CustomOAuth2CredentialProviderProps

class aws_cdk.aws_bedrockagentcore.CustomOAuth2CredentialProviderProps(*, o_auth2_credential_provider_name=None, tags=None, client_id, client_secret, authorization_server_metadata=None, discovery_url=None)

Bases: OAuth2CredentialProviderFactoryBaseProps

Props for {@link OAuth2CredentialProvider.usingCustom}.

Set exactly one of {@link discoveryUrl} (OIDC discovery document) or {@link authorizationServerMetadata} (static OAuth2 server metadata). Do not pass both.

Parameters:

  • o_auth2_credential_provider_name (Optional[str]) – Name of the credential provider. Default: a name generated by CDK

  • tags (Optional[Mapping[str, str]]) – Tags for this credential provider. Default: - no tags

  • client_id (str) – OAuth2 client identifier.

  • client_secret (SecretValue) – OAuth2 client secret. NOTE: The client secret will be included in the CloudFormation template as part of synthesis. The service stores the secret in Secrets Manager after creation, but the value is visible in the template and deployment history. Use SecretValue.unsafePlainText() to explicitly acknowledge plaintext, or pass a reference from another construct to avoid embedding the literal value.

  • authorization_server_metadata (Union[OAuth2AuthorizationServerMetadata, Dict[str, Any], None]) – Authorization server metadata (issuer, authorization and token endpoints) when not using a discovery URL. Default: - not used when {@link discoveryUrl } is set

  • discovery_url (Optional[str]) – OIDC/OAuth2 discovery document URL for dynamic integration with the identity provider. Default: - not used when {@link authorizationServerMetadata } is set

ExampleMetadata:

fixture=default infused

Example:

agentcore.OAuth2CredentialProvider.using_custom(self, "CustomOAuth",
    o_auth2_credential_provider_name="custom-idp",
    client_id="your-client-id",
    client_secret=cdk.SecretValue.unsafe_plain_text("your-client-secret"),
    discovery_url="https://idp.example.com/.well-known/openid-configuration"
)

Attributes

authorization_server_metadata

Authorization server metadata (issuer, authorization and token endpoints) when not using a discovery URL.

Default:

  • not used when {@link discoveryUrl } is set

client_id

OAuth2 client identifier.

client_secret

OAuth2 client secret.

NOTE: The client secret will be included in the CloudFormation template as part of synthesis. The service stores the secret in Secrets Manager after creation, but the value is visible in the template and deployment history. Use SecretValue.unsafePlainText() to explicitly acknowledge plaintext, or pass a reference from another construct to avoid embedding the literal value.

discovery_url

OIDC/OAuth2 discovery document URL for dynamic integration with the identity provider.

Default:

  • not used when {@link authorizationServerMetadata } is set

o_auth2_credential_provider_name

Name of the credential provider.

Default:

a name generated by CDK

tags

Tags for this credential provider.

Default:

  • no tags