AWS bedrock-agentcore high security documentation change
Summary
Restructured documentation for GitHub OAuth2 integration, corrected callback URL syntax (replaced {region} with `region`), fixed broken GitHub documentation link, and updated identity provider references
Security assessment
The change fixes a critical documentation error in the callback URL template syntax and broken security configuration links. Incorrect callback URLs could lead to OAuth2 flow failures or token leakage. The broken GitHub documentation link previously pointed to an AWS URL, risking misconfiguration of security-sensitive OAuth2 app settings.
Diff
diff --git a/bedrock-agentcore/latest/devguide/identity-idp-github.md b/bedrock-agentcore/latest/devguide/identity-idp-github.md index 4ddd1a08b..ba2388067 100644 --- a//bedrock-agentcore/latest/devguide/identity-idp-github.md +++ b//bedrock-agentcore/latest/devguide/identity-idp-github.md @@ -5,3 +5 @@ -Configuring a OAuth2 application for GithubOutbound - -Amazon Bedrock AgentCore is in preview release and is subject to change. +Outbound @@ -11 +9,3 @@ Amazon Bedrock AgentCore is in preview release and is subject to change. -You can set up GitHub as an outbound provider using GitHub OAuth 2.0. +GitHub can be configured as an AgentCore Identity credential provider for outbound resource access. This allows your agents to authenticate users through GitHub's OAuth2 service and obtain access tokens for GitHub API resources. + +## Outbound @@ -13 +13,3 @@ You can set up GitHub as an outbound provider using GitHub OAuth 2.0. -## Configuring a OAuth2 application for Github +**Step 1** + +Use the following procedure to set up a GitHub OAuth2 application and obtain the necessary client credentials for AgentCore Identity. @@ -25 +27 @@ You can set up GitHub as an outbound provider using GitHub OAuth 2.0. - 5. Enter the necessary details specific to your application. For authorization callback URL provide the following: + 5. Enter the necessary details specific to your application. For authorization callback URL enter the following: @@ -27 +29 @@ You can set up GitHub as an outbound provider using GitHub OAuth 2.0. - * `https://bedrock-agentcore.{region}.amazonaws.com/identities/oauth2/callback` + * `https://bedrock-agentcore.`region`.amazonaws.com/identities/oauth2/callback` @@ -44 +46 @@ Github only returns the full secret when it is created. If you lose track of it -For more details, refer to Github's documentation [Creating an OAuth app](https://docs.aws.amazon.com/https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app). +For more details, refer to Github's documentation [Creating an OAuth app](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app). @@ -46 +48 @@ For more details, refer to Github's documentation [Creating an OAuth app](https: -## Outbound +**Step 2** @@ -68 +70 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Auth0 by Okta +FusionAuth