AWS cli documentation change
Summary
Added documentation for 'advertisedScopeMapping' parameter in authorizerConfiguration, which maps OAuth scopes between identity providers and client-facing values
Security assessment
The change documents new OAuth scope mapping capabilities for token validation and client communication, improving security transparency but not fixing a vulnerability
Diff
diff --git a/cli/latest/reference/bedrock-agentcore-control/get-registry.md b/cli/latest/reference/bedrock-agentcore-control/get-registry.md index 9a271770f..5288d2c82 100644 --- a//cli/latest/reference/bedrock-agentcore-control/get-registry.md +++ b//cli/latest/reference/bedrock-agentcore-control/get-registry.md @@ -15 +15 @@ - * [AWS CLI 2.35.16 Command Reference](../../index.html) » + * [AWS CLI 2.35.19 Command Reference](../../index.html) » @@ -343,0 +344,31 @@ authorizerConfiguration -> (tagged union structure) +>> +>> advertisedScopeMapping -> (map) +>> +>>> A map that associates each scope in `allowedScopes` with a corresponding advertised scope value. The advertised scope appears in OAuth protected resource metadata and `WWW-Authenticate` response headers. Use this parameter when the scope that clients request from your identity provider differs from the scope in the validated token. Each key is a scope from `allowedScopes` that the service uses for token validation. Each value is the corresponding scope that the service advertises to clients. Scopes without a mapping entry appear unchanged to clients. +>>> +>>> Constraints: +>>> +>>> * min: `1` +>>> * max: `50` +>>> + +>>> +>>> key -> (string) +>>> +>>>> Constraints: +>>>> +>>>> * min: `1` +>>>> * max: `255` +>>>> * pattern: `[\x21\x23-\x5B\x5D-\x7E]+` +>>>> + +>>> +>>> value -> (string) +>>> +>>>> Constraints: +>>>> +>>>> * min: `1` +>>>> * max: `255` +>>>> * pattern: `[\x21\x23-\x5B\x5D-\x7E]+` +>>>> + @@ -818 +849 @@ updatedAt -> (timestamp) - * [AWS CLI 2.35.16 Command Reference](../../index.html) » + * [AWS CLI 2.35.19 Command Reference](../../index.html) »