:doc:`BedrockAgentCoreControl <../../bedrock-agentcore-control>` / Client / get_oauth2_credential_provider

******************************
get_oauth2_credential_provider
******************************



.. py:method:: BedrockAgentCoreControl.Client.get_oauth2_credential_provider(**kwargs)

  

  Retrieves information about an OAuth2 credential provider.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetOauth2CredentialProvider>`_  


  **Request Syntax**
  ::

    response = client.get_oauth2_credential_provider(
        name='string'
    )
    
  :type name: string
  :param name: **[REQUIRED]** 

    The name of the OAuth2 credential provider to retrieve.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'clientSecretArn': {
              'secretArn': 'string'
          },
          'name': 'string',
          'credentialProviderArn': 'string',
          'credentialProviderVendor': 'GoogleOauth2'|'GithubOauth2'|'SlackOauth2'|'SalesforceOauth2'|'MicrosoftOauth2'|'CustomOauth2'|'AtlassianOauth2'|'LinkedinOauth2'|'XOauth2'|'OktaOauth2'|'OneLoginOauth2'|'PingOneOauth2'|'FacebookOauth2'|'YandexOauth2'|'RedditOauth2'|'ZoomOauth2'|'TwitchOauth2'|'SpotifyOauth2'|'DropboxOauth2'|'NotionOauth2'|'HubspotOauth2'|'CyberArkOauth2'|'FusionAuthOauth2'|'Auth0Oauth2'|'CognitoOauth2',
          'callbackUrl': 'string',
          'oauth2ProviderConfigOutput': {
              'customOauth2ProviderConfig': {
                  'oauthDiscovery': {
                      'discoveryUrl': 'string',
                      'authorizationServerMetadata': {
                          'issuer': 'string',
                          'authorizationEndpoint': 'string',
                          'tokenEndpoint': 'string',
                          'responseTypes': [
                              'string',
                          ],
                          'tokenEndpointAuthMethods': [
                              'string',
                          ]
                      }
                  },
                  'clientId': 'string'
              },
              'googleOauth2ProviderConfig': {
                  'oauthDiscovery': {
                      'discoveryUrl': 'string',
                      'authorizationServerMetadata': {
                          'issuer': 'string',
                          'authorizationEndpoint': 'string',
                          'tokenEndpoint': 'string',
                          'responseTypes': [
                              'string',
                          ],
                          'tokenEndpointAuthMethods': [
                              'string',
                          ]
                      }
                  },
                  'clientId': 'string'
              },
              'githubOauth2ProviderConfig': {
                  'oauthDiscovery': {
                      'discoveryUrl': 'string',
                      'authorizationServerMetadata': {
                          'issuer': 'string',
                          'authorizationEndpoint': 'string',
                          'tokenEndpoint': 'string',
                          'responseTypes': [
                              'string',
                          ],
                          'tokenEndpointAuthMethods': [
                              'string',
                          ]
                      }
                  },
                  'clientId': 'string'
              },
              'slackOauth2ProviderConfig': {
                  'oauthDiscovery': {
                      'discoveryUrl': 'string',
                      'authorizationServerMetadata': {
                          'issuer': 'string',
                          'authorizationEndpoint': 'string',
                          'tokenEndpoint': 'string',
                          'responseTypes': [
                              'string',
                          ],
                          'tokenEndpointAuthMethods': [
                              'string',
                          ]
                      }
                  },
                  'clientId': 'string'
              },
              'salesforceOauth2ProviderConfig': {
                  'oauthDiscovery': {
                      'discoveryUrl': 'string',
                      'authorizationServerMetadata': {
                          'issuer': 'string',
                          'authorizationEndpoint': 'string',
                          'tokenEndpoint': 'string',
                          'responseTypes': [
                              'string',
                          ],
                          'tokenEndpointAuthMethods': [
                              'string',
                          ]
                      }
                  },
                  'clientId': 'string'
              },
              'microsoftOauth2ProviderConfig': {
                  'oauthDiscovery': {
                      'discoveryUrl': 'string',
                      'authorizationServerMetadata': {
                          'issuer': 'string',
                          'authorizationEndpoint': 'string',
                          'tokenEndpoint': 'string',
                          'responseTypes': [
                              'string',
                          ],
                          'tokenEndpointAuthMethods': [
                              'string',
                          ]
                      }
                  },
                  'clientId': 'string'
              },
              'atlassianOauth2ProviderConfig': {
                  'oauthDiscovery': {
                      'discoveryUrl': 'string',
                      'authorizationServerMetadata': {
                          'issuer': 'string',
                          'authorizationEndpoint': 'string',
                          'tokenEndpoint': 'string',
                          'responseTypes': [
                              'string',
                          ],
                          'tokenEndpointAuthMethods': [
                              'string',
                          ]
                      }
                  },
                  'clientId': 'string'
              },
              'linkedinOauth2ProviderConfig': {
                  'oauthDiscovery': {
                      'discoveryUrl': 'string',
                      'authorizationServerMetadata': {
                          'issuer': 'string',
                          'authorizationEndpoint': 'string',
                          'tokenEndpoint': 'string',
                          'responseTypes': [
                              'string',
                          ],
                          'tokenEndpointAuthMethods': [
                              'string',
                          ]
                      }
                  },
                  'clientId': 'string'
              },
              'includedOauth2ProviderConfig': {
                  'oauthDiscovery': {
                      'discoveryUrl': 'string',
                      'authorizationServerMetadata': {
                          'issuer': 'string',
                          'authorizationEndpoint': 'string',
                          'tokenEndpoint': 'string',
                          'responseTypes': [
                              'string',
                          ],
                          'tokenEndpointAuthMethods': [
                              'string',
                          ]
                      }
                  },
                  'clientId': 'string'
              }
          },
          'createdTime': datetime(2015, 1, 1),
          'lastUpdatedTime': datetime(2015, 1, 1)
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **clientSecretArn** *(dict) --* 

        The Amazon Resource Name (ARN) of the client secret in AWS Secrets Manager.

        
        

        - **secretArn** *(string) --* 

          The Amazon Resource Name (ARN) of the secret in AWS Secrets Manager.

          
    
      

      - **name** *(string) --* 

        The name of the OAuth2 credential provider.

        
      

      - **credentialProviderArn** *(string) --* 

        ARN of the credential provider requested.

        
      

      - **credentialProviderVendor** *(string) --* 

        The vendor of the OAuth2 credential provider.

        
      

      - **callbackUrl** *(string) --* 

        Callback URL to register on the OAuth2 credential provider as an allowed callback URL. This URL is where the OAuth2 authorization server redirects users after they complete the authorization flow.

        
      

      - **oauth2ProviderConfigOutput** *(dict) --* 

        The configuration output for the OAuth2 provider.

        .. note::    This is a Tagged Union structure. Only one of the     following top level keys will be set: ``customOauth2ProviderConfig``, ``googleOauth2ProviderConfig``, ``githubOauth2ProviderConfig``, ``slackOauth2ProviderConfig``, ``salesforceOauth2ProviderConfig``, ``microsoftOauth2ProviderConfig``, ``atlassianOauth2ProviderConfig``, ``linkedinOauth2ProviderConfig``, ``includedOauth2ProviderConfig``.     If a client receives an unknown member it will     set ``SDK_UNKNOWN_MEMBER`` as the top level key,     which maps to the name or tag of the unknown     member. The structure of ``SDK_UNKNOWN_MEMBER`` is     as follows::

                'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}


      
        

        - **customOauth2ProviderConfig** *(dict) --* 

          The output configuration for a custom OAuth2 provider.

          
          

          - **oauthDiscovery** *(dict) --* 

            The OAuth2 discovery information for the custom provider.

            .. note::    This is a Tagged Union structure. Only one of the     following top level keys will be set: ``discoveryUrl``, ``authorizationServerMetadata``.     If a client receives an unknown member it will     set ``SDK_UNKNOWN_MEMBER`` as the top level key,     which maps to the name or tag of the unknown     member. The structure of ``SDK_UNKNOWN_MEMBER`` is     as follows::

                        'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}


          
            

            - **discoveryUrl** *(string) --* 

              The discovery URL for the OAuth2 provider.

              
            

            - **authorizationServerMetadata** *(dict) --* 

              The authorization server metadata for the OAuth2 provider.

              
              

              - **issuer** *(string) --* 

                The issuer URL for the OAuth2 authorization server.

                
              

              - **authorizationEndpoint** *(string) --* 

                The authorization endpoint URL for the OAuth2 authorization server.

                
              

              - **tokenEndpoint** *(string) --* 

                The token endpoint URL for the OAuth2 authorization server.

                
              

              - **responseTypes** *(list) --* 

                The supported response types for the OAuth2 authorization server.

                
                

                - *(string) --* 
            
              

              - **tokenEndpointAuthMethods** *(list) --* 

                The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.

                
                

                - *(string) --* 
            
          
        
          

          - **clientId** *(string) --* 

            The client ID for the custom OAuth2 provider.

            
      
        

        - **googleOauth2ProviderConfig** *(dict) --* 

          The output configuration for a Google OAuth2 provider.

          
          

          - **oauthDiscovery** *(dict) --* 

            The OAuth2 discovery information for the Google provider.

            .. note::    This is a Tagged Union structure. Only one of the     following top level keys will be set: ``discoveryUrl``, ``authorizationServerMetadata``.     If a client receives an unknown member it will     set ``SDK_UNKNOWN_MEMBER`` as the top level key,     which maps to the name or tag of the unknown     member. The structure of ``SDK_UNKNOWN_MEMBER`` is     as follows::

                        'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}


          
            

            - **discoveryUrl** *(string) --* 

              The discovery URL for the OAuth2 provider.

              
            

            - **authorizationServerMetadata** *(dict) --* 

              The authorization server metadata for the OAuth2 provider.

              
              

              - **issuer** *(string) --* 

                The issuer URL for the OAuth2 authorization server.

                
              

              - **authorizationEndpoint** *(string) --* 

                The authorization endpoint URL for the OAuth2 authorization server.

                
              

              - **tokenEndpoint** *(string) --* 

                The token endpoint URL for the OAuth2 authorization server.

                
              

              - **responseTypes** *(list) --* 

                The supported response types for the OAuth2 authorization server.

                
                

                - *(string) --* 
            
              

              - **tokenEndpointAuthMethods** *(list) --* 

                The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.

                
                

                - *(string) --* 
            
          
        
          

          - **clientId** *(string) --* 

            The client ID for the Google OAuth2 provider.

            
      
        

        - **githubOauth2ProviderConfig** *(dict) --* 

          The output configuration for a GitHub OAuth2 provider.

          
          

          - **oauthDiscovery** *(dict) --* 

            The OAuth2 discovery information for the GitHub provider.

            .. note::    This is a Tagged Union structure. Only one of the     following top level keys will be set: ``discoveryUrl``, ``authorizationServerMetadata``.     If a client receives an unknown member it will     set ``SDK_UNKNOWN_MEMBER`` as the top level key,     which maps to the name or tag of the unknown     member. The structure of ``SDK_UNKNOWN_MEMBER`` is     as follows::

                        'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}


          
            

            - **discoveryUrl** *(string) --* 

              The discovery URL for the OAuth2 provider.

              
            

            - **authorizationServerMetadata** *(dict) --* 

              The authorization server metadata for the OAuth2 provider.

              
              

              - **issuer** *(string) --* 

                The issuer URL for the OAuth2 authorization server.

                
              

              - **authorizationEndpoint** *(string) --* 

                The authorization endpoint URL for the OAuth2 authorization server.

                
              

              - **tokenEndpoint** *(string) --* 

                The token endpoint URL for the OAuth2 authorization server.

                
              

              - **responseTypes** *(list) --* 

                The supported response types for the OAuth2 authorization server.

                
                

                - *(string) --* 
            
              

              - **tokenEndpointAuthMethods** *(list) --* 

                The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.

                
                

                - *(string) --* 
            
          
        
          

          - **clientId** *(string) --* 

            The client ID for the GitHub OAuth2 provider.

            
      
        

        - **slackOauth2ProviderConfig** *(dict) --* 

          The output configuration for a Slack OAuth2 provider.

          
          

          - **oauthDiscovery** *(dict) --* 

            The OAuth2 discovery information for the Slack provider.

            .. note::    This is a Tagged Union structure. Only one of the     following top level keys will be set: ``discoveryUrl``, ``authorizationServerMetadata``.     If a client receives an unknown member it will     set ``SDK_UNKNOWN_MEMBER`` as the top level key,     which maps to the name or tag of the unknown     member. The structure of ``SDK_UNKNOWN_MEMBER`` is     as follows::

                        'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}


          
            

            - **discoveryUrl** *(string) --* 

              The discovery URL for the OAuth2 provider.

              
            

            - **authorizationServerMetadata** *(dict) --* 

              The authorization server metadata for the OAuth2 provider.

              
              

              - **issuer** *(string) --* 

                The issuer URL for the OAuth2 authorization server.

                
              

              - **authorizationEndpoint** *(string) --* 

                The authorization endpoint URL for the OAuth2 authorization server.

                
              

              - **tokenEndpoint** *(string) --* 

                The token endpoint URL for the OAuth2 authorization server.

                
              

              - **responseTypes** *(list) --* 

                The supported response types for the OAuth2 authorization server.

                
                

                - *(string) --* 
            
              

              - **tokenEndpointAuthMethods** *(list) --* 

                The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.

                
                

                - *(string) --* 
            
          
        
          

          - **clientId** *(string) --* 

            The client ID for the Slack OAuth2 provider.

            
      
        

        - **salesforceOauth2ProviderConfig** *(dict) --* 

          The output configuration for a Salesforce OAuth2 provider.

          
          

          - **oauthDiscovery** *(dict) --* 

            The OAuth2 discovery information for the Salesforce provider.

            .. note::    This is a Tagged Union structure. Only one of the     following top level keys will be set: ``discoveryUrl``, ``authorizationServerMetadata``.     If a client receives an unknown member it will     set ``SDK_UNKNOWN_MEMBER`` as the top level key,     which maps to the name or tag of the unknown     member. The structure of ``SDK_UNKNOWN_MEMBER`` is     as follows::

                        'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}


          
            

            - **discoveryUrl** *(string) --* 

              The discovery URL for the OAuth2 provider.

              
            

            - **authorizationServerMetadata** *(dict) --* 

              The authorization server metadata for the OAuth2 provider.

              
              

              - **issuer** *(string) --* 

                The issuer URL for the OAuth2 authorization server.

                
              

              - **authorizationEndpoint** *(string) --* 

                The authorization endpoint URL for the OAuth2 authorization server.

                
              

              - **tokenEndpoint** *(string) --* 

                The token endpoint URL for the OAuth2 authorization server.

                
              

              - **responseTypes** *(list) --* 

                The supported response types for the OAuth2 authorization server.

                
                

                - *(string) --* 
            
              

              - **tokenEndpointAuthMethods** *(list) --* 

                The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.

                
                

                - *(string) --* 
            
          
        
          

          - **clientId** *(string) --* 

            The client ID for the Salesforce OAuth2 provider.

            
      
        

        - **microsoftOauth2ProviderConfig** *(dict) --* 

          The output configuration for a Microsoft OAuth2 provider.

          
          

          - **oauthDiscovery** *(dict) --* 

            The OAuth2 discovery information for the Microsoft provider.

            .. note::    This is a Tagged Union structure. Only one of the     following top level keys will be set: ``discoveryUrl``, ``authorizationServerMetadata``.     If a client receives an unknown member it will     set ``SDK_UNKNOWN_MEMBER`` as the top level key,     which maps to the name or tag of the unknown     member. The structure of ``SDK_UNKNOWN_MEMBER`` is     as follows::

                        'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}


          
            

            - **discoveryUrl** *(string) --* 

              The discovery URL for the OAuth2 provider.

              
            

            - **authorizationServerMetadata** *(dict) --* 

              The authorization server metadata for the OAuth2 provider.

              
              

              - **issuer** *(string) --* 

                The issuer URL for the OAuth2 authorization server.

                
              

              - **authorizationEndpoint** *(string) --* 

                The authorization endpoint URL for the OAuth2 authorization server.

                
              

              - **tokenEndpoint** *(string) --* 

                The token endpoint URL for the OAuth2 authorization server.

                
              

              - **responseTypes** *(list) --* 

                The supported response types for the OAuth2 authorization server.

                
                

                - *(string) --* 
            
              

              - **tokenEndpointAuthMethods** *(list) --* 

                The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.

                
                

                - *(string) --* 
            
          
        
          

          - **clientId** *(string) --* 

            The client ID for the Microsoft OAuth2 provider.

            
      
        

        - **atlassianOauth2ProviderConfig** *(dict) --* 

          The configuration details for the Atlassian OAuth2 provider.

          
          

          - **oauthDiscovery** *(dict) --* 

            Contains the discovery information for an OAuth2 provider.

            .. note::    This is a Tagged Union structure. Only one of the     following top level keys will be set: ``discoveryUrl``, ``authorizationServerMetadata``.     If a client receives an unknown member it will     set ``SDK_UNKNOWN_MEMBER`` as the top level key,     which maps to the name or tag of the unknown     member. The structure of ``SDK_UNKNOWN_MEMBER`` is     as follows::

                        'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}


          
            

            - **discoveryUrl** *(string) --* 

              The discovery URL for the OAuth2 provider.

              
            

            - **authorizationServerMetadata** *(dict) --* 

              The authorization server metadata for the OAuth2 provider.

              
              

              - **issuer** *(string) --* 

                The issuer URL for the OAuth2 authorization server.

                
              

              - **authorizationEndpoint** *(string) --* 

                The authorization endpoint URL for the OAuth2 authorization server.

                
              

              - **tokenEndpoint** *(string) --* 

                The token endpoint URL for the OAuth2 authorization server.

                
              

              - **responseTypes** *(list) --* 

                The supported response types for the OAuth2 authorization server.

                
                

                - *(string) --* 
            
              

              - **tokenEndpointAuthMethods** *(list) --* 

                The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.

                
                

                - *(string) --* 
            
          
        
          

          - **clientId** *(string) --* 

            The client ID for the Atlassian OAuth2 provider.

            
      
        

        - **linkedinOauth2ProviderConfig** *(dict) --* 

          The configuration details for the LinkedIn OAuth2 provider.

          
          

          - **oauthDiscovery** *(dict) --* 

            Contains the discovery information for an OAuth2 provider.

            .. note::    This is a Tagged Union structure. Only one of the     following top level keys will be set: ``discoveryUrl``, ``authorizationServerMetadata``.     If a client receives an unknown member it will     set ``SDK_UNKNOWN_MEMBER`` as the top level key,     which maps to the name or tag of the unknown     member. The structure of ``SDK_UNKNOWN_MEMBER`` is     as follows::

                        'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}


          
            

            - **discoveryUrl** *(string) --* 

              The discovery URL for the OAuth2 provider.

              
            

            - **authorizationServerMetadata** *(dict) --* 

              The authorization server metadata for the OAuth2 provider.

              
              

              - **issuer** *(string) --* 

                The issuer URL for the OAuth2 authorization server.

                
              

              - **authorizationEndpoint** *(string) --* 

                The authorization endpoint URL for the OAuth2 authorization server.

                
              

              - **tokenEndpoint** *(string) --* 

                The token endpoint URL for the OAuth2 authorization server.

                
              

              - **responseTypes** *(list) --* 

                The supported response types for the OAuth2 authorization server.

                
                

                - *(string) --* 
            
              

              - **tokenEndpointAuthMethods** *(list) --* 

                The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.

                
                

                - *(string) --* 
            
          
        
          

          - **clientId** *(string) --* 

            The client ID for the LinkedIn OAuth2 provider.

            
      
        

        - **includedOauth2ProviderConfig** *(dict) --* 

          The configuration for a non-custom OAuth2 provider. This includes the configuration details for supported OAuth2 providers that have built-in integration support.

          
          

          - **oauthDiscovery** *(dict) --* 

            Contains the discovery information for an OAuth2 provider.

            .. note::    This is a Tagged Union structure. Only one of the     following top level keys will be set: ``discoveryUrl``, ``authorizationServerMetadata``.     If a client receives an unknown member it will     set ``SDK_UNKNOWN_MEMBER`` as the top level key,     which maps to the name or tag of the unknown     member. The structure of ``SDK_UNKNOWN_MEMBER`` is     as follows::

                        'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}


          
            

            - **discoveryUrl** *(string) --* 

              The discovery URL for the OAuth2 provider.

              
            

            - **authorizationServerMetadata** *(dict) --* 

              The authorization server metadata for the OAuth2 provider.

              
              

              - **issuer** *(string) --* 

                The issuer URL for the OAuth2 authorization server.

                
              

              - **authorizationEndpoint** *(string) --* 

                The authorization endpoint URL for the OAuth2 authorization server.

                
              

              - **tokenEndpoint** *(string) --* 

                The token endpoint URL for the OAuth2 authorization server.

                
              

              - **responseTypes** *(list) --* 

                The supported response types for the OAuth2 authorization server.

                
                

                - *(string) --* 
            
              

              - **tokenEndpointAuthMethods** *(list) --* 

                The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.

                
                

                - *(string) --* 
            
          
        
          

          - **clientId** *(string) --* 

            The client ID for the supported OAuth2 provider.

            
      
    
      

      - **createdTime** *(datetime) --* 

        The timestamp when the OAuth2 credential provider was created.

        
      

      - **lastUpdatedTime** *(datetime) --* 

        The timestamp when the OAuth2 credential provider was last updated.

        
  
  **Exceptions**
  
  *   :py:class:`BedrockAgentCoreControl.Client.exceptions.UnauthorizedException`

  
  *   :py:class:`BedrockAgentCoreControl.Client.exceptions.ValidationException`

  
  *   :py:class:`BedrockAgentCoreControl.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`BedrockAgentCoreControl.Client.exceptions.DecryptionFailure`

  
  *   :py:class:`BedrockAgentCoreControl.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`BedrockAgentCoreControl.Client.exceptions.ThrottlingException`

  
  *   :py:class:`BedrockAgentCoreControl.Client.exceptions.InternalServerException`

  