AWS bedrock-agentcore documentation change
Summary
Fixed URL formatting issues by removing incorrect backticks around tenantId variable in Microsoft Entra ID configuration examples
Security assessment
The change corrects malformed URL examples by removing backticks that were incorrectly placed around 'tenantId' variable. This fixes documentation errors but doesn't address any specific security vulnerability or add security features. However, accurate documentation of OAuth endpoints is important for proper security configuration.
Diff
diff --git a/bedrock-agentcore/latest/devguide/identity-idp-microsoft.md b/bedrock-agentcore/latest/devguide/identity-idp-microsoft.md index 5c9ed9fbb..d2d073052 100644 --- a//bedrock-agentcore/latest/devguide/identity-idp-microsoft.md +++ b//bedrock-agentcore/latest/devguide/identity-idp-microsoft.md @@ -32 +32 @@ For all token types, in your custom authorizer: - * For v1.0 tokens use: `https://login.microsoftonline.com/`tenantId`/.well-known/openid-configuration` + * For v1.0 tokens use: `https://login.microsoftonline.com/tenantId/.well-known/openid-configuration` @@ -34 +34 @@ For all token types, in your custom authorizer: - * For v2.0 tokens use: `https://login.microsoftonline.com/`tenantId`/v2.0/.well-known/openid-configuration` + * For v2.0 tokens use: `https://login.microsoftonline.com/tenantId/v2.0/.well-known/openid-configuration` @@ -45 +45 @@ When fetching the token from Microsoft Entra: - * Include in authorization URL a scope like ``entra-application-id`/.default` alongside any other scopes your application might require. This allows Microsoft to know that you intend to use the access token against resources other than Microsoft's Graph API and will result in a token that can be validated by AgentCore Identity. + * Include in authorization URL a scope like `entra-application-id/.default` alongside any other scopes your application might require. This allows Microsoft to know that you intend to use the access token against resources other than Microsoft’s Graph API and will result in a token that can be validated by AgentCore Identity.