AWS marketplace documentation change
Summary
Clarified requirements for MCP server integration, specifically requiring two-legged OAuth authentication instead of generic OAuth. Added reference link to documentation.
Security assessment
The change specifies two-legged OAuth authentication which improves authentication precision but doesn't address any specific vulnerability. No evidence of security incident remediation.
Diff
diff --git a/marketplace/latest/userguide/bedrock-agentcore-gateway.md b/marketplace/latest/userguide/bedrock-agentcore-gateway.md index 2653f782e..97c280ca4 100644 --- a//marketplace/latest/userguide/bedrock-agentcore-gateway.md +++ b//marketplace/latest/userguide/bedrock-agentcore-gateway.md @@ -50 +50 @@ You can enable Amazon Bedrock AgentCore Gateway integration for your SaaS API-ba - * if you list an MCP server with OAuth authentication, you can opt-in to offer your buyers the integration with no additional requirements. The MCP server endpoint you provide as part of your listing process will be used for the integration. However, you must ensure your MCP server meets the requirements listed below. + * If you list an MCP server that supports two-legged OAuth authentication, you can opt-in to offer your buyers the integration with no additional requirements. The MCP server endpoint you provide as part of your listing process will be used for the integration. However, you must ensure your MCP server meets the requirements listed below. For more information, see [MCP servers targets](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/gateway-target-MCPservers.html). @@ -52 +52 @@ You can enable Amazon Bedrock AgentCore Gateway integration for your SaaS API-ba - * For all other products, you can provide an OpenAPI specification to enable the integration. + * For all other agents or tools, you can provide an OpenAPI specification to enable the integration. @@ -61 +61 @@ Your MCP server must meet the following requirements: - * OAuth authentication with one of following configurations: + * Two-legged OAuth authentication with one of following configurations: @@ -145 +145 @@ Before you enable Gateway integration, test your OpenAPI specification or MCP se - 6. Upload your OpenAPI specification. For OAuth enabled MCP Server products this is not required and only the MCP endpoint is required. + 6. Upload your OpenAPI specification. For two-legged OAuth enabled MCP Server products this is not required and only the MCP endpoint is required.