:doc:`BedrockAgentCore <../../bedrock-agentcore>` / Client / get_resource_oauth2_token

*************************
get_resource_oauth2_token
*************************



.. py:method:: BedrockAgentCore.Client.get_resource_oauth2_token(**kwargs)

  

  Returns the OAuth 2.0 token of the provided resource.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-2024-02-28/GetResourceOauth2Token>`_  


  **Request Syntax**
  ::

    response = client.get_resource_oauth2_token(
        workloadIdentityToken='string',
        resourceCredentialProviderName='string',
        scopes=[
            'string',
        ],
        oauth2Flow='USER_FEDERATION'|'M2M',
        sessionUri='string',
        resourceOauth2ReturnUrl='string',
        forceAuthentication=True|False,
        customParameters={
            'string': 'string'
        },
        customState='string'
    )
    
  :type workloadIdentityToken: string
  :param workloadIdentityToken: **[REQUIRED]** 

    The identity token of the workload from which you want to retrieve the OAuth2 token.

    

  
  :type resourceCredentialProviderName: string
  :param resourceCredentialProviderName: **[REQUIRED]** 

    The name of the resource's credential provider.

    

  
  :type scopes: list
  :param scopes: **[REQUIRED]** 

    The OAuth scopes being requested.

    

  
    - *(string) --* 

    

  :type oauth2Flow: string
  :param oauth2Flow: **[REQUIRED]** 

    The type of flow to be performed.

    

  
  :type sessionUri: string
  :param sessionUri: 

    Unique identifier for the user's authentication session for retrieving OAuth2 tokens. This ID tracks the authorization flow state across multiple requests and responses during the OAuth2 authentication process.

    

  
  :type resourceOauth2ReturnUrl: string
  :param resourceOauth2ReturnUrl: 

    The callback URL to redirect to after the OAuth 2.0 token retrieval is complete. This URL must be one of the provided URLs configured for the workload identity.

    

  
  :type forceAuthentication: boolean
  :param forceAuthentication: 

    Indicates whether to always initiate a new three-legged OAuth (3LO) flow, regardless of any existing session.

    

  
  :type customParameters: dict
  :param customParameters: 

    A map of custom parameters to include in the authorization request to the resource credential provider. These parameters are in addition to the standard OAuth 2.0 flow parameters, and will not override them.

    

  
    - *(string) --* 

    
      - *(string) --* 

      


  :type customState: string
  :param customState: 

    An opaque string that will be sent back to the callback URL provided in resourceOauth2ReturnUrl. This state should be used to protect the callback URL of your application against CSRF attacks by ensuring the response corresponds to the original request.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'authorizationUrl': 'string',
          'accessToken': 'string',
          'sessionUri': 'string',
          'sessionStatus': 'IN_PROGRESS'|'FAILED'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **authorizationUrl** *(string) --* 

        The URL to initiate the authorization process, provided when the access token requires user authorization.

        
      

      - **accessToken** *(string) --* 

        The OAuth 2.0 access token to use.

        
      

      - **sessionUri** *(string) --* 

        Unique identifier for the user's authorization session for retrieving OAuth2 tokens. This matches the sessionId from the request and can be used to track the session state.

        
      

      - **sessionStatus** *(string) --* 

        Status indicating whether the user's authorization session is in progress or has failed. This helps determine the next steps in the OAuth2 authentication flow.

        
  
  **Exceptions**
  
  *   :py:class:`BedrockAgentCore.Client.exceptions.UnauthorizedException`

  
  *   :py:class:`BedrockAgentCore.Client.exceptions.ValidationException`

  
  *   :py:class:`BedrockAgentCore.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`BedrockAgentCore.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`BedrockAgentCore.Client.exceptions.ThrottlingException`

  
  *   :py:class:`BedrockAgentCore.Client.exceptions.InternalServerException`

  