GetWorkloadAccessTokenForJWT - Amazon Bedrock AgentCore

GetWorkloadAccessTokenForJWT

Obtains an Workload access token for agentic workloads acting on behalf of user with JWT token

Request Syntax

POST /identities/GetWorkloadAccessTokenForJWT HTTP/1.1 Content-type: application/json { "userToken": "string", "workloadName": "string" }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

userToken

OAuth2 token issued by the user's identity provider

Type: String

Length Constraints: Minimum length of 1. Maximum length of 131072.

Pattern: [A-Za-z0-9-_=]+.[A-Za-z0-9-_=]+.[A-Za-z0-9-_=]+

Required: Yes

workloadName

Unique identifier for the registered agent

Type: String

Length Constraints: Minimum length of 3. Maximum length of 255.

Pattern: [A-Za-z0-9_.-]+

Required: Yes

Response Syntax

HTTP/1.1 200 Content-type: application/json { "workloadAccessToken": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

workloadAccessToken

Opaque token representing both agent and user identity

Type: String

Length Constraints: Minimum length of 1. Maximum length of 131072.

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

The exception that occurs when you do not have sufficient permissions to perform an action. Verify that your IAM policy includes the necessary permissions for the operation you are trying to perform.

HTTP Status Code: 403

InternalServerException

The exception that occurs when the service encounters an unexpected internal error. This is a temporary condition that will resolve itself with retries. We recommend implementing exponential backoff retry logic in your application.

HTTP Status Code: 500

ResourceNotFoundException

The exception that occurs when the specified resource does not exist. This can happen when using an invalid identifier or when trying to access a resource that has been deleted.

HTTP Status Code: 404

ThrottlingException

The exception that occurs when the request was denied due to request throttling. This happens when you exceed the allowed request rate for an operation. Reduce the frequency of requests or implement exponential backoff retry logic in your application.

HTTP Status Code: 429

UnauthorizedException

This exception is thrown when the JWT bearer token is invalid or not found for OAuth bearer token based access

HTTP Status Code: 401

ValidationException

The exception that occurs when the input fails to satisfy the constraints specified by the service. Check the error message for details about which input parameter is invalid and correct your request.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: