AWS Security ChangesHomeSearch

AWS devopsagent documentation change

Service: devopsagent · 2026-01-16 · Documentation low

File: devopsagent/latest/userguide/configuring-capabilities-for-aws-devops-agent-connecting-mcp-servers.md

Summary

Updated OAuth configuration steps: clarified client credentials, added authorization URL/code challenge fields, restructured API key setup, and removed redundant sections.

Security assessment

Changes improve documentation for OAuth/API key authentication security features but show no evidence of addressing a specific vulnerability. Enhanced clarity for security configurations (client secrets, scopes) helps users implement authentication correctly.

Diff

diff --git a/devopsagent/latest/userguide/configuring-capabilities-for-aws-devops-agent-connecting-mcp-servers.md b/devopsagent/latest/userguide/configuring-capabilities-for-aws-devops-agent-connecting-mcp-servers.md
index c11aea72d..cf1f5005b 100644
--- a//devopsagent/latest/userguide/configuring-capabilities-for-aws-devops-agent-connecting-mcp-servers.md
+++ b//devopsagent/latest/userguide/configuring-capabilities-for-aws-devops-agent-connecting-mcp-servers.md
@@ -114 +114 @@ Configure additional authorization parameters based on the selected authenticati
-  1. **Client ID** – Enter the client ID for your MCP server
+  1. **Client ID** – Enter the client ID of the OAuth client
@@ -116 +116 @@ Configure additional authorization parameters based on the selected authenticati
-  2. **Client Secret** – Enter the client secret for your MCP server
+  2. **Client Secret** – Enter the client secret of the OAuth client
@@ -118 +118 @@ Configure additional authorization parameters based on the selected authenticati
-  3. **Exchange URL** – Enter the OAuth token exchange URL
+  3. **Exchange URL** – Enter the OAuth token exchange endpoint URL
@@ -122 +122 @@ Configure additional authorization parameters based on the selected authenticati
-  5. **Add Scope** – Add OAuth scopes for authentication (the service will always request scope `offline_access`)
+  5. **Add Scope** – Add OAuth scopes for authentication
@@ -131 +131 @@ Configure additional authorization parameters based on the selected authenticati
-  1. Configure the OAuth 3LO parameters as required by your MCP server
+  1. **Client ID** – Enter the client ID of the OAuth client
@@ -133 +133 @@ Configure additional authorization parameters based on the selected authenticati
-  2. The service will always request scope `offline_access`
+  2. **Client Secret** – Enter the client secret of the OAuth client if it’s required by your OAuth client
@@ -135 +135 @@ Configure additional authorization parameters based on the selected authenticati
-  3. Click **Next**
+  3. **Exchange URL** – Enter the OAuth token exchange endpoint URL
@@ -136,0 +137 @@ Configure additional authorization parameters based on the selected authenticati
+  4. **Authorization URL** \- Enter the OAuth authorization endpoint URL
@@ -137,0 +139 @@ Configure additional authorization parameters based on the selected authenticati
+  5. **Code Challenge Support** \- Select this checkbox if your OAuth client supports code challenge
@@ -138,0 +141 @@ Configure additional authorization parameters based on the selected authenticati
+  6. **Add Scope** – Add OAuth scopes for authentication
@@ -140,11 +143 @@ Configure additional authorization parameters based on the selected authenticati
-**For API Key:**
-
-  1. Enter your API key
-
-  2. Configure header name (default: "Authorization")
-
-  3. Configure token prefix (if needed)
-
-  4. Click **Next**
-
-
+  7. Click **Next**
@@ -153,3 +145,0 @@ Configure additional authorization parameters based on the selected authenticati
-### Step 4: Authorization configuration
-
-Configure additional authorization parameters based on the selected authentication method:
@@ -157 +146,0 @@ Configure additional authorization parameters based on the selected authenticati
-**For OAuth 2.0:**
@@ -159,12 +148 @@ Configure additional authorization parameters based on the selected authenticati
-  1. Enter Client ID and Client Secret (if not using Dynamic Client Registration)
-
-  2. Configure scopes required for accessing your MCP server
-
-  3. Add any additional OAuth parameters required by your server
-
-  4. Click **Next**
-
-
-
-
-**For API Key or Bearer Token:**
+**For API Key:**
@@ -172 +150 @@ Configure additional authorization parameters based on the selected authenticati
-  1. Enter your API key or bearer token
+  1. Enter an API key name
@@ -174 +152 @@ Configure additional authorization parameters based on the selected authenticati
-  2. Configure header name (default: "Authorization")
+  2. Enter the the name of the header that will contain the API key in the request
@@ -176 +154 @@ Configure additional authorization parameters based on the selected authenticati
-  3. Configure token prefix (if needed)
+  3. Enter your API key value
@@ -183 +161 @@ Configure additional authorization parameters based on the selected authenticati
-### Step 5: Review and submit
+### Step 4: Review and submit