AWS bedrock-agentcore documentation change
Summary
Added detailed Google OAuth2 configuration steps including redirect URI validation
Security assessment
Provides security-focused documentation for OAuth2 setup with proper redirect URI configuration and secret storage guidance, but no specific vulnerability addressed.
Diff
diff --git a/bedrock-agentcore/latest/devguide/identity-idp-google.md b/bedrock-agentcore/latest/devguide/identity-idp-google.md index 7d3172996..720ad67ab 100644 --- a//bedrock-agentcore/latest/devguide/identity-idp-google.md +++ b//bedrock-agentcore/latest/devguide/identity-idp-google.md @@ -5 +5 @@ -Outbound +Configuring a Google OAuth2 ApplicationOutbound @@ -10,0 +11,39 @@ Amazon Bedrock AgentCore is in preview release and is subject to change. +You can set up Google as an outbound provider using Google OAuth 2.0. + +## Configuring a Google OAuth2 Application + +###### To configure a Google OAuth2 application + + 1. Create a [developer account with Google](https://docs.aws.amazon.com/https://developers.google.com/identity). + + 2. Sign in to the [Google Cloud Platform console](https://docs.aws.amazon.com/https://console.cloud.google.com/home/dashboard). + + 3. From the top navigation bar, choose **Select a project**. If you already have a project in the Google platform, this menu displays your default project instead. + + 4. Choose **NEW PROJECT**. + + 5. Enter a name for your product and then choose **CREATE**. + + 6. On the left navigation bar, choose **APIs and Services** , and then choose **OAuth consent screen**. + + 7. Enter the app information, an **App domain** , **Authorized domains** , and **Developer contact information**. Your **Authorized domains** must include `bedrock-agentcore.{region}.amazonaws.com`. Choose **SAVE AND CONTINUE**. + + 8. Under **Scopes** , choose **Add or remove scopes** , and then choose the scopes necessary for your application. + + 9. Expand the left navigation bar again, choose **APIs and Services** , and then choose **Credentials**. + + 10. Choose **CREATE CREDENTIALS** , and then choose **OAuth client ID**. + + 11. Choose an **Application type** and give your client a **Name**. + + 12. Under **Authorized redirect URIs** , choose **ADD URI**. Enter the following: + + * `https://bedrock-agentcore.{region}.amazonaws.com/identities/oauth2/callback` + + 13. Choose **CREATE**. + + 14. Securely store the values that Google displays under **Your client ID** and **Your client secret**. Provide these values to AgentCore Identity when you add a Google credential provider. + + + +