CustomOAuth2CredentialProviderProps

class aws_cdk.aws_bedrock_agentcore_alpha.CustomOAuth2CredentialProviderProps(*, o_auth2_credential_provider_name=None, tags=None, client_id, client_secret, authorization_server_metadata=None, discovery_url=None)

Bases: OAuth2CredentialProviderFactoryBaseProps

(experimental) Props for {@link OAuth2CredentialProvider.usingCustom}.

Set exactly one of {@link discoveryUrl} (OIDC discovery document) or {@link authorizationServerMetadata} (static OAuth2 server metadata). Do not pass both.

Parameters:

  • o_auth2_credential_provider_name (Optional[str]) – (experimental) Name of the credential provider. Default: a name generated by CDK

  • tags (Optional[Mapping[str, str]]) – (experimental) Tags for this credential provider. Default: - no tags

  • client_id (str) – (experimental) OAuth2 client identifier.

  • client_secret (SecretValue) – (experimental) OAuth2 client secret. NOTE: The client secret will be included in the CloudFormation template as part of synthesis. The service stores the secret in Secrets Manager after creation, but the value is visible in the template and deployment history. Use SecretValue.unsafePlainText() to explicitly acknowledge plaintext, or pass a reference from another construct to avoid embedding the literal value.

  • authorization_server_metadata (Union[OAuth2AuthorizationServerMetadata, Dict[str, Any], None]) – (experimental) Authorization server metadata (issuer, authorization and token endpoints) when not using a discovery URL. Default: - not used when {@link discoveryUrl } is set

  • discovery_url (Optional[str]) – (experimental) OIDC/OAuth2 discovery document URL for dynamic integration with the identity provider. Default: - not used when {@link authorizationServerMetadata } is set

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_bedrock_agentcore_alpha as bedrock_agentcore_alpha
import aws_cdk as cdk

# secret_value: cdk.SecretValue

custom_oAuth2_credential_provider_props = bedrock_agentcore_alpha.CustomOAuth2CredentialProviderProps(
    client_id="clientId",
    client_secret=secret_value,

    # the properties below are optional
    authorization_server_metadata=bedrock_agentcore_alpha.OAuth2AuthorizationServerMetadata(
        authorization_endpoint="authorizationEndpoint",
        issuer="issuer",
        token_endpoint="tokenEndpoint",

        # the properties below are optional
        response_types=["responseTypes"]
    ),
    discovery_url="discoveryUrl",
    o_auth2_credential_provider_name="oAuth2CredentialProviderName",
    tags={
        "tags_key": "tags"
    }
)

Attributes

authorization_server_metadata

(experimental) Authorization server metadata (issuer, authorization and token endpoints) when not using a discovery URL.

Default:

  • not used when {@link discoveryUrl } is set

Stability:

experimental

client_id

(experimental) OAuth2 client identifier.

Stability:

experimental

client_secret

(experimental) OAuth2 client secret.

NOTE: The client secret will be included in the CloudFormation template as part of synthesis. The service stores the secret in Secrets Manager after creation, but the value is visible in the template and deployment history. Use SecretValue.unsafePlainText() to explicitly acknowledge plaintext, or pass a reference from another construct to avoid embedding the literal value.

Stability:

experimental

discovery_url

(experimental) OIDC/OAuth2 discovery document URL for dynamic integration with the identity provider.

Default:

  • not used when {@link authorizationServerMetadata } is set

Stability:

experimental

o_auth2_credential_provider_name

(experimental) Name of the credential provider.

Default:

a name generated by CDK

Stability:

experimental

tags

(experimental) Tags for this credential provider.

Default:

  • no tags

Stability:

experimental