AWS devopsagent documentation change
Summary
Updated OAuth configuration steps: clarified client credentials, added authorization URL/code challenge fields, restructured API key setup, and removed redundant sections.
Security assessment
Changes improve documentation for OAuth/API key authentication security features but show no evidence of addressing a specific vulnerability. Enhanced clarity for security configurations (client secrets, scopes) helps users implement authentication correctly.
Diff
diff --git a/devopsagent/latest/userguide/configuring-capabilities-for-aws-devops-agent-connecting-mcp-servers.md b/devopsagent/latest/userguide/configuring-capabilities-for-aws-devops-agent-connecting-mcp-servers.md index c11aea72d..cf1f5005b 100644 --- a//devopsagent/latest/userguide/configuring-capabilities-for-aws-devops-agent-connecting-mcp-servers.md +++ b//devopsagent/latest/userguide/configuring-capabilities-for-aws-devops-agent-connecting-mcp-servers.md @@ -114 +114 @@ Configure additional authorization parameters based on the selected authenticati - 1. **Client ID** – Enter the client ID for your MCP server + 1. **Client ID** – Enter the client ID of the OAuth client @@ -116 +116 @@ Configure additional authorization parameters based on the selected authenticati - 2. **Client Secret** – Enter the client secret for your MCP server + 2. **Client Secret** – Enter the client secret of the OAuth client @@ -118 +118 @@ Configure additional authorization parameters based on the selected authenticati - 3. **Exchange URL** – Enter the OAuth token exchange URL + 3. **Exchange URL** – Enter the OAuth token exchange endpoint URL @@ -122 +122 @@ Configure additional authorization parameters based on the selected authenticati - 5. **Add Scope** – Add OAuth scopes for authentication (the service will always request scope `offline_access`) + 5. **Add Scope** – Add OAuth scopes for authentication @@ -131 +131 @@ Configure additional authorization parameters based on the selected authenticati - 1. Configure the OAuth 3LO parameters as required by your MCP server + 1. **Client ID** – Enter the client ID of the OAuth client @@ -133 +133 @@ Configure additional authorization parameters based on the selected authenticati - 2. The service will always request scope `offline_access` + 2. **Client Secret** – Enter the client secret of the OAuth client if it’s required by your OAuth client @@ -135 +135 @@ Configure additional authorization parameters based on the selected authenticati - 3. Click **Next** + 3. **Exchange URL** – Enter the OAuth token exchange endpoint URL @@ -136,0 +137 @@ Configure additional authorization parameters based on the selected authenticati + 4. **Authorization URL** \- Enter the OAuth authorization endpoint URL @@ -137,0 +139 @@ Configure additional authorization parameters based on the selected authenticati + 5. **Code Challenge Support** \- Select this checkbox if your OAuth client supports code challenge @@ -138,0 +141 @@ Configure additional authorization parameters based on the selected authenticati + 6. **Add Scope** – Add OAuth scopes for authentication @@ -140,11 +143 @@ Configure additional authorization parameters based on the selected authenticati -**For API Key:** - - 1. Enter your API key - - 2. Configure header name (default: "Authorization") - - 3. Configure token prefix (if needed) - - 4. Click **Next** - - + 7. Click **Next** @@ -153,3 +145,0 @@ Configure additional authorization parameters based on the selected authenticati -### Step 4: Authorization configuration - -Configure additional authorization parameters based on the selected authentication method: @@ -157 +146,0 @@ Configure additional authorization parameters based on the selected authenticati -**For OAuth 2.0:** @@ -159,12 +148 @@ Configure additional authorization parameters based on the selected authenticati - 1. Enter Client ID and Client Secret (if not using Dynamic Client Registration) - - 2. Configure scopes required for accessing your MCP server - - 3. Add any additional OAuth parameters required by your server - - 4. Click **Next** - - - - -**For API Key or Bearer Token:** +**For API Key:** @@ -172 +150 @@ Configure additional authorization parameters based on the selected authenticati - 1. Enter your API key or bearer token + 1. Enter an API key name @@ -174 +152 @@ Configure additional authorization parameters based on the selected authenticati - 2. Configure header name (default: "Authorization") + 2. Enter the the name of the header that will contain the API key in the request @@ -176 +154 @@ Configure additional authorization parameters based on the selected authenticati - 3. Configure token prefix (if needed) + 3. Enter your API key value @@ -183 +161 @@ Configure additional authorization parameters based on the selected authenticati -### Step 5: Review and submit +### Step 4: Review and submit