AWS::BedrockAgentCore::OAuth2CredentialProvider CustomOauth2ProviderConfigInput

Input configuration for a custom OAuth2 provider.

Syntax

To declare this entity in your CloudFormation template, use the following syntax:

JSON


{
  "ClientAuthenticationMethod" : String,
  "ClientId" : String,
  "ClientSecret" : String,
  "ClientSecretConfig" : SecretReference,
  "ClientSecretSource" : String,
  "OauthDiscovery" : Oauth2Discovery,
  "OnBehalfOfTokenExchangeConfig" : OnBehalfOfTokenExchangeConfig
}

YAML


  ClientAuthenticationMethod: String
  ClientId: String
  ClientSecret: String
  ClientSecretConfig: 
    SecretReference
  ClientSecretSource: String
  OauthDiscovery: 
    Oauth2Discovery
  OnBehalfOfTokenExchangeConfig: 
    OnBehalfOfTokenExchangeConfig

Properties

ClientAuthenticationMethod

The client authentication method to use when authenticating with the token endpoint.

Required: No

Type: String

Allowed values: CLIENT_SECRET_BASIC | CLIENT_SECRET_POST | AWS_IAM_ID_TOKEN_JWT

Update requires: No interruption

ClientId

The client ID for the custom OAuth2 provider.

Required: No

Type: String

Minimum: 1

Maximum: 256

Update requires: No interruption

ClientSecret

The client secret for the custom OAuth2 provider.

Required: No

Type: String

Minimum: 1

Maximum: 2048

Update requires: No interruption

ClientSecretConfig

A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when clientSecretSource is set to EXTERNAL.

Required: No

Type: SecretReference

Update requires: No interruption

ClientSecretSource

The source type of the client secret. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.

Required: No

Type: String

Allowed values: MANAGED | EXTERNAL

Update requires: No interruption

OauthDiscovery

The OAuth2 discovery information for the custom provider.

Required: Yes

Type: Oauth2Discovery

Update requires: No interruption

OnBehalfOfTokenExchangeConfig

The configuration for on-behalf-of token exchange. This enables authentication flows that use RFC 8693 token exchange or RFC 7523 JWT authorization grants.

Required: No

Type: OnBehalfOfTokenExchangeConfig

Update requires: No interruption

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

ClientSecretArn

GithubOauth2ProviderConfigInput