AWS bedrock-agentcore medium security documentation change
Summary
Clarified JWT validation requirements by specifying Client ID validation against `client_id` claim and audience validation via `aud` claim
Security assessment
The changes explicitly document security validation mechanisms for JWT tokens, specifically highlighting claim-based validation which is critical for proper authentication security. This helps prevent token misuse by ensuring proper claim verification.
Diff
diff --git a/bedrock-agentcore/latest/devguide/gateway-inbound-auth.md b/bedrock-agentcore/latest/devguide/gateway-inbound-auth.md index 232511dec..7cb216cb4 100644 --- a//bedrock-agentcore/latest/devguide/gateway-inbound-auth.md +++ b//bedrock-agentcore/latest/devguide/gateway-inbound-auth.md @@ -129 +129 @@ In the process of creating the JWT, you should record the following values that - * **Client ID** – The public identifier of a client application that requests a token. + * **Client ID** – The public identifier of a client application that requests a token, validated against the `client_id` claim. @@ -133 +133 @@ In the process of creating the JWT, you should record the following values that - * **Allowed audience** – The identifier that validates the intended recipients or consumers of a token. + * **Allowed audience** – The identifier that validates the intended recipients or consumers of a token via the `aud` claim.