during WorkloadIdentity creation

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Pattern: \w+:(\/?\/?)[^\s]+

Required: No

scopes

The OAuth scopes requested

Type: Array of strings

Length Constraints: Minimum length of 1. Maximum length of 128.

Required: Yes

userId

The user ID of the user you're retrieving the token on behalf of.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Required: No

workloadIdentityToken

The identity token of the workload you want to retrive the Oauth2 Token of.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 131072.

Required: Yes

Response Syntax

HTTP/1.1 200
Content-type: application/json

{
   "accessToken": "string",
   "authorizationUrl": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

accessToken

OAuth2 token ready for use

Type: String

Length Constraints: Minimum length of 1. Maximum length of 131072.

authorizationUrl

The URL for the authorization process, provided if the Access token requires user Authorization.

Type: String

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

The exception that occurs when you do not have sufficient permissions to perform an action. Verify that your IAM policy includes the necessary permissions for the operation you are trying to perform.

HTTP Status Code: 403

InternalServerException

The exception that occurs when the service encounters an unexpected internal error. This is a temporary condition that will resolve itself with retries. We recommend implementing exponential backoff retry logic in your application.

HTTP Status Code: 500

ResourceNotFoundException

The exception that occurs when the specified resource does not exist. This can happen when using an invalid identifier or when trying to access a resource that has been deleted.

HTTP Status Code: 404

ThrottlingException

The exception that occurs when the request was denied due to request throttling. This happens when you exceed the allowed request rate for an operation. Reduce the frequency of requests or implement exponential backoff retry logic in your application.

HTTP Status Code: 429

UnauthorizedException

This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access

HTTP Status Code: 401

ValidationException

The exception that occurs when the input fails to satisfy the constraints specified by the service. Check the error message for details about which input parameter is invalid and correct your request.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: