BedrockAgentCore / Client / get_resource_oauth2_token

get_resource_oauth2_token

BedrockAgentCore.Client.get_resource_oauth2_token(**kwargs)

Returns the OAuth 2.0 token of the provided resource.

See also: AWS API Documentation

Request Syntax

response = client.get_resource_oauth2_token(
    workloadIdentityToken='string',
    resourceCredentialProviderName='string',
    scopes=[
        'string',
    ],
    oauth2Flow='USER_FEDERATION'|'M2M',
    sessionUri='string',
    resourceOauth2ReturnUrl='string',
    forceAuthentication=True|False,
    customParameters={
        'string': 'string'
    },
    customState='string'
)
Parameters:

  • workloadIdentityToken (string) –

    [REQUIRED]

    The identity token of the workload from which you want to retrieve the OAuth2 token.

  • resourceCredentialProviderName (string) –

    [REQUIRED]

    The name of the resource’s credential provider.

  • scopes (list) –

    [REQUIRED]

    The OAuth scopes being requested.

    • (string) –

  • oauth2Flow (string) –

    [REQUIRED]

    The type of flow to be performed.

  • sessionUri (string) – Unique identifier for the user’s authentication session for retrieving OAuth2 tokens. This ID tracks the authorization flow state across multiple requests and responses during the OAuth2 authentication process.

  • resourceOauth2ReturnUrl (string) – The callback URL to redirect to after the OAuth 2.0 token retrieval is complete. This URL must be one of the provided URLs configured for the workload identity.

  • forceAuthentication (boolean) – Indicates whether to always initiate a new three-legged OAuth (3LO) flow, regardless of any existing session.

  • customParameters (dict) –

    A map of custom parameters to include in the authorization request to the resource credential provider. These parameters are in addition to the standard OAuth 2.0 flow parameters, and will not override them.

    • (string) –

      • (string) –

  • customState (string) – An opaque string that will be sent back to the callback URL provided in resourceOauth2ReturnUrl. This state should be used to protect the callback URL of your application against CSRF attacks by ensuring the response corresponds to the original request.

Return type:

dict

Returns:

Response Syntax

{
    'authorizationUrl': 'string',
    'accessToken': 'string',
    'sessionUri': 'string',
    'sessionStatus': 'IN_PROGRESS'|'FAILED'
}

Response Structure

  • (dict) –

    • authorizationUrl (string) –

      The URL to initiate the authorization process, provided when the access token requires user authorization.

    • accessToken (string) –

      The OAuth 2.0 access token to use.

    • sessionUri (string) –

      Unique identifier for the user’s authorization session for retrieving OAuth2 tokens. This matches the sessionId from the request and can be used to track the session state.

    • sessionStatus (string) –

      Status indicating whether the user’s authorization session is in progress or has failed. This helps determine the next steps in the OAuth2 authentication flow.

Exceptions

  • BedrockAgentCore.Client.exceptions.UnauthorizedException

  • BedrockAgentCore.Client.exceptions.ValidationException

  • BedrockAgentCore.Client.exceptions.AccessDeniedException

  • BedrockAgentCore.Client.exceptions.ResourceNotFoundException

  • BedrockAgentCore.Client.exceptions.ThrottlingException

  • BedrockAgentCore.Client.exceptions.InternalServerException