AWS Security ChangesHomeSearch

AWS bedrock-agentcore documentation change

Service: bedrock-agentcore · 2026-05-01 · Documentation low

File: bedrock-agentcore/latest/devguide/resource-providers.md

Summary

Added guidance for configuring on-behalf-of token exchange and renamed section to 'Client authentication methods'

Security assessment

Documents security feature (OBO token exchange) and reframes content around authentication methods. Improves security documentation quality but doesn't indicate any vulnerability being fixed.

Diff

diff --git a/bedrock-agentcore/latest/devguide/resource-providers.md b/bedrock-agentcore/latest/devguide/resource-providers.md
index d7ee840b3..b66695241 100644
--- a//bedrock-agentcore/latest/devguide/resource-providers.md
+++ b//bedrock-agentcore/latest/devguide/resource-providers.md
@@ -46,0 +47,2 @@ Alternatively, you can use the AgentCore SDK to configure an OAuth 2.0 credentia
+To configure on-behalf-of (OBO) token exchange on an OAuth 2.0 credential provider, add an `onBehalfOfTokenExchangeConfig` to the provider configuration. For supported modes, parameters, and examples, see [On-behalf-of token exchange](./on-behalf-of-token-exchange.html).
+
@@ -72 +74 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Supported authentication patterns
+Client authentication methods