AWS Security ChangesHomeSearch

AWS amazonq medium security documentation change

Service: amazonq · 2025-07-18 · Security-related medium

File: amazonq/latest/qbusiness-ug/plugins-api-schema.md

Summary

Added OAuth2 security requirements and fixed 'oauth2' type typo in OpenAPI schema documentation

Security assessment

Critical correction of security scheme type typo (ouath2 → oauth2) that could lead to misconfigurations, plus added OAuth2 security documentation

Diff

diff --git a/amazonq/latest/qbusiness-ug/plugins-api-schema.md b/amazonq/latest/qbusiness-ug/plugins-api-schema.md
index 4c73d41d1..8ebc1fb00 100644
--- a//amazonq/latest/qbusiness-ug/plugins-api-schema.md
+++ b//amazonq/latest/qbusiness-ug/plugins-api-schema.md
@@ -39 +39,2 @@ The following is the general format of an OpenAPI schema for a custom plugin.
-                    "responses": { ... }
+                    "responses": { ... },
+                    "security": [ ... ]
@@ -41,0 +43,4 @@ The following is the general format of an OpenAPI schema for a custom plugin.
+        },
+        "security": [
+            {
+                "OAuth2": ["read", "write"]
@@ -42,0 +48 @@ The following is the general format of an OpenAPI schema for a custom plugin.
+        ],
@@ -59,0 +66,2 @@ The following list describes fields in the OpenAPI schema
+  * `security` – (Required when using authentication) Defines which security schemes are applied to the whole API or specific operations. This is required when using OAuth authentication.
+
@@ -237 +245 @@ Following is the general structure of a `securityScheme` field:
-    ""securitySchemes": {
+    "securitySchemes": {
@@ -255 +263 @@ If your API requires OAuth authorization, the OpenAPI schema needs to include se
-  * `type` – Must be `ouath2`.
+  * `type` – Must be `oauth2`.