AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2025-10-16 · Documentation medium

File: cli/latest/reference/bedrock-agentcore-control/get-oauth2-credential-provider.md

Summary

Expanded OAuth2 provider support with new vendor configurations, added callback URL documentation, and detailed authentication method constraints

Security assessment

The changes add documentation about OAuth2 security configurations including authentication methods (client_secret_post/client_secret_basic), callback URL validation, and client ID constraints. While these are security-related features, there's no evidence of addressing a specific vulnerability. The changes appear to enhance documentation of security best practices for OAuth2 integration.

Diff

diff --git a/cli/latest/reference/bedrock-agentcore-control/get-oauth2-credential-provider.md b/cli/latest/reference/bedrock-agentcore-control/get-oauth2-credential-provider.md
index a2cc51ca6..92ad829bd 100644
--- a//cli/latest/reference/bedrock-agentcore-control/get-oauth2-credential-provider.md
+++ b//cli/latest/reference/bedrock-agentcore-control/get-oauth2-credential-provider.md
@@ -15 +15 @@
-  * [AWS CLI 2.31.13 Command Reference](../../index.html) »
+  * [AWS CLI 2.31.16 Command Reference](../../index.html) »
@@ -250,0 +251,19 @@ credentialProviderVendor -> (string)
+>   * `AtlassianOauth2`
+>   * `LinkedinOauth2`
+>   * `XOauth2`
+>   * `OktaOauth2`
+>   * `OneLoginOauth2`
+>   * `PingOneOauth2`
+>   * `FacebookOauth2`
+>   * `YandexOauth2`
+>   * `RedditOauth2`
+>   * `ZoomOauth2`
+>   * `TwitchOauth2`
+>   * `SpotifyOauth2`
+>   * `DropboxOauth2`
+>   * `NotionOauth2`
+>   * `HubspotOauth2`
+>   * `CyberArkOauth2`
+>   * `FusionAuthOauth2`
+>   * `Auth0Oauth2`
+>   * `CognitoOauth2`
@@ -253,0 +273,4 @@ credentialProviderVendor -> (string)
+callbackUrl -> (string)
+
+> Callback URL to register on the OAuth2 credential provider as an allowed callback URL. This URL is where the OAuth2 authorization server redirects users after they complete the authorization flow.
+
@@ -260 +283 @@ oauth2ProviderConfigOutput -> (tagged union structure)
-> This is a Tagged Union structure. Only one of the following top level keys can be set: `customOauth2ProviderConfig`, `googleOauth2ProviderConfig`, `githubOauth2ProviderConfig`, `slackOauth2ProviderConfig`, `salesforceOauth2ProviderConfig`, `microsoftOauth2ProviderConfig`.
+> This is a Tagged Union structure. Only one of the following top level keys can be set: `customOauth2ProviderConfig`, `googleOauth2ProviderConfig`, `githubOauth2ProviderConfig`, `slackOauth2ProviderConfig`, `salesforceOauth2ProviderConfig`, `microsoftOauth2ProviderConfig`, `atlassianOauth2ProviderConfig`, `linkedinOauth2ProviderConfig`, `includedOauth2ProviderConfig`.
@@ -304,0 +328,30 @@ oauth2ProviderConfigOutput -> (tagged union structure)
+>>>> 
+>>>> tokenEndpointAuthMethods -> (list)
+>>>>
+>>>>> The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * min: `1`
+>>>>>   * max: `2`
+>>>>> 
+
+>>>>> 
+>>>>> (string)
+>>>>>
+>>>>>> Constraints:
+>>>>>> 
+>>>>>>   * pattern: `(client_secret_post|client_secret_basic)`
+>>>>>> 
+
+>> 
+>> clientId -> (string)
+>>
+>>> The client ID for the custom OAuth2 provider.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `1`
+>>>   * max: `256`
+>>> 
+
@@ -348,0 +402,30 @@ oauth2ProviderConfigOutput -> (tagged union structure)
+>>>> 
+>>>> tokenEndpointAuthMethods -> (list)
+>>>>
+>>>>> The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * min: `1`
+>>>>>   * max: `2`
+>>>>> 
+
+>>>>> 
+>>>>> (string)
+>>>>>
+>>>>>> Constraints:
+>>>>>> 
+>>>>>>   * pattern: `(client_secret_post|client_secret_basic)`
+>>>>>> 
+
+>> 
+>> clientId -> (string)
+>>
+>>> The client ID for the Google OAuth2 provider.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `1`
+>>>   * max: `256`
+>>> 
+
@@ -392,0 +476,30 @@ oauth2ProviderConfigOutput -> (tagged union structure)
+>>>> 
+>>>> tokenEndpointAuthMethods -> (list)
+>>>>
+>>>>> The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * min: `1`
+>>>>>   * max: `2`
+>>>>> 
+
+>>>>> 
+>>>>> (string)
+>>>>>
+>>>>>> Constraints:
+>>>>>> 
+>>>>>>   * pattern: `(client_secret_post|client_secret_basic)`
+>>>>>> 
+
+>> 
+>> clientId -> (string)
+>>
+>>> The client ID for the GitHub OAuth2 provider.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `1`
+>>>   * max: `256`
+>>> 
+
@@ -436,0 +550,30 @@ oauth2ProviderConfigOutput -> (tagged union structure)
+>>>> 
+>>>> tokenEndpointAuthMethods -> (list)
+>>>>
+>>>>> The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * min: `1`
+>>>>>   * max: `2`
+>>>>> 
+
+>>>>> 
+>>>>> (string)
+>>>>>
+>>>>>> Constraints:
+>>>>>> 
+>>>>>>   * pattern: `(client_secret_post|client_secret_basic)`
+>>>>>> 
+
+>> 
+>> clientId -> (string)
+>>
+>>> The client ID for the Slack OAuth2 provider.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `1`
+>>>   * max: `256`
+>>> 
+
@@ -480,0 +624,30 @@ oauth2ProviderConfigOutput -> (tagged union structure)
+>>>> 
+>>>> tokenEndpointAuthMethods -> (list)
+>>>>
+>>>>> The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * min: `1`
+>>>>>   * max: `2`
+>>>>> 
+
+>>>>> 
+>>>>> (string)
+>>>>>
+>>>>>> Constraints:
+>>>>>> 
+>>>>>>   * pattern: `(client_secret_post|client_secret_basic)`
+>>>>>> 
+
+>> 
+>> clientId -> (string)
+>>
+>>> The client ID for the Salesforce OAuth2 provider.
+>>> 
+>>> Constraints:
+>>> 
+>>>   * min: `1`
+>>>   * max: `256`
+>>> 
+
@@ -524,0 +698,252 @@ oauth2ProviderConfigOutput -> (tagged union structure)
+>>>> 
+>>>> tokenEndpointAuthMethods -> (list)
+>>>>
+>>>>> The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
+>>>>> 
+>>>>> Constraints:
+>>>>> 
+>>>>>   * min: `1`
+>>>>>   * max: `2`