BedrockAgentCoreControl / Client / create_oauth2_credential_provider
create_oauth2_credential_provider¶
- BedrockAgentCoreControl.Client.create_oauth2_credential_provider(**kwargs)¶
Creates a new OAuth2 credential provider.
See also: AWS API Documentation
Request Syntax
response = client.create_oauth2_credential_provider( name='string', credentialProviderVendor='GoogleOauth2'|'GithubOauth2'|'SlackOauth2'|'SalesforceOauth2'|'MicrosoftOauth2'|'CustomOauth2'|'AtlassianOauth2'|'LinkedinOauth2'|'XOauth2'|'OktaOauth2'|'OneLoginOauth2'|'PingOneOauth2'|'FacebookOauth2'|'YandexOauth2'|'RedditOauth2'|'ZoomOauth2'|'TwitchOauth2'|'SpotifyOauth2'|'DropboxOauth2'|'NotionOauth2'|'HubspotOauth2'|'CyberArkOauth2'|'FusionAuthOauth2'|'Auth0Oauth2'|'CognitoOauth2', oauth2ProviderConfigInput={ 'customOauth2ProviderConfig': { 'oauthDiscovery': { 'discoveryUrl': 'string', 'authorizationServerMetadata': { 'issuer': 'string', 'authorizationEndpoint': 'string', 'tokenEndpoint': 'string', 'responseTypes': [ 'string', ], 'tokenEndpointAuthMethods': [ 'string', ] } }, 'clientId': 'string', 'clientSecret': 'string', 'privateEndpoint': { 'selfManagedLatticeResource': { 'resourceConfigurationIdentifier': 'string' }, 'managedVpcResource': { 'vpcIdentifier': 'string', 'subnetIds': [ 'string', ], 'endpointIpAddressType': 'IPV4'|'IPV6', 'securityGroupIds': [ 'string', ], 'tags': { 'string': 'string' }, 'routingDomain': 'string' } }, 'privateEndpointOverrides': [ { 'domain': 'string', 'privateEndpoint': { 'selfManagedLatticeResource': { 'resourceConfigurationIdentifier': 'string' }, 'managedVpcResource': { 'vpcIdentifier': 'string', 'subnetIds': [ 'string', ], 'endpointIpAddressType': 'IPV4'|'IPV6', 'securityGroupIds': [ 'string', ], 'tags': { 'string': 'string' }, 'routingDomain': 'string' } } }, ], 'onBehalfOfTokenExchangeConfig': { 'grantType': 'TOKEN_EXCHANGE'|'JWT_AUTHORIZATION_GRANT', 'tokenExchangeGrantTypeConfig': { 'actorTokenContent': 'NONE'|'M2M'|'AWS_IAM_ID_TOKEN_JWT', 'actorTokenScopes': [ 'string', ] } }, 'clientAuthenticationMethod': 'CLIENT_SECRET_BASIC'|'CLIENT_SECRET_POST'|'AWS_IAM_ID_TOKEN_JWT' }, 'googleOauth2ProviderConfig': { 'clientId': 'string', 'clientSecret': 'string' }, 'githubOauth2ProviderConfig': { 'clientId': 'string', 'clientSecret': 'string' }, 'slackOauth2ProviderConfig': { 'clientId': 'string', 'clientSecret': 'string' }, 'salesforceOauth2ProviderConfig': { 'clientId': 'string', 'clientSecret': 'string' }, 'microsoftOauth2ProviderConfig': { 'clientId': 'string', 'clientSecret': 'string', 'tenantId': 'string' }, 'atlassianOauth2ProviderConfig': { 'clientId': 'string', 'clientSecret': 'string' }, 'linkedinOauth2ProviderConfig': { 'clientId': 'string', 'clientSecret': 'string' }, 'includedOauth2ProviderConfig': { 'clientId': 'string', 'clientSecret': 'string', 'issuer': 'string', 'authorizationEndpoint': 'string', 'tokenEndpoint': 'string' } }, tags={ 'string': 'string' } )
- Parameters:
name (string) –
[REQUIRED]
The name of the OAuth2 credential provider. The name must be unique within your account.
credentialProviderVendor (string) –
[REQUIRED]
The vendor of the OAuth2 credential provider. This specifies which OAuth2 implementation to use.
oauth2ProviderConfigInput (dict) –
[REQUIRED]
The configuration settings for the OAuth2 provider, including client ID, client secret, and other vendor-specific settings.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
customOauth2ProviderConfig,googleOauth2ProviderConfig,githubOauth2ProviderConfig,slackOauth2ProviderConfig,salesforceOauth2ProviderConfig,microsoftOauth2ProviderConfig,atlassianOauth2ProviderConfig,linkedinOauth2ProviderConfig,includedOauth2ProviderConfig.customOauth2ProviderConfig (dict) –
The configuration for a custom OAuth2 provider.
oauthDiscovery (dict) – [REQUIRED]
The OAuth2 discovery information for the custom provider.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
discoveryUrl,authorizationServerMetadata.discoveryUrl (string) –
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) –
The authorization server metadata for the OAuth2 provider.
issuer (string) – [REQUIRED]
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) – [REQUIRED]
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) – [REQUIRED]
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) –
The supported response types for the OAuth2 authorization server.
(string) –
tokenEndpointAuthMethods (list) –
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) –
clientId (string) –
The client ID for the custom OAuth2 provider.
clientSecret (string) –
The client secret for the custom OAuth2 provider.
privateEndpoint (dict) –
The default private endpoint for the custom OAuth2 provider, enabling secure connectivity through a VPC Lattice resource configuration.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
selfManagedLatticeResource,managedVpcResource.selfManagedLatticeResource (dict) –
Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
resourceConfigurationIdentifier.resourceConfigurationIdentifier (string) –
The ARN or ID of the VPC Lattice resource configuration.
managedVpcResource (dict) –
Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.
vpcIdentifier (string) – [REQUIRED]
The ID of the VPC that contains your private resource.
subnetIds (list) – [REQUIRED]
The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.
(string) –
endpointIpAddressType (string) – [REQUIRED]
The IP address type for the resource configuration endpoint.
securityGroupIds (list) –
The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.
(string) –
tags (dict) –
Tags to apply to the managed VPC Lattice resource gateway.
(string) –
(string) –
routingDomain (string) –
An intermediate domain to use as the resource configuration endpoint instead of the actual target domain. Use this when you want to route traffic through an intermediate component such as a VPC endpoint or internal load balancer. For more information, see xref:lattice-vpc-egress-routing-domain[Route traffic through an intermediate domain].
privateEndpointOverrides (list) –
The private endpoint overrides for the custom OAuth2 provider configuration.
(dict) –
A mapping of a specific domain to a private endpoint for secure connectivity through a VPC Lattice resource configuration.
domain (string) – [REQUIRED]
The domain to override with a private endpoint.
privateEndpoint (dict) – [REQUIRED]
The private endpoint configuration for the specified domain.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
selfManagedLatticeResource,managedVpcResource.selfManagedLatticeResource (dict) –
Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
resourceConfigurationIdentifier.resourceConfigurationIdentifier (string) –
The ARN or ID of the VPC Lattice resource configuration.
managedVpcResource (dict) –
Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.
vpcIdentifier (string) – [REQUIRED]
The ID of the VPC that contains your private resource.
subnetIds (list) – [REQUIRED]
The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.
(string) –
endpointIpAddressType (string) – [REQUIRED]
The IP address type for the resource configuration endpoint.
securityGroupIds (list) –
The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.
(string) –
tags (dict) –
Tags to apply to the managed VPC Lattice resource gateway.
(string) –
(string) –
routingDomain (string) –
An intermediate domain to use as the resource configuration endpoint instead of the actual target domain. Use this when you want to route traffic through an intermediate component such as a VPC endpoint or internal load balancer. For more information, see xref:lattice-vpc-egress-routing-domain[Route traffic through an intermediate domain].
onBehalfOfTokenExchangeConfig (dict) –
The configuration for on-behalf-of token exchange. This enables authentication flows that use RFC 8693 token exchange or RFC 7523 JWT authorization grants.
grantType (string) – [REQUIRED]
The grant type for the on-behalf-of token exchange.
tokenExchangeGrantTypeConfig (dict) –
Configuration specific to the TOKEN_EXCHANGE grant type (RFC 8693).
actorTokenContent (string) – [REQUIRED]
The content type for the actor token in the token exchange.
actorTokenScopes (list) –
The scopes for the actor token. Only valid when actorTokenContent is M2M.
(string) –
clientAuthenticationMethod (string) –
The client authentication method to use when authenticating with the token endpoint.
googleOauth2ProviderConfig (dict) –
The configuration for a Google OAuth2 provider.
clientId (string) – [REQUIRED]
The client ID for the Google OAuth2 provider.
clientSecret (string) – [REQUIRED]
The client secret for the Google OAuth2 provider.
githubOauth2ProviderConfig (dict) –
The configuration for a GitHub OAuth2 provider.
clientId (string) – [REQUIRED]
The client ID for the GitHub OAuth2 provider.
clientSecret (string) – [REQUIRED]
The client secret for the GitHub OAuth2 provider.
slackOauth2ProviderConfig (dict) –
The configuration for a Slack OAuth2 provider.
clientId (string) – [REQUIRED]
The client ID for the Slack OAuth2 provider.
clientSecret (string) – [REQUIRED]
The client secret for the Slack OAuth2 provider.
salesforceOauth2ProviderConfig (dict) –
The configuration for a Salesforce OAuth2 provider.
clientId (string) – [REQUIRED]
The client ID for the Salesforce OAuth2 provider.
clientSecret (string) – [REQUIRED]
The client secret for the Salesforce OAuth2 provider.
microsoftOauth2ProviderConfig (dict) –
The configuration for a Microsoft OAuth2 provider.
clientId (string) – [REQUIRED]
The client ID for the Microsoft OAuth2 provider.
clientSecret (string) – [REQUIRED]
The client secret for the Microsoft OAuth2 provider.
tenantId (string) –
The Microsoft Entra ID (formerly Azure AD) tenant ID for your organization. This identifies the specific tenant within Microsoft’s identity platform where your application is registered.
atlassianOauth2ProviderConfig (dict) –
Configuration settings for Atlassian OAuth2 provider integration.
clientId (string) – [REQUIRED]
The client ID for the Atlassian OAuth2 provider. This identifier is assigned by Atlassian when you register your application.
clientSecret (string) – [REQUIRED]
The client secret for the Atlassian OAuth2 provider. This secret is assigned by Atlassian and used along with the client ID to authenticate your application.
linkedinOauth2ProviderConfig (dict) –
Configuration settings for LinkedIn OAuth2 provider integration.
clientId (string) – [REQUIRED]
The client ID for the LinkedIn OAuth2 provider. This identifier is assigned by LinkedIn when you register your application.
clientSecret (string) – [REQUIRED]
The client secret for the LinkedIn OAuth2 provider. This secret is assigned by LinkedIn and used along with the client ID to authenticate your application.
includedOauth2ProviderConfig (dict) –
The configuration for a non-custom OAuth2 provider. This includes settings for supported OAuth2 providers that have built-in integration support.
clientId (string) – [REQUIRED]
The client ID for the supported OAuth2 provider. This identifier is assigned by the OAuth2 provider when you register your application.
clientSecret (string) – [REQUIRED]
The client secret for the supported OAuth2 provider. This secret is assigned by the OAuth2 provider and used along with the client ID to authenticate your application.
issuer (string) –
Token issuer of your isolated OAuth2 application tenant. This URL identifies the authorization server that issues tokens for this provider.
authorizationEndpoint (string) –
OAuth2 authorization endpoint for your isolated OAuth2 application tenant. This is where users are redirected to authenticate and authorize access to their resources.
tokenEndpoint (string) –
OAuth2 token endpoint for your isolated OAuth2 application tenant. This is where authorization codes are exchanged for access tokens.
tags (dict) –
A map of tag keys and values to assign to the OAuth2 credential provider. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment.
(string) –
(string) –
- Return type:
dict
- Returns:
Response Syntax
{ 'clientSecretArn': { 'secretArn': 'string' }, 'name': 'string', 'credentialProviderArn': 'string', 'callbackUrl': 'string', 'oauth2ProviderConfigOutput': { 'customOauth2ProviderConfig': { 'oauthDiscovery': { 'discoveryUrl': 'string', 'authorizationServerMetadata': { 'issuer': 'string', 'authorizationEndpoint': 'string', 'tokenEndpoint': 'string', 'responseTypes': [ 'string', ], 'tokenEndpointAuthMethods': [ 'string', ] } }, 'clientId': 'string', 'privateEndpoint': { 'selfManagedLatticeResource': { 'resourceConfigurationIdentifier': 'string' }, 'managedVpcResource': { 'vpcIdentifier': 'string', 'subnetIds': [ 'string', ], 'endpointIpAddressType': 'IPV4'|'IPV6', 'securityGroupIds': [ 'string', ], 'tags': { 'string': 'string' }, 'routingDomain': 'string' } }, 'privateEndpointOverrides': [ { 'domain': 'string', 'privateEndpoint': { 'selfManagedLatticeResource': { 'resourceConfigurationIdentifier': 'string' }, 'managedVpcResource': { 'vpcIdentifier': 'string', 'subnetIds': [ 'string', ], 'endpointIpAddressType': 'IPV4'|'IPV6', 'securityGroupIds': [ 'string', ], 'tags': { 'string': 'string' }, 'routingDomain': 'string' } } }, ], 'onBehalfOfTokenExchangeConfig': { 'grantType': 'TOKEN_EXCHANGE'|'JWT_AUTHORIZATION_GRANT', 'tokenExchangeGrantTypeConfig': { 'actorTokenContent': 'NONE'|'M2M'|'AWS_IAM_ID_TOKEN_JWT', 'actorTokenScopes': [ 'string', ] } }, 'clientAuthenticationMethod': 'CLIENT_SECRET_BASIC'|'CLIENT_SECRET_POST'|'AWS_IAM_ID_TOKEN_JWT' }, 'googleOauth2ProviderConfig': { 'oauthDiscovery': { 'discoveryUrl': 'string', 'authorizationServerMetadata': { 'issuer': 'string', 'authorizationEndpoint': 'string', 'tokenEndpoint': 'string', 'responseTypes': [ 'string', ], 'tokenEndpointAuthMethods': [ 'string', ] } }, 'clientId': 'string' }, 'githubOauth2ProviderConfig': { 'oauthDiscovery': { 'discoveryUrl': 'string', 'authorizationServerMetadata': { 'issuer': 'string', 'authorizationEndpoint': 'string', 'tokenEndpoint': 'string', 'responseTypes': [ 'string', ], 'tokenEndpointAuthMethods': [ 'string', ] } }, 'clientId': 'string' }, 'slackOauth2ProviderConfig': { 'oauthDiscovery': { 'discoveryUrl': 'string', 'authorizationServerMetadata': { 'issuer': 'string', 'authorizationEndpoint': 'string', 'tokenEndpoint': 'string', 'responseTypes': [ 'string', ], 'tokenEndpointAuthMethods': [ 'string', ] } }, 'clientId': 'string' }, 'salesforceOauth2ProviderConfig': { 'oauthDiscovery': { 'discoveryUrl': 'string', 'authorizationServerMetadata': { 'issuer': 'string', 'authorizationEndpoint': 'string', 'tokenEndpoint': 'string', 'responseTypes': [ 'string', ], 'tokenEndpointAuthMethods': [ 'string', ] } }, 'clientId': 'string' }, 'microsoftOauth2ProviderConfig': { 'oauthDiscovery': { 'discoveryUrl': 'string', 'authorizationServerMetadata': { 'issuer': 'string', 'authorizationEndpoint': 'string', 'tokenEndpoint': 'string', 'responseTypes': [ 'string', ], 'tokenEndpointAuthMethods': [ 'string', ] } }, 'clientId': 'string' }, 'atlassianOauth2ProviderConfig': { 'oauthDiscovery': { 'discoveryUrl': 'string', 'authorizationServerMetadata': { 'issuer': 'string', 'authorizationEndpoint': 'string', 'tokenEndpoint': 'string', 'responseTypes': [ 'string', ], 'tokenEndpointAuthMethods': [ 'string', ] } }, 'clientId': 'string' }, 'linkedinOauth2ProviderConfig': { 'oauthDiscovery': { 'discoveryUrl': 'string', 'authorizationServerMetadata': { 'issuer': 'string', 'authorizationEndpoint': 'string', 'tokenEndpoint': 'string', 'responseTypes': [ 'string', ], 'tokenEndpointAuthMethods': [ 'string', ] } }, 'clientId': 'string' }, 'includedOauth2ProviderConfig': { 'oauthDiscovery': { 'discoveryUrl': 'string', 'authorizationServerMetadata': { 'issuer': 'string', 'authorizationEndpoint': 'string', 'tokenEndpoint': 'string', 'responseTypes': [ 'string', ], 'tokenEndpointAuthMethods': [ 'string', ] } }, 'clientId': 'string' } }, 'status': 'CREATING'|'CREATE_FAILED'|'UPDATING'|'UPDATE_FAILED'|'READY'|'DELETING'|'DELETE_FAILED' }
Response Structure
(dict) –
clientSecretArn (dict) –
The Amazon Resource Name (ARN) of the client secret in AWS Secrets Manager.
secretArn (string) –
The Amazon Resource Name (ARN) of the secret in AWS Secrets Manager.
name (string) –
The name of the OAuth2 credential provider.
credentialProviderArn (string) –
The Amazon Resource Name (ARN) of the OAuth2 credential provider.
callbackUrl (string) –
Callback URL to register on the OAuth2 credential provider as an allowed callback URL. This URL is where the OAuth2 authorization server redirects users after they complete the authorization flow.
oauth2ProviderConfigOutput (dict) –
Contains the output configuration for an OAuth2 provider.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
customOauth2ProviderConfig,googleOauth2ProviderConfig,githubOauth2ProviderConfig,slackOauth2ProviderConfig,salesforceOauth2ProviderConfig,microsoftOauth2ProviderConfig,atlassianOauth2ProviderConfig,linkedinOauth2ProviderConfig,includedOauth2ProviderConfig. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
customOauth2ProviderConfig (dict) –
The output configuration for a custom OAuth2 provider.
oauthDiscovery (dict) –
The OAuth2 discovery information for the custom provider.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
discoveryUrl,authorizationServerMetadata. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
discoveryUrl (string) –
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) –
The authorization server metadata for the OAuth2 provider.
issuer (string) –
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) –
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) –
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) –
The supported response types for the OAuth2 authorization server.
(string) –
tokenEndpointAuthMethods (list) –
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) –
clientId (string) –
The client ID for the custom OAuth2 provider.
privateEndpoint (dict) –
The default private endpoint for the custom OAuth2 provider, enabling secure connectivity through a VPC Lattice resource configuration.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
selfManagedLatticeResource,managedVpcResource. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
selfManagedLatticeResource (dict) –
Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
resourceConfigurationIdentifier. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
resourceConfigurationIdentifier (string) –
The ARN or ID of the VPC Lattice resource configuration.
managedVpcResource (dict) –
Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.
vpcIdentifier (string) –
The ID of the VPC that contains your private resource.
subnetIds (list) –
The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.
(string) –
endpointIpAddressType (string) –
The IP address type for the resource configuration endpoint.
securityGroupIds (list) –
The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.
(string) –
tags (dict) –
Tags to apply to the managed VPC Lattice resource gateway.
(string) –
(string) –
routingDomain (string) –
An intermediate domain to use as the resource configuration endpoint instead of the actual target domain. Use this when you want to route traffic through an intermediate component such as a VPC endpoint or internal load balancer. For more information, see xref:lattice-vpc-egress-routing-domain[Route traffic through an intermediate domain].
privateEndpointOverrides (list) –
The private endpoint overrides for the custom OAuth2 provider configuration.
(dict) –
A mapping of a specific domain to a private endpoint for secure connectivity through a VPC Lattice resource configuration.
domain (string) –
The domain to override with a private endpoint.
privateEndpoint (dict) –
The private endpoint configuration for the specified domain.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
selfManagedLatticeResource,managedVpcResource. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
selfManagedLatticeResource (dict) –
Configuration for connecting to a private resource using a self-managed VPC Lattice resource configuration.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
resourceConfigurationIdentifier. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
resourceConfigurationIdentifier (string) –
The ARN or ID of the VPC Lattice resource configuration.
managedVpcResource (dict) –
Configuration for connecting to a private resource using a managed VPC Lattice resource. The gateway creates and manages the VPC Lattice resources on your behalf.
vpcIdentifier (string) –
The ID of the VPC that contains your private resource.
subnetIds (list) –
The subnet IDs within the VPC where the VPC Lattice resource gateway is placed.
(string) –
endpointIpAddressType (string) –
The IP address type for the resource configuration endpoint.
securityGroupIds (list) –
The security group IDs to associate with the VPC Lattice resource gateway. If not specified, the default security group for the VPC is used.
(string) –
tags (dict) –
Tags to apply to the managed VPC Lattice resource gateway.
(string) –
(string) –
routingDomain (string) –
An intermediate domain to use as the resource configuration endpoint instead of the actual target domain. Use this when you want to route traffic through an intermediate component such as a VPC endpoint or internal load balancer. For more information, see xref:lattice-vpc-egress-routing-domain[Route traffic through an intermediate domain].
onBehalfOfTokenExchangeConfig (dict) –
The configuration for on-behalf-of token exchange.
grantType (string) –
The grant type for the on-behalf-of token exchange.
tokenExchangeGrantTypeConfig (dict) –
Configuration specific to the TOKEN_EXCHANGE grant type (RFC 8693).
actorTokenContent (string) –
The content type for the actor token in the token exchange.
actorTokenScopes (list) –
The scopes for the actor token. Only valid when actorTokenContent is M2M.
(string) –
clientAuthenticationMethod (string) –
The client authentication method used when authenticating with the token endpoint.
googleOauth2ProviderConfig (dict) –
The output configuration for a Google OAuth2 provider.
oauthDiscovery (dict) –
The OAuth2 discovery information for the Google provider.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
discoveryUrl,authorizationServerMetadata. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
discoveryUrl (string) –
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) –
The authorization server metadata for the OAuth2 provider.
issuer (string) –
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) –
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) –
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) –
The supported response types for the OAuth2 authorization server.
(string) –
tokenEndpointAuthMethods (list) –
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) –
clientId (string) –
The client ID for the Google OAuth2 provider.
githubOauth2ProviderConfig (dict) –
The output configuration for a GitHub OAuth2 provider.
oauthDiscovery (dict) –
The OAuth2 discovery information for the GitHub provider.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
discoveryUrl,authorizationServerMetadata. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
discoveryUrl (string) –
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) –
The authorization server metadata for the OAuth2 provider.
issuer (string) –
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) –
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) –
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) –
The supported response types for the OAuth2 authorization server.
(string) –
tokenEndpointAuthMethods (list) –
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) –
clientId (string) –
The client ID for the GitHub OAuth2 provider.
slackOauth2ProviderConfig (dict) –
The output configuration for a Slack OAuth2 provider.
oauthDiscovery (dict) –
The OAuth2 discovery information for the Slack provider.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
discoveryUrl,authorizationServerMetadata. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
discoveryUrl (string) –
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) –
The authorization server metadata for the OAuth2 provider.
issuer (string) –
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) –
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) –
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) –
The supported response types for the OAuth2 authorization server.
(string) –
tokenEndpointAuthMethods (list) –
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) –
clientId (string) –
The client ID for the Slack OAuth2 provider.
salesforceOauth2ProviderConfig (dict) –
The output configuration for a Salesforce OAuth2 provider.
oauthDiscovery (dict) –
The OAuth2 discovery information for the Salesforce provider.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
discoveryUrl,authorizationServerMetadata. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
discoveryUrl (string) –
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) –
The authorization server metadata for the OAuth2 provider.
issuer (string) –
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) –
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) –
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) –
The supported response types for the OAuth2 authorization server.
(string) –
tokenEndpointAuthMethods (list) –
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) –
clientId (string) –
The client ID for the Salesforce OAuth2 provider.
microsoftOauth2ProviderConfig (dict) –
The output configuration for a Microsoft OAuth2 provider.
oauthDiscovery (dict) –
The OAuth2 discovery information for the Microsoft provider.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
discoveryUrl,authorizationServerMetadata. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
discoveryUrl (string) –
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) –
The authorization server metadata for the OAuth2 provider.
issuer (string) –
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) –
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) –
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) –
The supported response types for the OAuth2 authorization server.
(string) –
tokenEndpointAuthMethods (list) –
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) –
clientId (string) –
The client ID for the Microsoft OAuth2 provider.
atlassianOauth2ProviderConfig (dict) –
The configuration details for the Atlassian OAuth2 provider.
oauthDiscovery (dict) –
Contains the discovery information for an OAuth2 provider.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
discoveryUrl,authorizationServerMetadata. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
discoveryUrl (string) –
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) –
The authorization server metadata for the OAuth2 provider.
issuer (string) –
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) –
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) –
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) –
The supported response types for the OAuth2 authorization server.
(string) –
tokenEndpointAuthMethods (list) –
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) –
clientId (string) –
The client ID for the Atlassian OAuth2 provider.
linkedinOauth2ProviderConfig (dict) –
The configuration details for the LinkedIn OAuth2 provider.
oauthDiscovery (dict) –
Contains the discovery information for an OAuth2 provider.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
discoveryUrl,authorizationServerMetadata. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
discoveryUrl (string) –
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) –
The authorization server metadata for the OAuth2 provider.
issuer (string) –
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) –
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) –
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) –
The supported response types for the OAuth2 authorization server.
(string) –
tokenEndpointAuthMethods (list) –
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) –
clientId (string) –
The client ID for the LinkedIn OAuth2 provider.
includedOauth2ProviderConfig (dict) –
The configuration for a non-custom OAuth2 provider. This includes the configuration details for supported OAuth2 providers that have built-in integration support.
oauthDiscovery (dict) –
Contains the discovery information for an OAuth2 provider.
Note
This is a Tagged Union structure. Only one of the following top level keys will be set:
discoveryUrl,authorizationServerMetadata. If a client receives an unknown member it will setSDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure ofSDK_UNKNOWN_MEMBERis as follows:'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
discoveryUrl (string) –
The discovery URL for the OAuth2 provider.
authorizationServerMetadata (dict) –
The authorization server metadata for the OAuth2 provider.
issuer (string) –
The issuer URL for the OAuth2 authorization server.
authorizationEndpoint (string) –
The authorization endpoint URL for the OAuth2 authorization server.
tokenEndpoint (string) –
The token endpoint URL for the OAuth2 authorization server.
responseTypes (list) –
The supported response types for the OAuth2 authorization server.
(string) –
tokenEndpointAuthMethods (list) –
The authentication methods supported by the token endpoint. This specifies how clients can authenticate when requesting tokens from the authorization server.
(string) –
clientId (string) –
The client ID for the supported OAuth2 provider.
status (string) –
The current status of the OAuth2 credential provider.
Exceptions
BedrockAgentCoreControl.Client.exceptions.ServiceQuotaExceededExceptionBedrockAgentCoreControl.Client.exceptions.UnauthorizedExceptionBedrockAgentCoreControl.Client.exceptions.ResourceLimitExceededExceptionBedrockAgentCoreControl.Client.exceptions.ValidationExceptionBedrockAgentCoreControl.Client.exceptions.ConflictExceptionBedrockAgentCoreControl.Client.exceptions.AccessDeniedExceptionBedrockAgentCoreControl.Client.exceptions.DecryptionFailureBedrockAgentCoreControl.Client.exceptions.ResourceNotFoundExceptionBedrockAgentCoreControl.Client.exceptions.ThrottlingExceptionBedrockAgentCoreControl.Client.exceptions.InternalServerExceptionBedrockAgentCoreControl.Client.exceptions.EncryptionFailure